Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect information provided through Google OAuth:

• Email address
• Name
• Profile picture

AWS Infrastructure Data

When you connect your AWS accounts, we collect metadata about your infrastructure resources, including:

• Resource configurations (EC2, RDS, Lambda, etc.)
• Network topology (VPCs, subnets, security groups)
• Service relationships and dependencies

Important: We do NOT collect or store:

• AWS access keys or secret keys
• Database contents or application data
• Secrets, passwords, or environment variables
• S3 bucket contents

Usage Data

We automatically collect information about how you use the Service:

• Scans performed and diagrams generated
• Features used and pages visited
• Device and browser information
• IP address and general location

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service
• Generate infrastructure diagrams and documentation
• Process your subscription and payments
• Send service-related communications
• Respond to your inquiries and support requests
• Improve and optimize the Service
• Detect and prevent fraud or abuse

We do not sell your personal information or use your infrastructure data for advertising purposes.

3. Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure located in the United States.

Security Measures

• All data is encrypted at rest using AES-256 encryption
• All data in transit is encrypted using TLS 1.3
• Access to production systems is restricted and logged
• Regular security audits and penetration testing

AWS Credentials

We use AWS STS (Security Token Service) to obtain temporary credentials when scanning your infrastructure. We never store your long-term AWS credentials. Access can be revoked at any time by removing the IAM role from your AWS account.

4. Third-Party Services

We use the following third-party services to operate fegura:

Google OAuth

For authentication. Google receives your email to verify your identity. See Google's Privacy Policy.

Payment Processor

For payment processing. Our payment processor receives your email and payment information to process subscriptions.

Amazon Web Services

For hosting and infrastructure. See AWS Privacy Policy.

AI/LLM Provider

For diagram generation. We send infrastructure metadata (resource types and relationships) to our AI provider for analysis. No personally identifiable information (PII) is included in these requests.

5. Data Retention

6. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your account and associated data
• Export: Download your diagrams and data in standard formats
• Objection: Object to certain processing of your personal data

To exercise these rights, please contact us at hello@fegura.ai. We will respond within 30 days.

7. Cookies

We use essential cookies only to maintain your session and authentication state. We do not use tracking cookies, advertising cookies, or third-party analytics that track you across websites.

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

hello@fegura.ai