Kubeadapt
Get started
Your Privacy

Privacy Policy

How we collect, use, and protect your data

Introduction

This Privacy Policy is effective as of March 6, 2026.

Kubeadapt ("we," "our," or "us"), operated by Kubeadapt Inc., protects your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Kubernetes cost optimization platform.

Information We Collect

Cluster Performance Data

We collect the following metrics from your Kubernetes clusters:

  • Resource utilization metrics (CPU, memory, storage)
  • GPU utilization metrics and accelerator workload data (where applicable)
  • Pod and node configurations
  • Namespace-level resource allocation
  • Cost-related metrics and billing data
  • Deployment and workload metadata
  • Kubernetes API object metadata (labels, annotations, owner references)
  • Helm release information and chart versions
  • Container image names and versions
  • Network traffic metadata collected via eBPF (source/destination endpoints, protocol, byte counts -- no payload inspection)

Account Information

When you create an account, we collect:

  • Name and email address
  • Company information
  • Authentication credentials (securely hashed)
  • Payment information (processed through secure third-party providers)

Usage Data

We automatically collect certain information when you use our service:

  • Log data (IP address, browser type, access times, referring URLs)
  • Device information
  • Feature usage patterns
  • Performance metrics
  • Error reports and stack traces (via Sentry) for debugging and service reliability

How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide and maintain our cost optimization platform
  • Recommendations: To generate cost optimization insights and recommendations
  • Platform Improvement: To analyze usage patterns and improve our service
  • Communication: To send service updates, security alerts, and support messages
  • Support: To respond to your requests and provide customer assistance
  • Security: To detect and prevent fraud, abuse, and security incidents

Lawful Basis for Processing

Where GDPR applies, we process your data under the following lawful bases:

  • Contract Performance: Processing necessary to deliver our services as agreed
  • Legitimate Interest: Analytics, service improvement, and security monitoring
  • Consent: Marketing communications and optional cookies
  • Legal Obligation: Tax records and regulatory compliance

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
  • Security Audits: Regular security assessments and penetration testing
  • Monitoring: 24/7 security monitoring and incident response

Data Retention

We retain your data according to the following policies:

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Metrics Data: Retained for up to 13 months, depending on your subscription plan
  • Backup Data: Retained for 30 days in secure backups
  • Legal Requirements: May be retained longer if required by law or legal obligations

You can request data deletion at any time by contacting our support team.

Sub-processors and Third-Party Services

We do not sell your personal data. The following sub-processors assist in delivering our service. Each is bound by data processing agreements and appropriate security requirements:

  • Clerk: Authentication and identity management
  • Sentry: Error tracking and application monitoring
  • HubSpot: Analytics, forms, and marketing communications
  • AWS (Amazon Web Services): Cloud infrastructure and hosting (eu-west-1 region)
  • ClickHouse Cloud: Analytics data storage
  • Resend: Transactional email delivery
  • Stripe: Payment processing (where applicable)
  • Legal Obligations: We may disclose data when required by law, court order, or government regulations
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

All sub-processors are bound by data processing agreements and appropriate security requirements.

Your Rights

Under GDPR and CCPA, you have the right to:

We do not use automated decision-making or profiling that produces legal effects concerning you.

  • Access: Request a copy of your personal data
  • Correction: Correct inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Restriction: Request restriction of data processing
  • Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@kubeadapt.io

Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze usage patterns and improve performance
  • Provide content and features relevant to your use

You can control cookie preferences through your browser settings.

International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework (where applicable)
  • Equivalent data protection safeguards

Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:

  • Email notification to your registered address
  • Prominent notice on our platform
  • Updated "Last Modified" date

Contact Us

For questions about this Privacy Policy or our data practices:

Kubeadapt Privacy Team

Privacy: privacy@kubeadapt.io

General: authors@kubeadapt.io