Privacy Policy

We store the information needed to run CrowINT-Evidence workspaces, including uploaded artifacts, parsed resource data, generated observations, control results, generated reports, and related assessment metadata. Uploaded artifacts may include Terraform files, IAM policies, Kubernetes manifests, storage configuration exports, vulnerability scan outputs, and similar technical evidence files.

We also store limited workspace and session data so the product can keep a browser connected to the correct workspace context. This can include workspace identifiers, session records, timestamps, and basic request metadata needed for security, troubleshooting, and service reliability.

We use uploaded content to parse infrastructure artifacts, normalize technical evidence, build correlated inventory, evaluate supported controls, generate evidence-backed results, and produce exportable reports. We also use operational data to maintain sessions, secure the service, detect misuse, and improve reliability.

CrowINT-Evidence does not sell user data. We do not use uploaded artifacts as a generic public data source. If product analytics or operational logs are retained, they are used to operate, secure, and improve the service rather than to commercialize customer content.

Uploaded artifacts and generated outputs are stored and processed so CrowINT-Evidence can deliver assessment results, inventory views, remediation guidance, and HTML or JSON exports. Processing is limited to the functions required for the evidence workflow. CrowINT-Evidence is not a live cloud scanner and does not require direct access to a customer's running AWS environment in order to evaluate uploaded artifacts.

We take reasonable technical and organizational steps to protect stored data, including access controls, session handling, and service-level safeguards appropriate for an early-stage SaaS product. No hosted system can promise absolute security, so customers should avoid uploading data they are not prepared to handle under normal cloud security risk assumptions.

Users are responsible for ensuring they are authorized to upload the artifacts, configurations, policies, and supporting evidence they place into CrowINT-Evidence. That includes responsibility for internal approvals, third-party restrictions, confidentiality obligations, and the sensitivity of the material being assessed.

If uploaded content contains personal data, regulated information, or sensitive infrastructure details, the uploader remains responsible for confirming that the use of CrowINT-Evidence is appropriate for that content and for applying any organizational controls required by policy or law.