CloudFinOps Logo
CloudFinOps

Privacy Policy

DPDP Act 2023 (India)GDPR (EU)CCPA (USA)

Effective Date: January 1, 2026

CloudFinOps ("we", "us") acts as a Data Processor on behalf of our customers. This policy outlines how we collect, process, and secure data in compliance with the Digital Personal Data Protection Act (2023) and global privacy standards.

1. Data We Collect

1.1 Service Data (Metadata)

To provide our FinOps services, we collect technical metadata from your cloud environment (AWS/Azure). This includes:

  • Resource Configurations (e.g., Instance Types, Volume Sizes).
  • Utilization Metrics (e.g., CPU, Memory, I/O).
  • Billing Tags and Cost Allocation Data.

Crucial Limitation: We DO NOT collect or access your proprietary source code, database contents, or object storage files (S3/Blob).

1.2 Account Data

We collect contact details (Name, Work Email, Billing Address) to manage your subscription and billing.

2. Subprocessors

We utilize the following third-party subprocessors to provide our service. We have entered into Data Processing Agreements (DPAs) with each:

  • Amazon Web Services (AWS): Cloud Infrastructure Hosting (Region: India/Global).
  • Google Firebase: Authentication & Database services.
  • Stripe / Razorpay: PCI-DSS compliant payment processing.
  • Sentry: Error tracking and performance monitoring.

3. Data Sovereignty & International Transfers

For Indian customers, all sensitive financial data and metadata is processed within India in compliance with RBI guidelines. For global customers, data may be transferred to AWS regions relevant to the service delivery, protected by Standard Contractual Clauses (SCCs).

4. Data Retention

We retain Audit Logs for a period of 30 days to allow for historical analysis. After this period, data is automatically deleted. Account Data is retained for as long as your account is active, plus 7 years for tax compliance purposes.

5. Security Measures

We implement defense-in-depth security measures, including:

  • Encryption: AES-256 for data at rest; TLS 1.3 for data in transit.
  • Access Control: Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for our staff.
  • Vulnerability Management: Regular automated scanning of our infrastructure.

6. Your Rights (Data Subject Rights)

Under applicable laws (GDPR, DPDP), you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate data.
  • Deletion: Request erasure of your data ("Right to be Forgotten").
  • Portability: Receive your data in a structured format.

To exercise these rights, email our Data Protection Officer (DPO) at sambhav@cloudfinops.solutions.

7. Cookie Policy

We use the following cookies:

  • Essential Cookies: Required for login and security (Session Tokens).
  • Analytics Cookies: We use aggregated, anonymized analytics to improve platform performance. You may opt-out via your browser settings.

8. Grievance Redressal

In accordance with the Information Technology Act 2000 and Rules made thereunder, the contact details of the Grievance Officer are provided below:

Name: Sambhav Pal

Email: sambhav@cloudfinops.solutions

Address: CloudFinOps HQ, Zirakpur, Punjab, India.