The hosted service processes operational records. Cloud credentials and default scan execution stay on the customer side.
Cloud Waste Scanner follows a local-first boundary. This policy explains which website and hosted-service data is processed, alongside the scanning and credential paths that remain local to the customer environment.
Local-first core
Credentials stay local
Provider credentials and default scan execution are not ingested into the hosted backend.
Hosted records
Licensing, orders, analytics
The hosted side stores operational data needed for checkout, entitlement, support, and site improvement.
Rights
Access, correction, deletion
Requests are supported subject to legal, anti-fraud, and security obligations.
Data categories
What the public service can process
| Category | Examples | Purpose |
|---|---|---|
| License and order records | Email, license metadata, order or subscription identifiers, plan, status, timestamps | Entitlement, billing support, recovery |
| Trial and anti-abuse signals | Machine identifier, request IP, optional trial email | Enforce trial policy and prevent repeated abuse |
| Website analytics | Session ID, page path, click events, referrer, user agent, timezone, language, UTM fields, Google Analytics page and event context | Measure site usage and improve conversion and support paths |
| Application telemetry | Pseudonymous machine identifier, app version, OS, feature usage | Product quality, adoption analysis, upgrade guidance |
| Feedback and support | Feedback type, message, optional email, version, status, timestamps | Product improvement and support follow-up |
| Geo and network metadata | IP-derived country, city, ASN | Aggregate reporting and service operations |
Processing boundary
Stored locally
- Cloud provider credentials
- Default scan execution context
- Locally exported reports unless the user explicitly sends them
Processed by hosted service
- License validation and quota workflows
- Order lifecycle, refund requests, and payment-provider events
- Website and app telemetry used for operations quality
Processors and retention
Current processors include Paddle for checkout and subscription lifecycle, Google Analytics for public-site traffic measurement on indexable pages, Resend for transactional email, Cloudflare for edge delivery, and MaxMind or fallback geo providers for limited geo enrichment. Card data is handled through processor-hosted infrastructure rather than stored as raw card data in the product backend.
Data is retained only as long as needed for licensing, support, analytics, security, fraud prevention, and legal compliance. Where feasible, records are deleted or anonymized after the operational purpose ends.
Privacy requests and policy questions
You may request access, correction, or deletion for personal data we control. California customers may also request information about processing categories and purposes. We do not sell personal information or share it for cross-context behavioral advertising.
Need the right path?
- Security explains the local-first boundary and hosted service scope.
- Email service@cloud-waste-scanner.com for access, correction, or deletion requests.
Review the product with the same privacy boundary you plan to keep.
Save your first $1,000 before the next billing cycle.