Privacy Policy

Driftak operates driftak.com, an AWS cost monitoring service. For GDPR purposes, Driftak is the data controller for personal data collected through this website.

Contact: privacy@driftak.com

Account data: Email address and password hash when you create an account.

AWS integration data: IAM Role ARN, external ID, AWS account ID, and read-only resource metadata (instance IDs, resource types, cost estimates). We never store AWS access keys or secrets.

Usage data: Pages visited, features used, timestamps. Collected via server logs and analytics.

Communications: Email address if you subscribe to early access or notifications.

• Provide and operate the Driftak service
• Send cost alerts and notifications you configure
• Improve the product and fix bugs
• Comply with legal obligations
• Respond to support requests

We do not sell your data. We do not use your AWS resource data for any purpose other than providing the service to you.

For users in the European Economic Area, we process your data under the following legal bases:

• Contract performance: Processing necessary to deliver the service you signed up for.
• Legitimate interests: Security monitoring, fraud prevention, and product improvement.
• Consent: Marketing emails (you can withdraw at any time).
• Legal obligation: Compliance with applicable laws.

GDPR rights (EEA residents): Access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your local supervisory authority.

CCPA rights (California residents): Right to know what personal information we collect, right to delete, right to opt out of sale (we do not sell data), and right to non-discrimination.

To exercise any right, email privacy@driftak.com. We will respond within 30 days.

We retain account data for as long as your account is active. AWS resource data is retained for up to 90 days of billing history. You may request deletion at any time by emailing us or deleting your account from the dashboard.

We share data only with:

• Supabase: Database and authentication infrastructure.
• Loops.so: Transactional email delivery.
• Vercel: Hosting and edge infrastructure.
• AWS: Read-only API calls to your own AWS account using the role you provide.
• Paddle: Payment processing and subscription management. Paddle acts as Merchant of Record and processes billing data under their own privacy policy.

All sub-processors are contractually bound to protect your data and process it only on our instructions.

Your data may be processed in the United States. For EEA users, transfers are covered by Standard Contractual Clauses (SCCs) with our sub-processors.

We use only essential cookies required for authentication (session tokens). We do not use advertising or tracking cookies.

We use TLS encryption in transit, encrypted storage at rest, and least-privilege access controls. AWS integration uses read-only IAM roles with external IDs — we cannot modify or delete your AWS resources.

Driftak is not directed at children under 16. We do not knowingly collect data from minors.

We will notify registered users by email of material changes at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

Driftak · privacy@driftak.com