Privacy Policy

What We Collect

What We Do NOT Collect or Store

• Cloud credentials — AWS access keys, Azure service principals, and GCP service accounts are provided per-operation and discarded after use. They are never written to our database.
• Your application code or data — AskArchie manages infrastructure resources only. We do not read, copy, or access data inside your cloud resources.
• Passwords — Authentication is fully delegated to Google OAuth (and soon Microsoft Azure AD). No passwords are stored.

Where Data is Stored

• All platform data is stored in AWS DynamoDB in the us-east-1 region.
• Data is encrypted at rest (AES-256, AWS-managed keys) and in transit (TLS 1.2+).
• Pulumi infrastructure state files are stored in AWS S3 with tenant-isolated paths and versioning enabled.

Data Isolation

Every record in our database includes a tenant identifier. Data is isolated between organizations at the application and database layer. No API endpoint returns data across tenants. Your organization's data is only accessible to members of your organization.

Third-Party Sharing

We do not sell, share, or provide your data to third parties. The only external services involved in the platform are:

• Google OAuth — for authentication (name, email, profile picture)
• AWS — infrastructure hosting (DynamoDB, S3, Lambda, CloudFront)
• Slack — optional notifications to your configured channels (you control which events are sent)

Data Retention

• Audit logs are retained indefinitely (configurable TTL available).
• Deployment history is retained for the lifetime of the stack.
• Session data expires after 30 days of inactivity.

Your Rights

• You can export your audit logs at any time (JSON or CSV) from the admin panel.
• You can request deletion of your account and associated data by contacting us.
• Organization owners can remove members and manage data access within their tenant.

Contact

Privacy questions? Contact us at security@askarchie.io