Privacy Policy

Last updated: February 2026

1. Data We Collect

When you use Cloud Iceberg, we collect:

  • Profile information: name, email address, and Azure Object ID (via Microsoft OAuth)
  • Azure resource metadata: resource names, types, SKUs, locations, and configuration details
  • Cost data: resource pricing and usage metrics from Azure
  • Audit results: optimization recommendations and estimated savings

2. How We Use Your Data

Your data is used exclusively to:

  • Analyze your Azure resources and identify cost optimization opportunities
  • Generate savings recommendations and audit reports
  • Send scheduled audit notifications (if you opt in)
  • Improve the Service and its recommendations

We do not sell, rent, or share your data with third parties for marketing purposes.

3. Data Storage & Security

All data is stored and processed in Sweden (EU):

  • Database hosted on MongoDB Atlas (Stockholm region)
  • Backend servers hosted on Fly.io (Stockholm region)
  • Authentication tokens are encrypted at rest using AES-256
  • All connections use TLS/HTTPS encryption in transit

4. Third-Party Services

We use the following third-party services to operate Cloud Iceberg:

  • Microsoft Azure: authentication and resource data access
  • Stripe: payment processing (we do not store your payment card details)
  • Mailgun: transactional email delivery (audit notifications)
  • PostHog (EU): anonymous product analytics

5. Data Retention & Deletion

You can delete your data at any time from your Account page. When you request deletion:

  • Your personal information (name, email) is removed
  • All detailed audit reports are permanently deleted
  • Stored refresh tokens are deleted
  • Anonymized aggregate statistics (scan counts, resource counts) are retained

6. Cookies

Cloud Iceberg uses a single session cookie (session_id) to maintain your authenticated session. This cookie is:

  • HttpOnly and Secure (not accessible via JavaScript)
  • Expires after 24 hours
  • Essential for the Service to function (no cookie consent banner required)

7. Your Rights (GDPR)

As a data subject under the General Data Protection Regulation, you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate personal data
  • Erasure: delete your personal data (via Account page or by contacting us)
  • Portability: receive your data in a structured format
  • Objection: object to processing of your personal data
  • Withdraw consent: revoke Azure access at any time via your Microsoft account

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of the Service after changes constitutes acceptance of the revised policy.

9. Contact

For privacy-related questions or to exercise your GDPR rights, contact us at contact@cloudiceberg.com.

We use cookies for analytics (PostHog) to improve the product. No advertising, no third-party tracking. Privacy Policy