Legal Document
Privacy Policy
This Privacy Policy describes how SamSoft Technologies collects, uses, and protects your information when you use FinOpsAI — our GCP cost intelligence platform.
DPDP Act 2023
GDPR Ready
RBI IT Framework
asia-south1
Key Summary: FinOpsAI is a B2B enterprise tool. We process your GCP billing data solely to provide cost intelligence services. All billing data stays in asia-south1 (Mumbai) and is never used to train AI models. We never sell your data.
01Information We Collect
When you use FinOpsAI, we collect the following categories of information:
- Account Information: Email address, name, and authentication credentials via Google Firebase Authentication
- GCP Credentials: Service account JSON keys you upload to connect your GCP project — encrypted at rest in Firestore
- Billing Data: GCP billing export data from your BigQuery datasets — queried in real-time, never copied to our servers
- Usage Data: Agent analysis requests, action cards created, and Fix Now approvals — stored for audit trail
- Technical Data: IP address, browser type, and access logs for security monitoring
02How We Use Your Information
We use the information we collect exclusively to provide and improve the FinOpsAI service:
- Detecting GCP cost anomalies in your billing data using statistical analysis
- Running AI analysis via Claude Sonnet 4.5 on anonymised cost summaries
- Generating remediation recommendations and action cards
- Maintaining audit trails for regulatory compliance (RBI IT Framework)
- Sending email notifications for anomaly alerts and Fix Now confirmations
- Improving our anomaly detection algorithms using aggregated, anonymised data
We never: sell your data, use your billing data to train AI models, share your data with third parties for marketing, or process your data outside India without explicit consent.
03Data Residency and Sovereignty
Sovereign-First Architecture: All customer data including GCP credentials, billing summaries, action cards, and audit logs are stored exclusively in Google Cloud asia-south1 (Mumbai, India) in compliance with the Digital Personal Data Protection Act 2023.
- Firestore database: asia-south1 (Mumbai)
- Cloud Run API: asia-south1 (Mumbai)
- BigQuery queries: executed in your project's region
- AI inference: Anthropic API — Zero Data Retention mode — prompts never stored
- Firebase Hosting: Global CDN for static assets only (no personal data)
04AI and Machine Learning
FinOpsAI uses the following AI services to provide cost intelligence:
- Claude Sonnet 4.5 (Anthropic): Analyses compressed, anonymised cost summaries. Zero Data Retention — prompts not stored by Anthropic. No training on your data.
- Gemini 2.0 Flash-Lite (Google): Filters anomaly noise before sending to Claude. Stateless processing — no data retained.
- Human-in-the-Loop: No AI system executes remediation actions automatically. All Fix Now actions require explicit human approval.
05Data Security
We implement enterprise-grade security controls to protect your data:
- GCP service account credentials encrypted at rest in Firestore
- All API secrets stored in GCP Secret Manager — never hardcoded
- Zero-Trust IAM — service accounts with minimal required permissions
- Firebase JWT authentication for all API endpoints
- HTTPS/TLS encryption for all data in transit
- GitHub Actions CI/CD with encrypted secrets
- Complete audit trail of all agent actions and human approvals
06Data Retention
- Billing cache: Refreshed every 2 hours — not permanently stored
- Action cards: Retained for 12 months for audit trail
- Audit logs: Retained for 7 years (RBI IT Framework requirement)
- Account data: Retained until account deletion request
- GCP credentials: Deleted immediately upon account deletion request
07Your Rights (DPDP Act 2023)
Under the Digital Personal Data Protection Act 2023, you have the following rights:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Correction: Request correction of inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Grievance: File a complaint with our Data Protection Officer
- Right to Nominate: Nominate a person to exercise rights on your behalf
To exercise any of these rights, email us at privacy@samsofttechnologies.com
08Third-Party Services
FinOpsAI integrates with the following third-party services:
- Google Firebase: Authentication and Firestore database — Google Privacy Policy applies
- Google Cloud: Cloud Run, BigQuery, Secret Manager — Google Cloud DPA applies
- Anthropic: Claude API with Zero Data Retention — Anthropic Privacy Policy applies
- Stripe: Payment processing — Stripe Privacy Policy applies
09Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email at least 30 days before the changes take effect. Continued use of FinOpsAI after the effective date constitutes acceptance of the updated policy.