Privacy Policy

Last updated: April 13, 2026

1. Introduction

KloudHub ("we", "us", "our") operates the KloudHub platform at kloudhub.io and the KloudHub MCP server at mcp.kloudhub.io. This privacy policy explains what data we collect, how we use it, and your rights regarding that data.

By using KloudHub, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name and email address through our authentication provider (Clerk). If you sign in via a third-party provider (e.g., Google, GitHub), we receive the profile information you authorize.

2.2 Cloud Account Connections

When you connect an AWS account, we store the AWS account ID, account name, and region. AWS access credentials are encrypted at rest and used solely to perform operations you explicitly request (scans, deployments, shell provisioning). We never store credentials in plaintext.

2.3 API Keys

API keys generated for MCP or API access are stored as irreversible SHA-256 hashes. The raw key is shown once at creation and never stored or retrievable after that. OAuth tokens issued during the MCP connector flow are API keys created on your behalf and appear in your account settings.

2.4 Infrastructure Data

When you use KloudHub features, we process and store:

  • Terraform blueprints (Klouds) you create or generate
  • Deployment records, status, and Terraform logs
  • Cloud resource scan results (resource types, names, regions, costs)
  • Waste detection findings and KloudPilot analysis results
  • Shell metadata (name, status, timestamps)

This data is stored in our database (Supabase) and object storage (AWS S3), both hosted in AWS infrastructure.

2.5 Automatically Collected Data

We collect standard server logs including IP addresses, request timestamps, and HTTP headers for security monitoring and abuse prevention. We do not use third-party analytics or advertising trackers.

3. How We Use Your Data

We use your data exclusively to:

  • Provide and operate KloudHub services you request
  • Authenticate your identity and authorize access to your resources
  • Execute cloud operations on your behalf (scans, deployments, analysis)
  • Display your infrastructure data, costs, and recommendations
  • Send transactional notifications (deployment status, analysis completion)
  • Maintain security and prevent abuse

We do not use your data for advertising, profiling, or selling to third parties. We do not train AI models on your infrastructure data, cloud configurations, or analysis results.

4. MCP and AI Client Access

KloudHub provides an MCP (Model Context Protocol) server that allows AI clients such as Claude, ChatGPT, and others to interact with your cloud infrastructure on your behalf.

When using KloudHub through an MCP client:

  • Authentication uses OAuth 2.0 with PKCE or API keys. No credentials are transmitted in URLs.
  • The MCP server returns only operational data: resource names, costs, analysis results, deployment status, and shell metadata.
  • AWS credentials, session tokens, SSH keys, and secrets are never accessible through MCP tools.
  • All tool calls are authenticated and scoped to your account. No cross-account data access is possible.

5. Data Sharing

We do not sell, rent, or share your personal data or infrastructure data with third parties for marketing or advertising purposes.

We share data only with:

  • Clerk (authentication provider) for account sign-in and session management
  • Supabase (database provider) for data storage, hosted on AWS infrastructure
  • AWS for object storage (S3), AI processing (Bedrock), and infrastructure operations on your behalf

These providers process data under contractual obligations and do not use your data for their own purposes. We may also disclose data if required by law or to protect against fraud or security threats.

6. Data Retention

  • Account data is retained for as long as your account is active. Upon account deletion, your data is removed within 30 days.
  • Infrastructure data (scans, analyses, deployments) is retained until you delete it or close your account.
  • API keys are revocable at any time. Revoked keys are soft-deleted (marked inactive) and fully purged within 90 days.
  • OAuth authorization codes expire after 10 minutes and are automatically cleaned up.
  • Server logs are retained for up to 90 days for security purposes.

7. Data Security

  • All data in transit is encrypted using TLS/HTTPS
  • AWS credentials are encrypted at rest
  • API keys are stored as SHA-256 hashes, never in plaintext
  • OAuth uses PKCE (Proof Key for Code Exchange) to prevent token interception
  • Database access uses row-level security policies scoped to your account
  • Persistent shells run in isolated Docker containers with credentials zeroed after startup

8. Your Rights

You have the right to:

  • Access your personal data and infrastructure data through the KloudHub dashboard
  • Delete your account and all associated data
  • Revoke API keys and OAuth connections at any time from Settings
  • Disconnect cloud accounts, which stops all access to your AWS resources
  • Export your data by contacting us at the address below

If you are in the EEA, UK, or Switzerland, you additionally have the right to rectification, restriction of processing, data portability, and to lodge a complaint with your local data protection authority.

9. Cookies

We use essential cookies for authentication and session management (provided by Clerk). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. Children's Privacy

KloudHub is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via email or through the KloudHub dashboard. Continued use of KloudHub after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or your data, contact us at:

Email: [email protected]
Website: kloudhub.io