Privacy Policy

1. Introduction

CloudSavvy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud cost optimization platform and services.

This policy is drafted in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and contact information (email address, phone number)
• Company name and business information
• Account credentials (encrypted)
• Billing and payment information
• Cloud provider credentials (securely encrypted)

2.2 Usage Information

We automatically collect:

• Log data (IP address, browser type, access times)
• Device information
• Usage patterns and analytics
• Cloud resource and cost data from connected accounts

2.3 Sensitive Personal Data

As defined under Indian law, we may process sensitive personal data including financial information and passwords. Such data is collected only with your explicit consent and is protected using industry-standard encryption.

3. Purpose of Data Collection

We use your information for the following purposes:

• To provide and maintain our cloud cost optimization services
• To analyze your cloud spending and provide recommendations
• To process payments and manage your subscription
• To communicate with you about service updates and support
• To improve our services and develop new features
• To comply with legal obligations
• To detect and prevent fraud or security incidents

4. Legal Basis for Processing (DPDP Act Compliance)

Under the Digital Personal Data Protection Act, 2023, we process your data based on:

• Consent: Where you have given explicit consent for processing
• Contractual Necessity: Where processing is necessary to fulfill our service agreement
• Legal Obligation: Where processing is required by law
• Legitimate Uses: As permitted under the DPDP Act for specified purposes

5. Data Sharing and Disclosure

We may share your information with:

• Cloud Providers: To fetch cost and resource data (AWS, Azure, GCP)
• Payment Processors: To process subscription payments securely
• Service Providers: Third-party vendors who assist in our operations
• Legal Authorities: When required by law or legal process

We do not sell your personal information to third parties. Any data sharing with third parties is governed by appropriate data processing agreements.

6. Data Security

We implement reasonable security practices as required under the IT Rules, 2011, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Secure credential storage using industry-standard encryption
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Typically:

• Account data: Retained while your account is active and for 3 years after closure
• Cost and usage data: Retained for up to 3 years for analytics purposes
• Payment records: Retained as required by applicable tax laws (typically 7 years)
• Log data: Retained for up to 1 year for security purposes

8. Your Rights Under Indian Law

Under the DPDP Act, 2023, you have the following rights:

• Right to Access: Request information about your personal data we hold
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal requirements)
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Grievance Redressal: Lodge complaints regarding data handling
• Right to Nominate: Nominate another person to exercise your rights

To exercise these rights, please contact our Grievance Officer using the contact details below.

9. Cross-Border Data Transfers

Your data may be transferred to and processed in countries outside India where our cloud infrastructure providers operate. We ensure that such transfers comply with applicable Indian laws and that adequate safeguards are in place to protect your data.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have appointed a Grievance Officer to address any concerns regarding data processing:

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: