Privacy Policy

1. Introduction

KubeOpera ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-native infrastructure management platform and services (collectively, the "Services").

This Privacy Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By using our Services, you consent to the data practices described in this policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

• Account Information: Name, email address, company name, phone number, and password
• Payment Information: Billing address, payment card details (processed securely through third-party payment processors)
• Profile Information: Job title, department, preferences, and settings
• Communications: Information you provide when contacting support or communicating with us
• Feedback: Survey responses, reviews, and other feedback you choose to provide

2.2 Automatically Collected Information

When you use our Services, we automatically collect:

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Server logs, error reports, and diagnostic information
• Cookies and Tracking: Information collected through cookies and similar technologies
• Performance Metrics: Cluster performance data, resource utilization, and system health metrics

2.3 Information from Third Parties

We may receive information from:

• Cloud service providers (AWS, Azure, GCP) when you integrate their services
• Authentication providers (OAuth, SSO providers)
• Analytics and monitoring services
• Marketing and advertising partners

3. How We Use Your Information

We use collected information for the following purposes:

• Service Provision: Provide, maintain, and improve our Services
• Account Management: Create and manage your account
• Communication: Send service updates, security alerts, and support messages
• Personalization: Customize your experience and provide relevant content
• Analytics: Analyze usage patterns and improve service performance
• Security: Detect, prevent, and address fraud, security issues, and technical problems
• Compliance: Comply with legal obligations and enforce our Terms of Service
• Marketing: Send promotional materials (with your consent where required)
• Research: Conduct research and development to improve our Services

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

• Contract Performance: Processing necessary to provide Services you've requested
• Legitimate Interests: Our legitimate business interests in improving Services
• Consent: Where you have given explicit consent
• Legal Obligation: Compliance with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

Third-party vendors who perform services on our behalf:

• Cloud hosting providers
• Payment processors
• Analytics services
• Customer support tools
• Email service providers

5.2 Business Transfers

In connection with any merger, sale, acquisition, or transfer of all or a portion of our business, your information may be transferred to the acquiring entity.

5.3 Legal Requirements

When required by law or to:

• Comply with legal process or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or security issues

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures
• SOC 2 Type II and ISO 27001 compliance

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Retention periods vary based on:

• Account data: Duration of active account plus 90 days after closure
• Transaction records: 7 years for tax and accounting purposes
• Marketing data: Until you unsubscribe or withdraw consent
• Log data: 12 months for security and troubleshooting

8. Your Rights

Depending on your location, you have the following rights:

8.1 GDPR Rights (EEA Users)

• Access: Request access to your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request restriction of processing
• Portability: Receive your data in a portable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time

8.2 CCPA Rights (California Users)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@kubeopera.io. We will respond within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for service functionality
• Analytics Cookies: Understand usage patterns
• Preference Cookies: Remember your settings
• Marketing Cookies: Deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect service functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all service providers
• Compliance with Privacy Shield principles (where applicable)
• Adequacy decisions for transfers to countries with adequate protection

11. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@kubeopera.io.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our Services. The "Last Updated" date at the top indicates when the policy was last revised. Continued use of our Services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices: