Legal

Privacy Policy

We are committed to protecting your data and being transparent about how we use it.

Effective date: 12 May 2026

Overview

This Privacy Policy describes how Aezona Cloud Solutions (“Aezona”, “we”, “us”, or “our”) collects, uses, stores, and shares information about you when you use our website, products, and services — including Aezona AIops, Aezona Guard, Aezona IaC UI, CostLens, our customer support portal, and the Aevi AI assistant.

We operate as a business-to-business (B2B) cloud managed services and software provider. Most of the personal information we process belongs to employees, engineers, and administrators of our enterprise customers, not to individual consumers. We take that responsibility seriously.

By accessing or using any Aezona service you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of our services.

Information We Collect

1. Account & Registration Data

When you or your organisation creates an account on any Aezona platform, we collect:

  • Full name and business email address
  • Company name and job title
  • Phone number (optional)
  • Password (stored as a bcrypt hash — we never store plaintext passwords)
  • Billing and invoicing contact details

2. Cloud Environment Data

To deliver our managed cloud services (Multi-Cloud Support, AIops, Guard, IaC UI, CostLens, and related services), we may access data from your connected cloud environments. This may include:

  • Cloud resource metadata (instance types, configurations, tags, regions)
  • Cost and billing data from AWS, Azure, and Google Cloud
  • Security alerts, audit logs, and compliance findings
  • Infrastructure state files (Terraform) when using Aezona IaC UI
  • Performance and availability metrics

This data is accessed only under the scope of permissions you explicitly grant via your cloud provider's IAM or role-based access controls. We operate on the principle of least privilege and use short-lived, scoped credentials wherever possible.

3. Support Interactions

When you use the Aezona support portal or contact us for help, we collect:

  • Support case details, descriptions, priority, and status
  • Messages and replies in case threads (including internal staff notes)
  • Files, logs, and screenshots you attach to cases
  • Live chat transcripts (when live chat is enabled on your plan)
  • Satisfaction ratings and feedback

4. Usage & Technical Data

We automatically collect certain technical information when you interact with our platforms:

  • IP address and approximate geolocation (country/city level)
  • Browser type, operating system, and device identifiers
  • Pages visited, features used, and session duration
  • Referring URLs and navigation paths
  • API request logs (endpoint, timestamp, response code)

5. Communications

If you contact us by email, fill in a consultation form, or respond to an outreach, we retain those communications and any personal information contained within them.

How We Use Information

We use the information we collect for the following purposes:

Service Delivery

  • Provisioning and managing your Aezona account and product subscriptions
  • Connecting to your cloud environments to perform managed services
  • Processing and responding to support cases and live chat sessions
  • Executing automation tasks, runbooks, and infrastructure changes you authorise
  • Generating cost reports, security findings, and performance insights

Security & Compliance

  • Detecting, investigating, and responding to security incidents
  • Maintaining audit trails of all actions performed in your cloud on your behalf
  • Verifying identity and preventing unauthorised access
  • Meeting our obligations under SOC 2 Type II, ISO 27001, GDPR, and HIPAA frameworks

Product Improvement

  • Analysing aggregated, anonymised usage patterns to improve our products
  • Testing and debugging new features and platform updates
  • Training and improving our internal AI models using only anonymised data — never your identifiable personal or cloud data

Communications

  • Sending transactional emails (account verification, password reset, case updates)
  • Notifying you of planned maintenance windows or service incidents
  • Sharing product updates and feature announcements (you may opt out at any time)

Legal & Contractual Obligations

  • Enforcing our Terms of Service and other agreements
  • Responding to lawful requests from public authorities
  • Resolving disputes and preventing fraud

Data Sharing

We do not sell your personal information. We do not share your data with third parties for their own marketing purposes. We share data only in the following limited circumstances:

Service Providers

We engage trusted third-party processors to help operate our platforms. Each is bound by data processing agreements and may only use data to perform services for us:

  • Neon (database hosting — PostgreSQL)
  • Vercel (application hosting and deployment infrastructure)
  • Resend / Microsoft 365 (transactional email delivery)
  • Anthropic (AI inference — powers the Aevi AI assistant; see AI section)
  • Datadog, PagerDuty (monitoring and alerting integrations, where contracted)

Cloud Providers

When we connect to your cloud environment to deliver services, the relevant cloud provider (AWS, Microsoft Azure, Google Cloud Platform) will process data in accordance with your existing agreement with them.

Legal Requirements

We may disclose information if required to do so by law, regulation, court order, or in response to a valid request from a governmental authority. We will notify you of such requests where legally permitted to do so.

Business Transfers

If Aezona undergoes a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will provide notice and you will have the opportunity to opt out where required by applicable law.

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, and to comply with legal, regulatory, and contractual obligations.

