Privacy Policy

Last updated: June 10, 2026

This Privacy Policy explains how Graymole ("we", "us") collects, uses, and safeguards information when you use our Service.

1. Information we collect

  • Account information: your name, email, organization, and password (stored only as a salted hash).
  • Cloud connection details: the IAM role ARN and ExternalId, or (if you choose key-based access) access keys, which are encrypted at rest.
  • Scan data: read-only metadata about your cloud resources, returned by your provider's APIs, used to produce findings.
  • Usage data: basic logs needed to operate and secure the Service.

2. How we use information

We use information to provide the Service, run scans you request, enforce plan limits, secure accounts, and communicate with you. We do not sell your data.

3. How we access your cloud

The Service performs only read operations. For role-based connections we assume a cross-account role you create, scoped to read-only permissions and a unique ExternalId. You can revoke access at any time by removing the role.

4. Security

We hash passwords, encrypt stored secrets, isolate each customer's data by tenant, and restrict access on every request. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard practices.

5. Data retention

Scan results are retained according to your plan (for example, 7 days on the Free plan). You may delete connected accounts and scan history at any time. Deleting your account removes your associated data subject to legal obligations.

6. Sharing

We share information only with service providers that help us operate the Service (such as hosting and email), under appropriate confidentiality obligations, or where required by law.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data. Contact us to exercise them.

8. Changes

We may update this policy and will note the effective date above. Material changes will be communicated through the Service or by email.

9. Contact

Privacy questions? Email privacy@graymole.com.

This is a starting-point template, not legal advice. Have it reviewed by a qualified attorney before relying on it.