Last updated: May 7, 2026
CARTIEAI LLC, a Texas limited liability company ("CARTIEAI", "we," "our," or "us"), provides a cloud financial intelligence platform that helps engineering and finance teams understand, attribute and reduce their cloud spend. This Privacy Policy describes — in plain language — what information we collect, why we collect it, who we share it with and the rights you have over it. If anything here is unclear, please email us at hello@cartieai.com and we'll happily explain.
This Policy applies to: (a) the authenticated CARTIEAI application, (b) the public marketing site at cartieai.com, and (c) free public tools we publish — including the PR-Time Cost Prediction calculator, the Trust page security checks and the cornerstone-blog lead-magnet downloads.
When you connect a cloud account (AWS, Azure, GCP, Snowflake, Databricks, DigitalOcean, MongoDB Atlas) we ingest your billing and usage data through read-only API connections. We use the minimum permissions required to read costs and never modify your infrastructure.
Stateless cloud credentials: Cloud-provider keys you paste into a one-shot audit tool are held in memory only for the duration of the scan and immediately discarded — never written to our database, disk or logs. Persistent integrations (e.g. AWS Cost & Usage Reports, Snowflake) are stored encrypted at rest with strict tenant isolation.
If you enable our Cost-per-Customer P&L feature, you authorise CARTIEAI to read — via your Stripe restricted key — the following from your Stripe account:
We never request write permissions and we never see card numbers. Your Stripe key is stored encrypted at rest and you can revoke it from your Stripe dashboard at any time. Each tenant's Stripe data lives in a physically separated Mongo collection scoped to their organisation id.
We rely on a small, vetted set of third-party vendors to operate the service (for payment processing, transactional email, hosting, optional Slack alerting and AI-assisted features). For procurement and InfoSec reviewers we publish the current list — including each vendor's role and the categories of data shared — at cartieai.com/subprocessors.
Access to that page requires a quick email confirmation so we can notify reviewers when the list changes. We will publish updates at least 14 days before adding a new subprocessor that handles personal data.
We follow industry-standard security practices that map to SOC 2 controls:
Honest framing on certifications: we operate SOC 2-aligned controls today. Formal SOC 2 Type II audit and ISO 27001 certification are scheduled to begin around customer #25, when we qualify for compliance-platform startup programmes (Drata / Vanta) and engage an external CPA auditor. Our Trust page publishes the live status, the planned timeline and the source policies (derived from the open-source strongdm/comply bundle).
Whether or not you live in the EU/UK or California, we extend the following rights to every user:
To exercise any of these rights, email hello@cartieai.com from the address on file. We respond within 30 days. There is no charge.
California residents (CCPA): we do not sell your personal information. We have not sold or shared personal information for the purposes defined under CCPA in the past 12 months.
Our primary data hosting is in the United States (MongoDB Atlas, US-East region). If you access CARTIEAI from outside the US, your data is transferred to and processed in the US under Standard Contractual Clauses. We're happy to sign a Data Processing Agreement for EU/UK customers — email hello@cartieai.com with subject "DPA request".
We use a small number of cookies and similar technologies:
CARTIEAI is a B2B product not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has submitted information to us, contact us and we will delete it.
When we make material changes we will email account holders at least 14 days before the new version takes effect. The "Last updated" date at the top will always reflect the effective version.
For any privacy question, request, or concern:
Privacy lead: Lakshmi (founder)
Email: hello@cartieai.com
Phone: +1 (512) 621-7610
Legal entity: CARTIEAI LLC
Postal: CARTIEAI LLC · Texas, United States
EU/UK residents may also contact their local data-protection authority. We are committed to resolving concerns directly first.