Privacy Notice

Effective: TBD. Operator: 廣州市音菲尼科技有限公司 (Guangzhou Infini Technology Co., Ltd.).

CloudScrub is a SaaS tool that helps Azure customers identify wasted spend and reconcile GitHub Copilot seats. This notice describes what we collect, why, and how to exercise your rights. The authoritative version of this notice lives at docs/legal/PRIVACY.mdin our repository.

What we collect

• Azure subscription metadata you grant us OAuth access to (resource ids, SKUs, tags). We do not read your data planes (no blob contents, no database rows).
• GitHub Copilot seat assignments and last-activity timestamps for the organisations you connect.
• Marketplace purchase metadata (subscription id, plan, purchaser email) from Microsoft Partner Center.
• Operational telemetry (request paths, response codes, error stacks) to keep the service healthy.

Lawful basis

Performance of contract (delivering CloudScrub) and legitimate interest (security & service reliability). For users in jurisdictions with stricter standards (Hong Kong PDPO, EU GDPR, mainland China PIPL), we apply the more protective rule.

How long we keep it

• Scan results: 12 months rolling window.
• Audit logs: 24 months.
• OAuth tokens: until you revoke access in your Microsoft / GitHub account.

Your rights

Email privacy@cloudscrub.io to access, correct, or delete your data. We acknowledge within 5 business days and complete within 30.

⚠️ This draft has not yet been reviewed by counsel. Do not present to enterprise buyers until the “needs-legal-review” banner is removed.