Privacy Policy

ClowdOps is a product of Flashback Corporation ("Flashback", "we", "us", or "our"), a company incorporated in the United States. We operate the ClowdOps platform at clowdops.ai and platform.clowdops.ai (the "Service").

This Privacy Policy explains how we collect, use, and protect information about you when you use the Service. By using ClowdOps you agree to the practices described here.

Account information

When you create an account we collect your name, email address, and optionally your company name. If you authenticate via SSO or SAML, we receive identity attributes from your identity provider.

Usage and interaction data

• Chat messages you send to the agent and the agent's replies
• Tool calls executed during a run, including the commands issued and their outputs
• Metadata about runs: timestamps, duration, token usage, exit status
• Resource inventory records the agent discovers in your cloud environments
• Schedules and their configuration

Technical and log data

• IP addresses and browser/device type when you access the Service
• HTTP request logs retained for security and abuse-prevention purposes
• Application error and performance telemetry

Billing data

Payment card details are handled directly by our payment processor (Stripe). We store only tokenized references and high-level transaction records.

ClowdOps is a bring-your-own-credentials platform. You provide API keys, access tokens, or service-account credentials for your cloud providers, AI model providers, and notification services. These credentials are:

• Encrypted at rest using industry-standard symmetric encryption. The plaintext value is never stored.
• Never displayed after initial entry — not in the UI, not in logs, not in run transcripts.
• Decrypted only in memory inside the isolated sandbox container immediately before a tool call, and discarded once the call completes.
• Scoped to your account. No ClowdOps employee or system can use your credentials outside of executing your agent runs.

You are responsible for the scope and permissions of the credentials you provide. We recommend following the principle of least privilege when creating cloud access roles for ClowdOps.

ClowdOps can route agent conversations to third-party large language model (LLM) providers, including Anthropic, OpenAI, Google Gemini, and AWS Bedrock (collectively, "AI Providers"). When a run executes:

• The conversation context — including your messages and prior tool outputs — is sent to the selected AI Provider to generate the agent's next action.
• This data is transmitted under our service agreements with each AI Provider and subject to their respective privacy and data-handling policies.
• We recommend reviewing the data-processing terms of whichever AI Provider you configure for your sandbox.

You may provide your own AI Provider API keys, in which case requests count against your own account with that provider and are governed by your direct relationship with them.

We use the data we collect to:

• Provide, maintain, and improve the ClowdOps platform
• Execute agent runs and scheduled tasks on your behalf
• Maintain run history and audit trails so you can review what the agent did
• Send transactional emails (confirmation, notifications, billing receipts)
• Investigate security incidents and enforce our Terms of Service
• Aggregate anonymised usage statistics to understand how the product is used

We do not use your cloud operation outputs, run transcripts, or resource inventory data to train AI models. We do not sell your personal data to third parties.

We share your data only in the following circumstances:

Service providers

We use trusted infrastructure and SaaS vendors (cloud hosting, database, monitoring, payment processing) who process data on our behalf under confidentiality obligations. Current sub-processors include AWS, Stripe, and Resend.

AI Providers

As described in Section 4, conversation data is forwarded to AI Providers for inference. This is a core function of the Service.

Legal requirements

We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Flashback, our users, or the public.

Business transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify affected users and this policy will continue to apply.

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Run history and chat transcripts are retained for 12 months by default. You can delete individual runs or all history from your account settings at any time.
• Account data is deleted within 30 days of account closure, except where we are required to retain it for legal or financial compliance purposes.
• Encrypted credentials are deleted immediately when you remove them from the platform or close your account.
• Security logs are retained for up to 90 days for incident-response purposes.

We implement technical and organisational measures to protect your data, including:

• Encryption at rest for credentials and sensitive configuration
• TLS in transit for all communications between your browser, our servers, and AI Providers
• Sandbox isolation: each agent run executes in an ephemeral container with no persistent network access beyond what is required for the run
• Role-based access controls: employees with access to production systems are limited to those whose roles require it
• Multi-factor authentication enforced for all internal systems

No system is perfectly secure. If you discover a security vulnerability, please report it to [email protected].

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and associated data
• Export your run history and resource inventory in a machine-readable format
• Object to certain processing activities
• Withdraw consent where processing is based on consent

To exercise any of these rights, email [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you are located in the European Economic Area, UK, or California, additional rights and protections may apply under GDPR, UK GDPR, or the CCPA respectively.

We use a minimal set of cookies:

• Session cookies to keep you logged in
• Preference cookies to remember display settings
• Analytics cookies for aggregated, anonymised product usage metrics

We do not use cross-site tracking cookies or sell data to advertising networks. You can disable non-essential cookies in your browser settings without affecting core Service functionality.

ClowdOps is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please reach out:

• Email: [email protected]
• Security issues: [email protected]

Flashback Corporation
ClowdOps Platform
United States