We store data.
We have to.
Here's exactly what, for how long, and what it's used for. No dark patterns. No buried clauses.
- 01 — What we collect
- 02 — Where we store it
- 03 — How long
- 04 — What we never touch
- 05 — AWS access
- 06 — Your rights
- 07 — Contact
01What we collect
Scan input: Your IAM Role ARN, ExternalId, and organization name. These are needed to perform the scan and label the report.
Evidence data: AWS API responses collected during the scan — IAM configuration, CloudTrail trail settings, S3 bucket metadata, VPC configuration, and similar infrastructure metadata. This is never your application data, customer data, or secret values. It is the AWS control plane describing how your account is configured.
Report content: The AI-generated analysis, findings, gap scores, and remediation recommendations derived from the evidence.
Edits: If you mark findings as resolved or edit finding text in the workspace, those edits are stored server-side so they persist across sessions.
02Where we store it
All data is stored in Cloudflare's infrastructure: Cloudflare D1 (SQLite database at the edge) for scan metadata, evidence, and report content; Cloudflare R2 (object storage) for pre-generated HTML and JSON report files.
Cloudflare's data center locations are governed by their privacy terms. We do not have a separate data processing agreement to offer at this pilot stage. If that's a blocker for your organization, contact us before scanning.
We do not use any third-party analytics platform, session replay tool, or advertising network. The only third party involved in processing a paid report is Stripe (payment processing) and Anthropic (Claude API for analysis).
03How long
| Data type | Retention |
|---|---|
| Raw evidence data | 30 days from scan date, then automatic deletion |
| Generated report (HTML + JSON) | 30 days from generation, then automatic deletion |
| Scan metadata (org name, ARN, scores) | 30 days, then automatic deletion |
| Finding edits / resolved marks | 30 days, deleted with scan |
| Payment records | As required by Stripe and tax regulations (typically 7 years) |
You can delete your scan data instantly using the "Delete all my scan data" button on your scan page. No email required. If you've lost access to the scan page, email mehta.arja@northeastern.edu with your scan ID.
04What we never touch
- Application data — database contents, S3 object contents, file contents of any kind
- Customer data — anything your application stores about your users
- Secret values — Secrets Manager secret values, SSM Parameter Store values, environment variables
- Code — no repository access, no Lambda function code, no container images
- Financial data — billing records, cost data, payment methods
The CloudFormation template we provide explicitly denies access to secret values and grants only read permissions on configuration metadata. You can inspect the template before deploying it.
05AWS access
Access is via STS AssumeRole with your ExternalId. Credentials are session-scoped (1 hour TTL) and never stored. The Worker assumes the role, runs the scan, and the session expires. There is no mechanism for us to access your account again without you providing a new ExternalId.
The IAM role our CloudFormation deploys is scoped to SecurityAudit + ReadOnlyAccess managed policies, with an explicit Deny on any action that could access secret values. You can delete the role after receiving your report — it is not required to persist.
All API calls use TLS 1.3. We sign requests with SigV4.
06Your rights
- Access: Email us with your scan ID and we'll provide a full export of your stored data.
- Deletion: Email us with your scan ID for early deletion. Data auto-deletes at 30 days regardless.
- Correction: If your org name or other metadata is wrong, we can correct it.
- Portability: The JSON report package is a complete export of your scan data. Download it from the workspace.
We do not sell data. We do not share data with third parties except Stripe (payment) and Anthropic (AI analysis), both of which are necessary to operate the service.
07Contact
Questions, deletion requests, or anything unclear: Book a meeting. Response within 48 hours on weekdays.