Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your data.

Last updated: March 30, 2026

1. Introduction

CostSpike ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud cost monitoring service (the "Service"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password (hashed), and authentication provider information when you create an account
  • Workspace Information: Workspace names, AWS role ARNs, external IDs, and configuration settings
  • Payment Information: Billing details processed through Stripe (we do not store full credit card numbers)
  • Communication Data: Information you provide when contacting our support team

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

  • Usage Data: Information about how you interact with the Service, including pages visited, features used, and time spent
  • Log Data: Server logs, IP addresses, browser type, device information, and access times
  • AWS Cost Data: Cost and usage data retrieved from your AWS accounts via the configured IAM roles
  • Alert Data: Information about cost anomalies detected and notifications sent

2.3 Third-Party Authentication

If you choose to authenticate using Google or Microsoft OAuth, we receive:

  • Email address
  • Name (if provided)
  • Provider-specific user identifier

We do not receive or store your OAuth provider password or access tokens beyond the initial authentication.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Monitor AWS costs and detect anomalies in your cloud spending
  • Send you alerts, notifications, and updates about the Service
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service
  • Send you marketing communications (with your consent, which you can opt out of at any time)

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely in cloud infrastructure. We use industry-standard encryption to protect data in transit and at rest. Sensitive information such as Slack webhook URLs are encrypted before storage.

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of sensitive data
  • Secure authentication mechanisms
  • Regular security assessments and updates
  • Access controls and audit logs
  • Secure API endpoints with rate limiting

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, including:

  • Payment Processing: Stripe for processing subscription payments
  • Cloud Infrastructure: AWS for hosting our services
  • Notifications: Slack (if you configure webhooks) for sending alerts
  • Analytics: Service providers that help us analyze usage patterns

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or security threats
  • Respond to government requests

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Opt-Out: Unsubscribe from marketing communications
  • Account Deletion: Delete your account and associated data through the Service settings

To exercise these rights, please contact us at the email address provided in the "Contact Us" section below.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or regulatory purposes.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@costspike.com
Website: https://costspike.com

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, please contact us using the information provided in the "Contact Us" section.

13. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). We process your personal information based on the following legal bases:

  • Performance of a contract (providing the Service)
  • Legitimate interests (improving the Service, security, fraud prevention)
  • Consent (marketing communications)
  • Legal obligations (compliance with applicable laws)

You have the right to access, rectify, erase, restrict processing, object to processing, and data portability. To exercise these rights, please contact us using the information provided in the "Contact Us" section.

Back to Home
Terms of Service