Privacy Policy

1. Who We Are

Autonops Labs, Inc. (“Autonops,” “we,” “us”) operates the InfraIQ platform, including the CLI tools, web dashboard at app.autonops.io, marketing site at autonops.io, and related APIs. Our mailing address is 2000 County Road B2 W, Saint Paul, MN 55113. For privacy questions, contact us at support@autonops.io.

2. Information We Collect

Account Information

When you sign up for InfraIQ or request beta access, we collect your name, work email address, and optionally your company name. This information is used to create your account, issue license keys, and communicate with you about the Service.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers, bank account details, or other sensitive payment information on our servers. Stripe’s privacy practices are governed by their Privacy Policy. We receive from Stripe: transaction confirmations, subscription status, and billing contact information.

Usage and Telemetry Data

If telemetry is enabled, the CLI sends anonymous usage data including: which commands are run, execution duration, tool version, operating system, and general error information. Telemetry never includes your cloud credentials, infrastructure configurations, scan results, source code, or any data processed by the tools.

License and Activation Data

When you activate a license, we store a hashed installation identifier, your license tier, and activation timestamp. This is used solely to enforce license terms and track active installations.

Website Analytics and Cookies

We use Google Analytics to understand how visitors use our website. Google Analytics uses cookies (small text files stored on your device) to collect data such as pages visited, referral source, browser type, and approximate location. This data is aggregated and does not personally identify individual visitors. Analytics cookies are only placed after you provide consent via our cookie banner. You can decline cookies at any time, and the site will function normally without them.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process payments and manage subscriptions
• Issue and validate license keys
• Send transactional communications (account confirmation, billing receipts, security alerts)
• Provide customer support
• Understand how our tools are used to prioritize development
• Detect and prevent abuse or unauthorized use

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

4. Data That Stays Local

The following data never leaves your machine unless you explicitly opt in using the --sync flag:

• Cloud provider credentials (AWS, GCP, Azure, Heroku tokens)
• Infrastructure scan results and configurations
• Generated Terraform, Kubernetes, and Docker files
• Database connection strings and schema information
• Source code analyzed by Tessera
• Compliance evidence and audit reports
• Secret discovery results from SecureIQ

5. Opting Out of Telemetry

Telemetry is enabled by default to help us improve the product. You can disable it at any time:

When telemetry is disabled, no usage data is sent to our servers. License validation still requires periodic communication with our license server.

6. Third-Party Services

We use the following third-party services that may process your data:

• Google Analytics — Website analytics (cookie-based, requires consent)
• Stripe — Payment processing
• Google Cloud Platform — Infrastructure hosting for our APIs and license server
• Vercel — Dashboard and website hosting
• Formspree — Beta signup form submissions

Each of these providers has their own privacy policies. We select providers that maintain industry-standard security practices.

7. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS), encrypted storage for sensitive data, and access controls on our infrastructure. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain account information for as long as your account is active or as needed to provide the Service. If you cancel your subscription, we retain your account data for 90 days in case you wish to reactivate. After that period, we delete or anonymize your personal information. Telemetry data is retained in aggregate form and is not linked to individual accounts.

9. Your Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Export your data in a portable format
• Opt out of telemetry data collection
• Manage cookie preferences (accept or decline via the cookie banner, or clear cookies in your browser settings)

To exercise any of these rights, contact us at support@autonops.io. We will respond within 30 days.

10. Children’s Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, contact us at support@autonops.io.