Legal

Data Handling Policy

Last updated: March 1, 2026

This document explains exactly what data Xplorr collects from your cloud accounts, what we do and don't do with it, and how it is stored, secured, and deleted.

What Data We Collect From Your Cloud Accounts

Xplorr uses read-only API access to retrieve the following:

Billing & Cost Data

  • Daily and monthly cost totals per service, region, and resource
  • Cost allocation tag values associated with resources
  • Reserved instance and savings plan utilisation data
  • Invoice line items and billing period summaries
  • Data transfer costs and cross-region fees

Resource Metadata

  • Instance types, sizes, and regions for compute resources
  • Storage volume sizes and types (but not contents)
  • Resource creation dates and last-accessed timestamps (where available)
  • Resource tags and labels
  • CPU utilisation percentages from cloud monitoring APIs (for right-sizing)

What We Do NOT Access

  • Application data, databases, or storage contents
  • Environment variables, secrets, or application credentials
  • Network traffic content or application logs
  • User identities or access logs from your applications
  • Any data outside billing and resource metadata APIs

How Credentials Are Stored

🔐

AES-256-GCM Encryption

All cloud credentials (IAM role ARNs, service principal IDs, service account keys) are encrypted with AES-256-GCM before being written to storage. The encryption key is stored separately from the encrypted data.

🏛️

Isolated Secrets Vault

Credentials are stored in a dedicated secrets management service, physically and logically separated from our main application database. A breach of the app database does not expose credentials.

Ephemeral Decryption

Credentials are decrypted only in memory for the duration of an API call. They are never written to logs, error reports, or any secondary storage.

🗑️

Immediate Deletion

When you disconnect a cloud account or close your Xplorr account, credentials are deleted from the vault immediately — not soft-deleted, not archived.

How Billing Data Is Stored

Your cloud billing data is stored in our primary database hosted on AWS RDS (PostgreSQL) in eu-west-1 (Ireland). The database is:

  • Encrypted at rest with AWS-managed AES-256 keys
  • Accessible only over TLS within a private VPC subnet
  • Backed up daily with 30-day retention
  • Logically isolated per organisation — you cannot access another organisation's data

Data Retention

Data type Retention
Cloud credentials Deleted immediately on disconnection or account closure
Billing data (Starter) 3 months rolling
Billing data (Growth) 12 months rolling
Billing data (Enterprise) Unlimited (configurable)
Account & user data Retained while account is active, deleted 30 days after closure
Usage analytics 24 months, anonymised
Support communications 2 years
Audit logs (Enterprise) 12 months

Third-Party Subprocessors

Subprocessor Purpose Data shared
Amazon Web Services (AWS) Cloud hosting, database, secrets management All data (encrypted at rest)
OpenAI AI cost recommendations Anonymised cost summaries (no credentials or PII)
Slack Alert delivery (if configured) Alert messages only (no credentials)
Postmark Transactional email Name, email, notification content

Data Portability and Deletion Requests

You can:

  • Export your billing data at any time as PDF or Excel from the dashboard
  • Request a full data export (JSON format) by emailing [email protected]
  • Request full account deletion — we will confirm deletion within 30 days
  • Disconnect individual cloud accounts at any time from the dashboard, which immediately deletes those credentials and, if you choose, the associated billing data

Contact

For data handling questions, email [email protected]. See also our Privacy Policy and Security page.