Privacy Policy

Last updated: 18 Apr 2026

CloudSec TbV ("CloudSec:TbV", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it.

1. Data We Collect

We collect the following information when you sign up for or use our service:

  • Contact name and email address
  • Company name
  • AWS Account ID and IAM role name (provided during onboarding)
  • AWS regions you specify for scanning
  • Payment information (processed by Stripe — we do not store card details)

2. How We Use Your Data

We use your data solely to provide the CloudSec:TbV service:

  • To perform automated security scans of your AWS account on your plan's schedule (monthly for Startup, weekly for Growth and Compliance)
  • To generate and email your PDF security posture report
  • To process subscription payments via Stripe
  • To communicate with you about your account or service updates

We process your personal data on the following legal bases under UK GDPR:

  • Contract performance (Article 6(1)(b)) — the majority of processing is necessary to perform the subscription contract you have entered into with us. This includes using your contact details, AWS Account ID, IAM role name, and region list to carry out security scans and deliver your PDF report; and sharing your payment details with Stripe to process subscription charges.
  • Legitimate interests (Article 6(1)(f)) — we may process your contact details to notify you of material changes to this policy, service updates, or issues affecting your account. We have assessed that our interest in communicating with active customers does not override your privacy rights.

3. AWS Access

CloudSec:TbV accesses your AWS account using cross-account IAM role assumption. We do not store AWS credentials. The read-only IAM role you provide is used exclusively to perform security checks. You may revoke access at any time by deleting or modifying the IAM role in your AWS account.

4. Third Parties

We share data with the following third-party service providers only as necessary to operate the service:

  • Stripe — Payment processing. Stripe's privacy policy applies to payment data.
  • Amazon Web Services (AWS SES) — Email delivery of your PDF security report. AWS processes your email address solely to deliver emails on our behalf.

We do not sell your personal data to any third party.

5. Data Retention

Operational data — including your AWS Account ID, IAM role name, regions, scan results, and any integration credentials (Slack, Jira) — is deleted within 30 days of cancellation.

Billing and transaction records — including your name, company name, email address, and payment history — are retained for 6 years to comply with our legal obligations under UK tax law, after which they are permanently deleted.

6. Your Rights

Under UK GDPR you have the right to access, correct, or delete your personal data. To exercise any of these rights, contact us at hello@cloudtbv.com.

7. Cookies

This website does not use tracking cookies or analytics scripts. Stripe may set cookies on their hosted payment pages; their cookie policy applies to those pages.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active customers of material changes by email.

9. Contact

CloudSec:TbV
hello@cloudtbv.com