Privacy Policy

Introduction

NightOps ("we", "our", "us", or the "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud resource management service, including our website, dashboard, Slack integration, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using NightOps, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our Service immediately.

Interpretation & Definitions

Interpretation

Words with initial capital letters have meanings defined under the following conditions. These definitions shall have the same meaning regardless of whether they appear in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for you to access our Service.
• Company refers to NightOps, Inc.
• Cookies are small files placed on your device that store browsing information.
• Device means any device that can access the Service.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the NightOps website, dashboard, APIs, and integrations.
• Usage Data refers to data collected automatically from use of the Service.

Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and job title. If you sign up using a third-party service (Google, GitHub, or other SSO providers), we receive basic profile information from that service including your name and email address.

Cloud Provider Access

To manage your cloud resources, we require read and limited write access to your cloud provider accounts (AWS, GCP, Azure). We collect:

• IAM role ARNs and credentials you provide for cross-account access
• Resource metadata (instance IDs, tags, states, configurations)
• Resource operation logs for audit purposes

We only access the specific resources you configure and only perform actions you explicitly authorize through schedules or manual commands.

Usage Data

We automatically collect information about how you interact with our Service, including:

• Schedules you create and modify
• Resources you add to management
• Features you use and frequency of use
• Cost savings calculations and reports you generate
• IP address, browser type, device information
• Pages visited and time spent on pages

Slack Integration Data

If you connect NightOps to Slack, we collect:

• Slack workspace ID and team name
• User IDs of team members who interact with NightOps
• Commands and messages sent to the NightOps bot
• Channel IDs where NightOps is invited

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Execute scheduled operations on your cloud resources
• Send notifications about resource status via Slack, email, or in-app alerts
• Calculate and display your cost savings and usage analytics
• Process payments and manage your subscription
• Respond to your inquiries and provide customer support
• Send administrative information, updates, and security alerts
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms

Disclosure of Information

We may share your information in the following situations:

With Service Providers

We share data with third-party vendors who assist us in operating our Service, including cloud infrastructure, payment processing, analytics, and customer support.

For Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your Personal Data is transferred.

With Your Consent

We may disclose your information for any other purpose with your explicit consent.

For Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

Data Retention

We retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. We will retain and use your data to the extent necessary to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements and policies

Usage Data is generally retained for shorter periods, except when used to strengthen security or improve functionality. When you delete your account, we will delete your Personal Data within 30 days, except where retention is required by law.

Data Transfer

Your information may be transferred to and maintained on servers located outside your country or jurisdiction where data protection laws may differ. If you are located outside the United States and choose to provide information to us, please note that we transfer data to the United States and process it there.

Your consent to this Privacy Policy followed by your submission of information represents your agreement to that transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Third-Party Services

We use the following categories of third-party services:

• Cloud Infrastructure: AWS, GCP, Azure for hosting and resource management
• Authentication: Auth0, Google OAuth, GitHub OAuth for secure sign-in
• Communication: Slack for notifications and commands
• Analytics: Services to understand usage patterns and improve our product
• Payment Processing: Stripe for secure payment handling

Each third-party service has its own Privacy Policy governing the use of your information. We encourage you to review their policies.

Your Choices

You have several choices regarding your information:

Access and Update

You can access, update, or correct your account information through your dashboard settings at any time.

Data Export

You can request an export of your data in a machine-readable format by contacting our support team.

Account Deletion

You can delete your account at any time through your dashboard or by contacting us. Upon deletion, we will remove your Personal Data within 30 days.

Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any email or updating your notification preferences.

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of Personal Data we have collected.
• Right to Delete: Request deletion of your Personal Data, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Opt-Out: You have the right to opt out of the sale of your Personal Data. Note: We do not sell Personal Data.

To exercise these rights, contact us at privacy@nightops.dev.

GDPR (European Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of whether we process your data and access to that data.
• Right to Rectification: Have inaccurate Personal Data corrected.
• Right to Erasure: Have your Personal Data deleted under certain conditions.
• Right to Restrict Processing: Limit how we use your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Our legal basis for processing includes: contract performance, legitimate interests, and consent. Contact our Data Protection Officer at dpo@nightops.dev for GDPR-related inquiries.

"Do Not Track" Policy

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. There is no uniform standard for interpreting DNT signals. Currently, our Service does not respond to DNT browser signals.

California law requires us to disclose how we respond to DNT signals. As stated above, we do not currently respond to DNT signals, but you can opt out of certain tracking through your browser settings or our cookie preferences.

Links to Other Sites

Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We strongly advise you to review the Privacy Policy of every site you visit. This Privacy Policy applies only to our Service.

Policy Changes

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

For material changes, we will provide additional notice via email or a prominent notice within our Service prior to the change becoming effective. Your continued use of the Service after any modifications indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@nightops.dev
• Data Protection Officer: dpo@nightops.dev
• Address: NightOps, Inc., 548 Market St #87043, San Francisco, CA 94104

We will respond to your inquiry within 30 days.