GOVERNANCE & TRUST
Privacy Policy
Effective date: 22 June 2026 · Costframe may update this policy from time to time.
1. Introduction
Costframe, Inc. (“Costframe”, “we”, “us”, or “our”) respects your privacy. This policy describes how we collect, use, and handle data when you use our website, services, and cloud auditing platforms.
Costframe provides read-only cloud cost analysis and related reporting. Our system acts as an analysis engine, helping organizations safely monitor, understand, and reduce cloud infrastructure spending.
2. Data We Collect & Connect
We collect account credentials, professional contact information, and billing/utilization metadata from your designated cloud environments:
- Account Data: Standard identification fields including name, email address, and verified organization names provided during Clerk-managed onboarding.
- Read-Only Cloud Metadata: Resource configurations, pricing SKUs, scheduling profiles, subscription identifiers, and performance metrics (CPU, memory, storage utilization levels).
3. Structural Read-Only Guarantees
Costframe connects to your cloud providers with strictly read-only authorization (using scopes such as Reader and Cost Management Reader).
We do not seek, request, or use write, delete, or management permissions. Costframe never modifies, writes, deletes, or manages your underlying cloud resources, workloads, or deployments.
4. How We Handle & Share Data
We utilize collected metadata to generate cloud cost optimization recommendations, render technical cost reports, and maintain platform health.
Costframe does not sell customer data. We do not sell or monetize personal or organization-specific details to third-party advertisers. Metadata is processed securely to serve your organization.
5. Credential Security & Encryption
Your cloud credentials and secrets are encrypted using industry-standard AES-256-GCM encryption and are not shown back in the dashboard after setup.
Data isolation is structurally enforced. Database queries partition data by verified Clerk organization identifiers to ensure strict tenant isolation, with row-level security (RLS) policies acting as a database-level safeguard.
6. Policy Updates
Costframe may update this policy from time to time. Any changes will be posted directly to this page with an updated effective date.
Contact Us
For privacy, security, DPA, or data-processing questions, contact us at legal@costframe.co.