1.Who we are
CloudJaeger (“CloudJaeger”, “we”, “us”) provides a cloud cost optimization and FinOps advisory platform. This policy explains what data we collect, why, how we use it, who we share it with, and the choices you have. It covers cloudjaeger.com and the CloudJaeger application.
For privacy questions or to exercise any right below, contact privacy@cloudjaeger.com.
2.Data we collect
We collect three categories of data:
- Account data — your name, email, hashed password (or SSO identity), workspace/ organization, and role. Used to authenticate you and scope access.
- Connected-cloud data — when you connect a cloud account, we read (read-only) your billing/cost data (AWS Cost Explorer and, if you enable it, Cost and Usage Report line items), resource inventory metadata (EC2/EBS/RDS/NAT/etc. configuration, tags, attachment state), and CloudWatch utilization metrics. We do not read your application data, object-storage contents, database contents, or secrets.
- Usage data — product analytics and diagnostic/error telemetry (e.g. pages used, API latency, error traces) to operate and improve the service.
You may also optionally upload a billing CSV or push SaaS/LLM/Kubernetes spend to our ingest endpoints; that data is treated as connected-cloud data above.
3.How we access your cloud account
We connect via a read-only, cross-account IAM role that you create in your own cloud account from our CloudFormation or Terraform template. The role is protected by a unique external ID. We never ask for, store, or use your root credentials, access keys, or console password. You can revoke our access at any time by deleting the role, and you can disconnect from within the app.
Every API call we make against your account is recorded in an audit log that you can review, so you always know exactly what we did and when.
4.What we send to LLM subprocessors
This is the part most customers ask about, so we are explicit. CloudJaeger uses a large language model (LLM) for one narrow purpose: writing the plain-English explanation attached to a recommendation, and powering optional natural-language cost questions you choose to ask.
- The LLM never decides anything. Every recommendation is produced by a deterministic engine. The LLM only describes a decision already made; it cannot create, modify, or approve a recommendation.
- What we send: a compact, already-validated summary — resource type, region, the proposed change, estimated savings, and risk factors. For natural-language questions, we send the aggregated figures needed to answer your question.
- What we never send: your cloud credentials or role ARN, raw CUR/billing line items, full resource inventory, account identifiers beyond what is needed, or any secret.
- Our LLM providers are contractually bound not to train their models on data submitted through their APIs. See Subprocessors for the current list.
5.How we use data
We use data to: operate and secure the service; produce and explain recommendations; track outcomes (applied / rejected / realized savings) so recommendations improve; provide support; comply with law; and, only with your separate opt-in consent, generate anonymized cross-customer benchmarks. We do not sell your data or share it with cloud vendors for referral fees.
6.Subprocessors
We use a small set of vetted subprocessors to run the service (hosting, LLM, billing, error tracking). The current list, their location, and purpose are maintained at /subprocessors. We will give notice of material changes to that list.
7.Retention & deletion
We keep connected-cloud data only as long as needed to provide the service. What happens on deletion depends on how it is initiated:
- Self-serve deletion is immediate and permanent. When you disconnect a cloud account, delete a workspace, or delete your account from within the app, the associated data is deleted right away with no recovery window — export your data first if you need a copy.
- Support-initiated deletions have a 30-day grace window. If you ask us to remove an account or workspace, we deactivate it immediately and an operator permanently purges it after a 30-day grace window (a manual operator step — nothing is deleted automatically, and you can ask us to cancel within the window).
- Workspace audit logs — including the acting user’s email address and IP address — are retained for the life of the workspace for security and audit purposes, and are deleted together with the workspace.
You can request immediate deletion by emailing privacy@cloudjaeger.com.
8.Security
Data is encrypted in transit (TLS) and at rest. Stored cloud credentials/role references are encrypted at the application layer. Access is least-privilege and scoped per organization. We run on AWS in the EU (eu-central-1) for the current beta.
9.Your rights
Depending on your location (e.g. GDPR for the EU/EEA, CCPA/CPRA for California), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these, contact privacy@cloudjaeger.com. EU customers can also enter into our Data Processing Agreement.
10.International transfers
Some subprocessors are located in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the EU Standard Contractual Clauses. See the DPA for details.
11.Changes to this policy
We may update this policy as the product evolves. Material changes will be communicated in-app or by email. The “last updated” date above always reflects the current version.