Retention Periods

  • Account data — retained for the duration of your contract, plus 90 days after termination to allow for account recovery. Deleted on request after that period.
  • Support cases and chat transcripts — retained for 3 years to support warranty claims and service reviews.
  • Cloud action audit logs — retained for 7 years to satisfy financial, security, and compliance audit requirements.
  • Usage and analytics data — retained for 2 years in identifiable form; retained indefinitely in aggregated, anonymised form.
  • Email communications — retained for 3 years.
  • Billing and invoice records — retained for 7 years to comply with tax and accounting regulations.

When the applicable retention period expires, data is securely deleted or irreversibly anonymised. You may request early deletion subject to legal hold requirements — see Your Rights below.

Security

We implement layered technical and organisational security controls aligned with our SOC 2 Type II and ISO 27001 certifications. These include:

Technical Controls

  • Encryption in transit using TLS 1.2+ on all connections
  • Encryption at rest for all database storage
  • Short-lived, scoped credentials for all cloud provider API access
  • Role-based access control (RBAC) with principle of least privilege across all internal systems
  • Multi-factor authentication enforced for all Aezona staff accessing customer environments
  • JWT-based authentication with short expiry windows for all customer sessions
  • Regular penetration testing and vulnerability scanning

Operational Controls

  • Background checks for all staff with access to customer data
  • Security awareness training conducted quarterly
  • All cloud actions performed on your behalf are logged with user identity, timestamp, and before/after state
  • No action is executed in your cloud environment without your explicit authorisation
  • Incident response plan with defined escalation paths and customer notification SLAs

Despite our controls, no system is completely immune to security risks. In the event of a breach affecting your data, we will notify you in accordance with applicable law and our contractual obligations.

AI & Automated Processing

Aezona uses artificial intelligence in several of its products and services. We are committed to responsible and transparent AI use.

Aevi AI Assistant

The Aevi AI assistant, available on our website and in the customer support portal, is powered by Claude (developed by Anthropic, PBC). When you interact with Aevi:

  • Your messages are sent to Anthropic's API for processing. Anthropic's data processing terms apply.
  • We do not use your Aevi conversations to train Anthropic's models.
  • Conversation context is held in memory for the duration of the session only — we do not permanently store full chat histories unless you submit a support case.
  • Aevi may be instructed to escalate to a human engineer when your query requires it. At that point, the conversation may be reviewed by Aezona support staff.

Aezona AIops & Guard

Our AIops and Guard products use AI to analyse operational and security data from your cloud environments:

  • All AI-driven recommendations are surfaced to you for review before any action is taken — no automated changes occur without your explicit approval.
  • AI models operate on your cloud telemetry data within the scope you grant. This data is never used to train shared or third-party models.
  • Every AI-recommended action that is approved and executed is logged in an immutable audit trail.

No Automated Decision-Making With Legal Effect

We do not use automated processing to make decisions that produce legal effects concerning individuals. All significant decisions are reviewed by qualified human staff.

Cookies

We use cookies and similar tracking technologies on our website and applications. You can control cookie preferences through your browser settings or our cookie banner.

Essential Cookies

These cookies are required for core functionality and cannot be disabled:

  • Session authentication tokens (JWT stored as HTTP-only cookies)
  • CSRF protection tokens
  • User preference storage (e.g. dashboard settings)

Analytics Cookies

Used to understand how visitors interact with our website (page views, navigation paths, feature usage). Data is aggregated and anonymised. You may opt out via our cookie banner.

Functional Cookies

Used to remember your preferences across sessions (e.g. language, theme). These are not strictly required but enhance your experience.

We do not use advertising or cross-site tracking cookies. We do not share cookie data with advertising networks.

International Data Transfers

Aezona is headquartered in the United States. If you access our services from the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, your information may be transferred to and processed in the United States and other countries.

We ensure that all international transfers are protected by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA
  • International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom
  • Data Processing Agreements with all sub-processors that include equivalent transfer mechanisms

Our sub-processors (Neon, Vercel, Anthropic, Resend) are US-based entities that participate in recognised transfer frameworks or are covered by SCCs.

Your Rights

Depending on your location, you may have the following rights regarding your personal data. We honour these rights regardless of where you are based, subject to applicable law and legitimate legal holds.

Rights Under GDPR (EEA / UK)

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure (‘right to be forgotten’) — request deletion of your data, subject to legal retention requirements
  • Right to restriction — request that we limit processing of your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making — not be subject to solely automated decisions with significant effects
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time

Rights Under CCPA (California)

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (subject to exceptions)
  • Right to opt out of the sale or sharing of personal information (we do not sell data)
  • Right to non-discrimination for exercising your privacy rights

How to Exercise Your Rights

Submit a request by emailing privacy@aezona.com with the subject line “Privacy Rights Request”. We will verify your identity and respond within 30 days (or sooner where required by law). There is no charge for reasonable requests.

If you are in the EEA or UK and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA in the EEA).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Company

Aezona Cloud Solutions

Address

7610 N Stemmons Fwy # 460, Dallas, TX 75247, United States

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a prominent notice on our website at least 14 days before the changes take effect. The “Effective date” at the top of this page reflects when the current version was last revised. Continued use of our services after the effective date constitutes acceptance of the updated policy.