The Short Version: Your data stays with you. CertifyClouds runs entirely in your Azure environment. We don't access your secrets, credentials, or scanned data. The only communication with our servers is license validation.
1. Information We DO NOT Collect
CertifyClouds is designed with privacy in mind. We do NOT collect or have access to:
- Your Azure Key Vault secret values
- Your Azure credentials or tokens
- Your secret names or metadata
- Your compliance scan results
- Your audit logs
- Any data from your Azure environment
All CertifyClouds data is stored locally in your PostgreSQL database within your environment.
2. Information We DO Collect
License Validation
When CertifyClouds validates your license, we receive:
| Data | Purpose | Retention |
|---|---|---|
| License key | Verify valid license | Permanent (in our database) |
| Timestamp | Track validation requests | 90 days |
| IP address | Security and abuse prevention | 90 days |
Optional: Update Checks
If update checking is enabled, we receive:
| Data | Purpose | Retention |
|---|---|---|
| Current version | Determine if update available | Not stored |
| IP address | Route response | Not stored |
Update checks can be disabled by removing network access to updates.certifyclouds.com.
3. How We Use Information
We use the limited information we collect to:
- Validate your license is active and not expired
- Prevent license key sharing or abuse
- Provide version update notifications
- Improve our service (aggregate, anonymized usage)
We do NOT use your information to:
- Sell to third parties
- Send marketing communications (unless you opt in)
- Profile your Azure environment
- Track your secret management practices
4. Data Storage and Security
License Server
Our license validation server (license.certifyclouds.com) is:
- Hosted on Cloudflare's global edge network
- Protected by DDoS mitigation
- Encrypted in transit (TLS 1.3)
- Minimal data retention (90 days for logs)
Your Environment
All CertifyClouds application data is stored in your environment:
- PostgreSQL database (you control)
- Docker volumes (you control)
- Log files (you control)
We have no access to your environment or data.
5. Data Sharing
We do not sell, rent, or share your information with third parties except:
- Service Providers: Cloudflare (hosting) - see their privacy policy
- Legal Requirements: If required by law, subpoena, or legal process
- Business Transfer: In connection with a merger or acquisition (with notice)
6. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access: Know what data we have about you
- Correction: Fix inaccurate data
- Deletion: Request deletion of your data
- Portability: Receive your data in portable format
- Objection: Object to certain processing
To exercise these rights, contact: privacy@certifyclouds.com
7. Data Retention
| Data Type | Retention Period |
|---|---|
| License records | Duration of license + 1 year |
| Validation logs | 90 days |
| Support communications | 2 years |
| Legal/compliance records | As required by law |
8. International Transfers
Our license server is hosted on Cloudflare's global network. Your license validation request may be processed in various countries. Cloudflare maintains appropriate safeguards for international data transfers.
9. Children's Privacy
CertifyClouds is a business software product. We do not knowingly collect information from children under 16. If you believe a child has provided information to us, contact privacy@certifyclouds.com.
10. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted at:
- https://certifyclouds.com/privacy
- In the
docs/PRIVACY_POLICY.mdfile in the software
Continued use after changes constitutes acceptance.
11. Contact Us
For privacy questions or concerns:
- Email: privacy@certifyclouds.com
- Website: https://certifyclouds.com
Summary
| Question | Answer |
|---|---|
| Do you see my secrets? | No |
| Do you store my Azure data? | No |
| What do you collect? | License key, IP (for validation only) |
| Can I use this offline? | Yes, with cached license (7-day grace) |
| Who has access to my scans? | Only you |
By using CertifyClouds, you acknowledge that you have read and understood this Privacy Policy.