Privacy Policy
How we handle your data
Privacy Policy
Effective Date: February 24, 2026
On this page
- What We Collect
- How We Use It
- Who We Share It With
- Data Retention
- Your Rights
- Regional privacy requests
- Cookies
- Changes
- Contact
What We Collect
Account info: Email (required), name and company (optional), password (hashed). Billing handled by DodoPayments — we don't store card details.
AWS infrastructure data: Account ID, IAM Role ARN, External ID, resource metadata exposed by the roles you connect, CloudWatch metrics, Cost Explorer data, and optional role-specific metadata such as S3 bucket inventory, IAM listings, or tag inventory.
We do NOT collect: S3 object contents, database data, EC2 filesystem contents, or AWS secret values. CloudWatch Logs are only queried when the optional logs-diagnostics role is enabled, and only derived findings are stored.
Usage data: Login timestamps, IP addresses, feature usage, API logs.
How We Use It
- Provide the service (scanning, recommendations, notifications)
- Authentication and billing
- Support and troubleshooting
- Product improvement and security monitoring
- Marketing emails (opt-out available)
Who We Share It With
We don't sell your data. We share only with these vendors:
| Vendor | Purpose |
|---|---|
| Supabase | Database & auth |
| DodoPayments | Payments |
| Railway.app | API hosting |
| Vercel | Frontend |
| AWS | Infrastructure |
| OpenAI / Anthropic / Google | Optional AI feature providers |
All vendors are contractually required to protect your data.
Data Retention
| Data | Retention |
|---|---|
| Account info | Until account deletion |
| Scan results | 7 days (Free), 90 days (Growth), 1 year (Scale), custom (Enterprise) |
| Billing records | 7 years (tax compliance) |
| Support tickets | 3 years |
| Audit logs | 1 year |
Your Rights
- Access/export: Download your data in JSON/CSV
- Delete: Request deletion — processed within 30 days
- Opt-out: Unsubscribe from marketing emails anytime
To exercise any right: support@opscurb.com
Regional privacy requests
If you are subject to regional privacy laws (including EU or California frameworks), email support@opscurb.com with your request details. We will review and process requests in line with applicable obligations and our service capabilities.
Cookies
Essential cookies (auth, security, preferences) and basic analytics. You can disable cookies in your browser settings, though some features may break.
Changes
We'll notify you of significant changes via email and in-app notifications.
Contact
support@opscurb.com · Data Controller: OpsCurb, Inc.
Version: 1.0 · Effective: February 24, 2026