Privacy
What CloudFix collects, what we don't, and how we handle your data.
Data We Collect
Account Information
- Name and email address
- Company name
- Billing information (processed via AWS Marketplace)
AWS Account Metadata
- AWS account ID
- Service configuration data (read-only)
- Resource metadata (instance types, configurations, tags)
- Cost and Usage Report data
Usage Data
- Feature usage within CloudFix dashboard
- Fix history and approval records
- Savings reports generated
Data We Don't Collect
CloudFix never has access to your AWS credentials or application data. We use IAM role assumption with read-only permissions.
⛔ No AWS Credentials
No secret keys, access keys, or passwords are ever stored or transmitted to CloudFix. Access is via IAM role assumption only.
⛔ No Application Data
No application content, databases, logs, or payloads from your AWS environments are accessed. Only resource metadata and cost data.
⛔ No PII from AWS
No personally identifiable information from your AWS accounts is collected. CloudFix reads infrastructure configuration, not user data.
Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of subscription |
| AWS Cost & Usage Report data | Analyzed in-memory, not stored long-term |
| Deleted account data | Purged within 30 days |
| Audit logs | Retained for 1 year |
| Fix execution history | Duration of subscription + 30 days |
Third-Party Sub-Processors
CloudFix uses a minimal set of sub-processors. We do not sell data to third parties.
| Provider | Purpose | Data Location |
|---|---|---|
| AWS | Infrastructure provider, Marketplace billing, IAM role assumption | US-East (us-east-1) |
| Cloudflare | CDN, DNS, DDoS protection | Global edge network |
| PostHog | Product analytics | US |
| Kayako | Customer support platform | US |
We will notify customers at least 30 days before adding any new sub-processor.