Privacy Policy
saasups provides read-only modernization intelligence for AWS estates. This policy explains what information we collect, why we collect it, and how we handle it — in plain language.
Introduction
saasups, Inc. ('saasups', 'we', 'us') operates an AI-powered estate assessment platform that connects to customer AWS environments under scoped, read-only access. We are committed to handling your information transparently and responsibly.
This Privacy Policy applies to our website (saasups.com), our platform, and any associated documentation or support channels. By using our services, you agree to the practices described here.
Information we collect
Account information: name, work email address, company name, job title, and billing contact when you create an account or subscribe.
Usage data: pages visited, features used, session duration, and error logs collected automatically to help us improve the product.
AWS estate data: when you connect an AWS account, saasups reads configuration metadata — resource identifiers, service configurations, dependency graphs, cost allocation tags — under a scoped read-only IAM role. We do not access application data, customer records, or runtime payloads stored in those accounts.
Communications: messages you send to us via email, support tickets, or scheduled technical walkthroughs.
How we use it
To operate and improve the platform: generate dependency maps, 7 R's scoring, AWS target architecture recommendations, and FinOps migration-economics models.
To communicate with you: send assessment reports, product updates, and responses to your support requests.
To comply with legal obligations and enforce our Terms of Service.
We do not sell your personal information. We do not use your AWS estate data to train models sold to third parties.
Read-only access and customer data
saasups connects to your AWS environment exclusively through a scoped read-only IAM role that you provision and control. We request only the minimum permissions required to enumerate resources, read configuration metadata, and retrieve cost and usage data.
We do not write to your AWS account. We do not modify, delete, or move any resource in any connected account — ever.
AWS estate metadata collected during an assessment is used solely to generate your organization's assessment output. It is not shared with other saasups customers, indexed for advertising purposes, or used to benchmark your estate against competitors without your explicit written consent.
Data retention
Account data is retained for the duration of your subscription and for up to 24 months after termination, unless you request earlier deletion.
AWS estate scan data is retained for 12 months after each scan, allowing you to compare assessments over time. You may request deletion of individual scan datasets at any time.
Aggregated, anonymized usage metrics may be retained indefinitely for product analytics.
Subprocessors
We engage third-party subprocessors to operate the platform. Current subprocessors include cloud infrastructure providers (AWS), analytics platforms, customer support tooling, and payment processors. A current list of subprocessors is available upon request at [email protected].
All subprocessors are bound by data processing agreements that require them to handle your data in a manner consistent with this policy.
Security
saasups encrypts data at rest (AES-256) and in transit (TLS 1.2+). Access to customer data is restricted to authorized personnel on a need-to-know basis, protected by multi-factor authentication and audit logging.
We conduct regular security assessments and promptly notify affected customers of any confirmed breach affecting their data, in accordance with applicable law.
No transmission over the internet is completely secure. We take reasonable measures to protect your information but cannot guarantee absolute security.
Your rights (GDPR / CCPA)
Depending on your location, you may have the right to: access a copy of personal data we hold about you; correct inaccurate data; request deletion of your data; object to or restrict certain processing; and receive your data in a portable format.
California residents may also opt out of the sale of personal information (we do not sell personal information) and request disclosure of categories of data collected in the preceding 12 months.
To exercise any of these rights, contact [email protected]. We will respond within 30 days (or the period required by applicable law).
International transfers
saasups is headquartered in the United States. If you are located outside the US, your information may be transferred to and processed in the US and other countries where our infrastructure operates.
For transfers from the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Contact us for a copy.