AutoRed.ai ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
1. Information We Collect
1.1 Information You Provide
| Data Type | Examples | Purpose |
|---|
| Account Information | Name, email address, company name | Account creation and communication |
| Payment Information | Billing address, payment method details | Subscription billing (processed by third-party payment processor) |
| Cloud Credentials | API keys, IAM role ARNs, service account tokens | Authorized cloud infrastructure scanning |
| Support Communications | Emails, chat messages, support tickets | Customer support and service improvement |
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, scan frequency, and interaction patterns
- Device Information: Browser type, operating system, IP address, and device identifiers
- Scan Results: Cloud infrastructure configuration data, vulnerability findings, and compliance assessment results generated during security scans
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the AutoRed.ai platform
- Process subscriptions and payments
- Perform authorized security assessments of your cloud infrastructure
- Generate security reports, compliance dashboards, and remediation recommendations
- Communicate with you about your account, service updates, and security alerts
- Respond to your support requests
- Improve our AI models and detection capabilities (using aggregated, anonymized data only)
- Comply with legal obligations
3. How We Share Your Information
We do not sell your personal information. We may share information in the following circumstances:
- Payment Processors: We use third-party payment processors to handle billing. They receive only the information necessary to process your payment.
- Cloud Providers: We interact with your cloud provider APIs (AWS, GCP, Azure) using credentials you provide, solely to perform authorized security assessments.
- Legal Requirements: We may disclose information if required by law, regulation, legal process, or government request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
4. Data Security
We implement industry-standard security measures to protect your information:
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Cloud credentials are stored using encrypted secrets management
- Access to customer data is restricted to authorized personnel on a need-to-know basis
- Regular security assessments of our own infrastructure
- Audit logging of all access to customer data
5. Data Retention
- Account Data: Retained for the duration of your account plus 30 days after account deletion
- Scan Results: Retained for 12 months or until you request deletion, whichever comes first
- Cloud Credentials: Deleted immediately upon disconnection of a cloud environment or account termination
- Payment Records: Retained as required by applicable tax and financial regulations
- Aggregated/Anonymized Data: May be retained indefinitely for service improvement
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data, subject to legal retention requirements
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing of your data for certain purposes
- Withdrawal of Consent: Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at flashoop@gmail.com. We will respond within 30 days.
7. Regional Privacy Compliance
7.1 Singapore PDPA
For users in Singapore, we comply with the Personal Data Protection Act 2012 (PDPA).
7.2 Malaysia PDPA
For users in Malaysia, we comply with the Personal Data Protection Act 2010.
7.3 GDPR (European Users)
If you are located in the European Economic Area, we process your personal data under the lawful bases of contract performance, legitimate interest, and consent.
8. Cookies and Tracking
Our website may use cookies and similar technologies to:
- Maintain your session and authentication state
- Remember your preferences
- Analyze website usage and performance
9. Third-Party Links
Our Service may contain links to third-party websites (e.g., GitHub, LinkedIn). We are not responsible for the privacy practices of these external sites.
10. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website at least 30 days before the changes take effect.
12. Contact Us
If you have questions or concerns about this Privacy Policy, contact us at: