The Short Version: Your data stays with you. CertifyClouds runs entirely in your Azure environment. We don't access your secrets, credentials, or scanned data. The only communication with our servers is license validation.
1. Information We DO NOT Collect
CertifyClouds is designed with privacy in mind. We do NOT collect or have access to:
- Your Azure Key Vault secret values
- Your Azure credentials or tokens
- Your secret names or metadata
- Your compliance scan results
- Your audit logs
- Any data from your Azure environment
All CertifyClouds data is stored locally in your PostgreSQL database within your environment.
2. Information We DO Collect
License Validation
When CertifyClouds validates your license, we receive:
| Data | Purpose | Retention |
|---|---|---|
| License key | Verify valid license | Permanent (in our database) |
| Timestamp | Track validation requests | 90 days |
| IP address | Security and abuse prevention | 90 days |
Optional: Update Checks
If update checking is enabled, we receive:
| Data | Purpose | Retention |
|---|---|---|
| Current version | Determine if update available | Not stored |
| IP address | Route response | Not stored |
Update checks can be disabled by removing network access to updates.certifyclouds.com.
3. How We Use Information
We use the limited information we collect to:
- Validate your license is active and not expired
- Prevent license key sharing or abuse
- Provide version update notifications
- Improve our service (aggregate, anonymized usage)
We do NOT use your information to:
- Sell to third parties
- Send marketing communications (unless you opt in)
- Profile your Azure environment
- Track your secret management practices
4. Data Storage and Security
License Server
Our license validation server (license.certifyclouds.com) is:
- Hosted on Cloudflare's global edge network
- Protected by DDoS mitigation
- Encrypted in transit (TLS 1.3)
- Minimal data retention (90 days for logs)
Your Environment
All CertifyClouds application data is stored in your environment:
- PostgreSQL database (you control)
- Docker volumes (you control)
- Log files (you control)
We have no access to your environment or data.
5. Data Sharing
We do not sell, rent, or share your information with third parties except:
- Service Providers: Cloudflare (hosting) - see their privacy policy
- Legal Requirements: If required by law, subpoena, or legal process
- Business Transfer: In connection with a merger or acquisition (with notice)
6. Website Analytics and Visitor Identification
Important: This section applies only to our marketing website (certifyclouds.com). The CertifyClouds application deployed in your Azure environment contains no third-party tracking scripts.
Our marketing website uses visitor identification tools to understand how visitors interact with our site and to identify potential business customers.
RB2B
We use RB2B (rb2b.com) for B2B visitor identification. This service may collect:
- Company information (matched from IP address)
- Pages visited and time on site
- Professional profile information (via LinkedIn matching)
This data is used solely for legitimate B2B marketing purposes. RB2B's privacy policy is available at rb2b.com/privacy-policy.
Opting Out
You can opt out of visitor identification tracking by:
- Using a browser privacy extension that blocks third-party scripts
- Contacting us at privacy@certifyclouds.com to request removal from our marketing lists
Note: Analytics tracking applies only to our marketing website, not to the CertifyClouds application deployed in your environment.
7. Your Rights (GDPR/UK GDPR)
Depending on your jurisdiction, you may have rights to:
- Access: Know what data we have about you
- Correction: Fix inaccurate data
- Deletion: Request deletion of your data
- Portability: Receive your data in portable format
- Objection: Object to certain processing
To exercise these rights, contact: privacy@certifyclouds.com
8. Data Retention
| Data Type | Retention Period |
|---|---|
| License records | Duration of license + 1 year |
| Validation logs | 90 days |
| Support communications | 2 years |
| Legal/compliance records | As required by law |
9. International Transfers
Our license server is hosted on Cloudflare's global network. Your license validation request may be processed in various countries. Cloudflare maintains appropriate safeguards for international data transfers.
10. Children's Privacy
CertifyClouds is a business software product. We do not knowingly collect information from children under 16. If you believe a child has provided information to us, contact privacy@certifyclouds.com.
11. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted at:
- https://certifyclouds.com/privacy
- In the
docs/PRIVACY_POLICY.mdfile in the software
Continued use after changes constitutes acceptance.
12. Contact Us
For privacy questions or concerns:
- Email: privacy@certifyclouds.com
- Website: https://certifyclouds.com
Summary
| Question | Answer |
|---|---|
| Do you see my secrets? | No |
| Do you store my Azure data? | No |
| What do you collect? | License key, IP (for validation only) |
| Can I use this offline? | Yes, with cached license (7-day grace) |
| Who has access to my scans? | Only you |
By using CertifyClouds, you acknowledge that you have read and understood this Privacy Policy.