C
CARTIEAI
PricingTry free
Back to home
← Back to home·Pricing·Sign in

Security & Privacy

How we protect your cloud cost data

SOC 2-aligned controls: Live
GDPR / CCPA rights honoured: Live
SOC 2 Type II audit: Planned · customer #25
ISO 27001: Post-Series-A roadmap

Your Data, Your Control

We understand that your cloud cost data is sensitive. That's why we've built CARTIE AI with privacy-first principles. You always have complete control over your data.

Data Encryption

AES-256-GCM encrypts your data at rest (stored in database). TLS 1.3 encrypts data in transit (over the network). This is the same encryption used by banks and government agencies.

Zero Credential Storage

We NEVER persist your AWS, Azure, GCP, Snowflake, Databricks, or DigitalOcean credentials in our database. Credentials are used in-memory to run a read-only audit and then discarded — they are not written to disk or logs.

Complete Audit Trail

Every action in CARTIE AI is logged with timestamps, user IDs, and IP addresses. Full audit logs are available for compliance review and can be exported anytime.

Stateless Audit Architecture

When you run a cloud audit, your read-only credentials are held in-memory only for the duration of the scan, then immediately discarded. We do not persist them in our database, on disk, or in logs.

Role-Based Access Control

Granular permissions ensure team members only see what they need. Passwords are hashed using bcrypt (one-way encryption - even we cannot see them).

Data Deletion Rights

You can export or delete all your data at any time. We honor deletion requests within 24 hours. Your data, your control.

How We Protect Your Data

We use industry-standard encryption methods. Here's what each one means:

Passwords
bcrypt (one-way hash)Cannot be reversed, even by us
Data at Rest
AES-256-GCMMilitary-grade encryption for stored data
Data in Transit
TLS 1.3Latest encryption for network traffic
API Keys
Environment variablesNever stored in code or database

Bottom line: Your passwords cannot be decrypted (one-way hash). Your data is encrypted with military-grade AES-256. All network traffic uses TLS 1.3 (same as online banking). Your cloud credentials never touch our servers.

AI & Your Privacy

Our AI features are designed with privacy in mind. You have complete control over what data the AI can access, and you can disable AI features entirely if you prefer.

AI sees only aggregated summaries
You control AI data access level
Preview data before AI queries
Option to disable AI completely
AI never sees credentials
No data sold to third parties

Important: When AI features are enabled with "Limited" or "Anonymized" mode, the AI only sees aggregated summaries—never your raw cost data, resource IDs, or credentials.

Our Data Practices

We Collect

  • Cloud cost data (with your permission)
  • Usage patterns for optimization
  • Account settings & preferences

We Protect

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Regular security audits

We Never

  • Sell your data to anyone
  • Store your cloud credentials
  • Share data without consent

Your Rights

Right to Access

View all data we have about you

Right to Export

Download your data anytime

Right to Delete

Request complete data deletion

Right to Correct

Update or correct your data

Questions About Security?

Our security team is happy to answer any questions or provide additional documentation.

hello@cartieai.com

© 2026 CARTIEAI. All rights reserved.

LoginPricingPrivacy PolicyTerms of Service

We value your privacy. Cookies help us improve your experience. Learn more

Install CARTIE AI

Add to your home screen for quick access and offline support