Account Information

When you create an account, we collect your name, email address, company name, and billing information. This information is necessary to provide our services and communicate with you about your account.

Cloud Cost Data

To provide our FinOps services, we collect cloud cost and usage data from your connected cloud providers (AWS, Azure, Google Cloud, and others). This includes billing data, resource metadata, and usage metrics. We do not access your cloud workloads, customer data, or application content.

Usage Data and Cookies

We automatically collect information about how you interact with our platform, including pages visited, features used, and actions taken. We use cookies and similar technologies for authentication, preferences, and analytics. You can manage cookie preferences through our cookie consent mechanism.

We use your information to: provide and improve our cloud cost management services; generate cost reports, budgets, and optimization recommendations; send important service notifications and updates; process payments and manage your subscription; respond to your inquiries and provide customer support; analyze usage patterns to enhance our platform; comply with legal obligations and enforce our terms of service. We do not sell your personal information to third parties.

We may share your information with: service providers who assist in operating our platform (hosting, payment processing, analytics); professional advisors such as lawyers and accountants when required; law enforcement or government authorities when legally obligated; potential acquirers in the event of a merger, acquisition, or sale of assets. All third-party service providers are contractually bound to protect your data and use it only for specified purposes.

We retain your personal information for as long as your account is active or as needed to provide services. Cloud cost data is retained according to your subscription plan, typically up to 24 months of historical data. After account deletion, we retain minimal data as required by law or for legitimate business purposes (such as fraud prevention) for up to 7 years. You can request data export or deletion at any time.

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data under certain circumstances.
• Right to Data Portability: Receive your data in a structured, commonly used format for transfer to another service.
• Right to Object: Object to processing of your data for direct marketing or based on legitimate interests.

We use essential cookies for authentication and security, and optional analytics cookies to understand how visitors use our website. You can manage your cookie preferences at any time through the cookie consent banner or your browser settings. Essential cookies cannot be disabled as they are necessary for the website to function properly. For detailed information about specific cookies we use, please refer to our cookie consent settings.

We implement industry-standard security measures to protect your data, including: encryption of data in transit (TLS 1.3) and at rest (AES-256); secure cloud infrastructure with SOC 2 compliant providers; regular security audits and penetration testing; role-based access controls and audit logging; multi-factor authentication for user accounts. While we strive to protect your information, no method of transmission over the Internet is 100% secure. We promptly notify affected users of any data breaches as required by law.

Costflare operates globally and may transfer your data to countries outside your residence. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and compliance with the EU-U.S. Data Privacy Framework where applicable. Our primary data processing occurs within the European Union.

Our services are designed for business use and are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of our services after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about our data practices, please contact our Data Protection Officer at: