Legal

Privacy Policy

Effective date: May 12, 2026

1. Introduction

InfraWatch ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our infrastructure monitoring service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

We collect information in the following categories:

Account Information

When you create an account, we collect your name, email address, and authentication identifiers provided by our OAuth provider. We do not store passwords.

Infrastructure Credentials

To perform health checks on your behalf, you may provide third-party API keys and credentials (such as AWS IAM keys and MongoDB Atlas API keys). These are encrypted at rest using AES-256-GCM and are used solely to execute the monitoring checks you configure.

Health Check Data

We store the results of health checks performed on your configured environments, including check status, response times, error messages, and timestamps. This data is used to display your dashboard and incident history.

Knowledge Base Documents

If you use the Agent add-on, you may upload documents (runbooks, SOPs, architecture notes). These are stored and processed to generate text embeddings used for AI-assisted triage. Document content is not shared with other users.

Usage and Technical Data

We collect server-side error logs via Sentry (a third-party error monitoring service) to diagnose and fix bugs. These logs may include request metadata but are configured to exclude credential fields. We also collect standard server access logs.

3. How We Use Your Information

We use the information we collect to: (a) provide, operate, and maintain the Service; (b) execute health checks against your configured infrastructure; (c) send alert notifications via email, Slack, PagerDuty, or Microsoft Teams as configured by you; (d) process payments through Stripe; (e) diagnose and fix technical issues; (f) respond to your support requests; and (g) improve the Service.

We do not sell your personal information to third parties. We do not use your infrastructure credentials, health check data, or knowledge base documents for any purpose other than providing the Service to you.

4. AI Features and Data Processing

The Detect & Propose and Talk to Infrawatcher AI Agent features send infrastructure check results and, where applicable, relevant excerpts from your knowledge base documents to Anthropic's Claude API to generate diagnostic responses. This data is transmitted to Anthropic under their API terms of service and data processing agreement. Anthropic does not use API inputs to train their models by default. We recommend reviewing Anthropic's Privacy Policy for details.

5. Data Sharing and Disclosure

We share your information only in the following circumstances:

  • Stripe: Payment processing. Your payment card details are transmitted directly to Stripe and are not stored by us.
  • Anthropic: AI inference for Detect & Propose and Agent features. Only check result data and knowledge base excerpts are sent.
  • Sentry: Error monitoring. Server-side error logs are sent to Sentry with credential fields redacted.
  • Alert channels: When you configure Slack, PagerDuty, or Microsoft Teams alerts, check failure data is sent to those services via your configured webhook URLs.
  • Legal requirements: We may disclose your information if required by law, court order, or governmental authority.

6. Data Retention

We retain health check results and incident history for the duration of your subscription plus 90 days after cancellation. Account information is retained until you request deletion. Knowledge base documents are deleted when you remove them or when your account is deleted. You may request deletion of your data at any time by contacting us.

7. Security

We implement industry-standard security measures including AES-256-GCM encryption for stored credentials, HTTPS for all data in transit, per-user rate limiting to prevent abuse, and server-side error monitoring with credential field redaction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to: access the personal information we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; and data portability. To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use a single session cookie to maintain your authenticated session. This cookie is strictly necessary for the Service to function and does not track you across other websites. We do not use advertising cookies or third-party tracking pixels.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

11. International Data Transfers

InfraWatch operates in the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date and, where appropriate, by email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].