Privacy Policy

Last updated: April 2, 2025

1. Introduction

reCost.io ("we", "our", "us") operates the reCost Data Flow platform ("Service"). reCost.io is operated by reCost Inc., a Delaware corporation ("we," "us," or "our"). For privacy inquiries, contact: privacy@recost.io. This Privacy Policy explains how we collect, use, and protect information when you use our Service.

2. Information We Collect

Account information: When you register, we collect your name, email address, and company name.

Usage data: We collect information about how you interact with the Service, including pages visited and features used.

Cloud infrastructure metadata: With your authorization, we collect metadata from your AWS account (S3 access logs, Glue job execution records, Athena query history, table metadata). We do not collect the contents of your data files.

S3 access log data processed by reCost may include: AWS IAM role ARNs and principal identifiers, S3 bucket and object key paths (which may contain personal data patterns such as email addresses or account identifiers), IP addresses, HTTP user-agent strings including SDK versions, request timestamps, and HTTP response codes. reCost processes this data solely to provide the observability service and does not use it for advertising or sell it to third parties.

3. How We Use Information

  • To provide and improve the Service
  • To generate observability dashboards and alerts for your account
  • To communicate with you about your account and updates
  • To comply with legal obligations

4. Data Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, least-privilege IAM access, and SOC 2 Type II-audited controls. Cloud metadata collected from your account is stored in isolated, per-customer infrastructure.

5. Data Retention

Account data is retained for the duration of your subscription plus 30 days after termination. Cloud metadata is retained according to your plan's event retention policy (7 days, 90 days, or unlimited). You may request deletion of your data at any time.

6. Third-Party Services

We use third-party services for hosting, analytics, and customer support. These services are bound by their own privacy policies and data processing agreements with us.

7. GDPR Rights

If you are located in the European Economic Area, you have rights to access, correct, delete, and port your personal data. Contact us at privacy@recost.io to exercise these rights.

For customers in the European Economic Area: reCost Inc. acts as a data processor on behalf of the customer (data controller) for S3 access log data. A Data Processing Agreement (DPA) is available upon request at privacy@recost.io.

8. Contact

For privacy questions, contact us at privacy@recost.io.