01

Information We Collect

We collect information that you provide directly to us and information generated through your use of our services:

• Account information: Name, email address, job title, and company name provided during registration or beta application.
• Usage data: Pages visited, features used, session duration, and interaction patterns within the platform.
• Survey responses: Answers to our PMF survey and feedback forms you voluntarily complete.
• Technical data: IP address, browser type, operating system, and device identifiers for security and performance monitoring.
• Communication data: Messages you send us via email or support channels.

02

How We Use Your Information

We use the information we collect for the following purposes:

• Providing and improving the TattvaLens platform and services.
• Communicating with you about your account, beta status, and platform updates.
• Analysing product usage to identify improvements and fix issues.
• Sending relevant product updates and research insights (you may opt out at any time).
• Complying with legal obligations and enforcing our Terms of Service.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

03

Cloud Infrastructure Access

TattvaLens operates on a strictly read-only, agentless basis. When you connect your cloud account:

• Access is granted via a single sts:AssumeRole with explicitly scoped, read-only permissions — we never write to or modify your infrastructure.
• We collect resource metadata (resource IDs, configurations, relationships) necessary to generate risk and cost insights.
• We do not collect or store sensitive application data, secrets, credentials, or business data stored within your cloud resources.
• Cloud metadata collected for analysis is encrypted at rest and in transit.
• You may revoke access at any time by removing the IAM role from your cloud account.

04

Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained until you request deletion or close your account.
• Cloud scan metadata is retained for up to 90 days to support trend analysis; you may request earlier deletion.
• Anonymised, aggregated usage analytics may be retained indefinitely as they cannot be linked to you.
• We will delete your personal data within 30 days of a valid deletion request.

05

Third-Party Services

We use a limited set of trusted third-party services to operate the platform. These may process your data on our behalf:

• Cloud infrastructure: Our platform is hosted on AWS with data stored in encrypted databases within the EU/US regions.
• Analytics: We use privacy-first analytics tools that do not sell your data or use it for advertising.
• Email: We use a transactional email provider to deliver account-related communications.

All third-party processors are bound by data processing agreements consistent with this Privacy Policy.

06

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Request your data in a machine-readable format.
• Objection: Object to certain processing activities, including direct marketing.
• Withdrawal: Withdraw consent where processing is based on consent, without affecting prior processing.

To exercise any of these rights, contact us at privacy@tattvalens.com. We will respond within 30 days.

07

Security

We take security seriously. Our platform implements:

• Encryption in transit (TLS 1.2+) for all data between your browser, our servers, and your cloud provider.
• Encryption at rest for all stored data using AES-256.
• Strict access controls — only authorised TattvaLens engineers with a legitimate need can access production systems.
• Regular security reviews and penetration testing of our infrastructure.

For security-related concerns or to report a vulnerability, visit our Trust Center or email security@tattvalens.com.

08

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice within the platform at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

Continued use of the platform after changes become effective constitutes your acceptance of the revised policy.