Legal

Privacy, Terms & GDPR

Last updated: April 2026  ยท  Effective immediately

Privacy Policy

FinOpsMind ("we", "us", "our") is committed to protecting your personal data. This policy explains what information we collect, how we use it, and your rights under applicable data protection law including the UK GDPR and EU GDPR.

Summary: We collect only what we need to run the service. We don't sell your data. We don't use it for advertising. You can request deletion at any time.

Data We Collect

Account Information

When you sign up, we collect your email address and, optionally, your name and company. This is used solely to operate your account.

Cloud Cost Data

When you connect your cloud accounts, FinOpsMind reads cost and usage data via read-only API access (AWS Cost Explorer API, Azure Cost Management API, GCP Cloud Billing API). We do not access your application data, source code, databases, or any resource content โ€” only billing and resource metadata.

Usage Data

We collect standard web application logs including page views, feature usage, and error reports. This is used to improve the product and diagnose issues.

Communications

If you contact us or sign up for early access, we store your email address to respond and keep you informed about relevant product updates. You can unsubscribe at any time.

How We Use Your Data

  • To provide and operate the FinOpsMind service
  • To generate cost anomaly alerts, forecasts, and recommendations
  • To send you service notifications and product updates you've opted into
  • To improve the accuracy of our ML models (using anonymised, aggregated data only)
  • To comply with legal obligations

We do not use your data for advertising, profiling, or any purpose unrelated to operating the service.

Sharing Your Data

We do not sell, rent, or trade your personal data. We share data only in these limited circumstances:

  • Infrastructure providers: AWS (hosting, compute), which are bound by their own data processing agreements
  • AI processing: Anonymised query data may be processed by Anthropic's Claude API for the agentic AI features. No personally identifiable information is included in these requests
  • Legal requirements: If required by law or to protect our legal rights

Security

Cloud credentials and sensitive configuration are encrypted at rest using AES-256-GCM. Data in transit is encrypted using TLS 1.3. Access to production systems is restricted and logged. We conduct regular security reviews.

If you become aware of a security vulnerability, please contact us at hello@finopsmind.cloud before disclosing publicly.

Data Retention

We retain account data for the duration of your subscription plus 90 days after cancellation. Cost and usage data is retained according to your plan's data retention limit (30, 90, or unlimited days). You can request immediate deletion of all your data at any time by contacting us.

Your Rights

Under UK and EU GDPR, you have the right to:

  • Access โ€” request a copy of all personal data we hold about you
  • Rectification โ€” correct inaccurate data
  • Erasure โ€” request deletion of your personal data
  • Portability โ€” receive your data in a machine-readable format
  • Objection โ€” object to processing based on legitimate interests
  • Restriction โ€” request we limit processing of your data

To exercise any of these rights, email hello@finopsmind.cloud. We will respond within 30 days.

Terms of Service

By using FinOpsMind, you agree to these terms. Please read them carefully.

Acceptable Use

You may use FinOpsMind to analyse and optimise cloud costs for your own accounts or accounts you are authorised to manage. You must not:

  • Use the service to access cloud accounts without authorisation
  • Attempt to reverse-engineer or circumvent security measures
  • Use the service in violation of any applicable law
  • Resell or sublicense the service without written permission

FinOpsMind operates with read-only access to your cloud billing data by default. Any write access (for automated remediation features) is granted explicitly by you and can be revoked at any time.

Liability

FinOpsMind provides recommendations and automated actions based on analysis of your cloud infrastructure. While we take care to ensure accuracy, you are responsible for reviewing and validating any changes applied to your infrastructure.

Automated remediation actions (Tier 1 and Tier 2) are applied within the permission boundaries you explicitly configure. Tier 3 actions require your explicit approval before execution.

To the maximum extent permitted by law, FinOpsMind's liability for any claim arising from use of the service is limited to the fees paid in the three months preceding the claim.

We reserve the right to update these terms. Material changes will be notified by email at least 30 days in advance.

GDPR Compliance

FinOpsMind is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

Legal Basis for Processing

  • Contract performance: Processing necessary to provide the service you have subscribed to
  • Legitimate interests: Service improvement, security monitoring, fraud prevention
  • Consent: Marketing communications, where we rely on your explicit consent

Data Transfers

FinOpsMind is hosted on AWS infrastructure in the EU (eu-west-1, Ireland). Where data is processed outside the UK/EU (for example, by Anthropic's API), we ensure appropriate safeguards are in place under Standard Contractual Clauses or equivalent mechanisms.

Data Protection Officer

For GDPR enquiries, contact us at hello@finopsmind.cloud. We will acknowledge your request within 72 hours and respond fully within 30 days.

Right to Lodge a Complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk (UK) or your local supervisory authority (EU).