Security & Privacy

How we handle your data

We know you're trusting us with access to your infrastructure. Here's exactly what we do — and don't do — with your credentials and data.

🔑

Credentials

  • Credentials are used in-memory only during the diagnostic
  • We never write credentials to disk, database, or logs
  • We never transmit credentials to third parties
  • Credentials are discarded immediately after the diagnostic completes
  • We recommend using temporary credentials (STS tokens) with the minimum required permissions
🎭

Data masking before AI analysis

  • Resource identifiers (instance IDs, bucket names, account IDs) are replaced with placeholders before AI analysis
  • IAM usernames and emails are masked
  • IP addresses are replaced with subnet patterns
  • The AI model receives anonymized data patterns — never your actual identifiers
  • Original identifiers are restored in the report after AI analysis completes
🗄️

What we store

  • Your account email and authentication info (for login)
  • Diagnostic results (the report content) — so you can view history
  • Usage counts (for rate limiting on free tier)
  • We do NOT store: credentials, raw cloud data, or personal data beyond what's listed above
📋

Access permissions we request

  • AWS: ReadOnlyAccess policy (or equivalent) — no write permissions
  • GCP: roles/viewer — no write permissions
  • Azure: Reader role — no write permissions
  • We never request permissions to create, modify, or delete resources
🔗

Third parties

  • OpenAI / Claude API: receives anonymized/masked diagnostic data for AI analysis
  • Stripe: handles payment processing — we never see your full card number
  • Vercel: hosts our frontend
  • We do not sell or share your data with advertisers or data brokers

Questions about security?

Contact us at security@rmms.cloud