Privacy Policy

CloudWizard — acloudwizard.com
Last updated: 18 May 2026

1. Introduction

CloudWizard (“we”, “us”, or “our”) is an AWS security scanning and compliance dashboard service operated by CloudWizard. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at app.acloudwizard.com (the “Service”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Full name and email address
  • Organisation or company name (optional)
  • Password (stored as a salted hash via AWS Cognito — never in plain text)

2.2 AWS Integration Data

When you connect your AWS account to CloudWizard, we collect:

  • AWS Account ID(s)
  • IAM role ARNs used for scanning (read-only access only)
  • Security findings and configuration data returned by scan jobs (e.g., Prowler output)
  • Compliance check results against selected frameworks (e.g., CIS, SOC2, PCI-DSS)

Important: CloudWizard uses read-only IAM roles. We never request, store, or process your AWS access keys, secret keys, or any credentials that allow write or administrative access to your AWS environment.

2.3 Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Feature usage metrics (e.g., scans triggered, reports viewed)
  • Error and diagnostic data to improve service reliability

2.4 Cookies and Tracking

We use session cookies required for authentication (via AWS Cognito). We do not use advertising trackers or sell your data to third parties. You may disable cookies in your browser settings, but this will prevent login functionality.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Run AWS security scans on your behalf using the IAM role you provide
  • Generate compliance and security reports within your tenant
  • Send transactional emails (e.g., scan completion notifications, account alerts)
  • Investigate security incidents or misuse of the Service
  • Comply with legal obligations

We do not use your data for advertising or sell it to third parties.

4. Data Storage and Security

4.1 Where Data is Stored

All data is stored within AWS infrastructure in the ap-southeast-2 (Sydney) region, unless otherwise specified for your organisation.

4.2 Security Measures

  • All data in transit is encrypted using TLS 1.2 or higher
  • All data at rest is encrypted using AES-256 (via AWS KMS)
  • Scan result data is stored in your tenant’s isolated S3 bucket
  • Access to your data by CloudWizard staff requires explicit authorisation and is logged
  • Authentication is managed via AWS Cognito with MFA available

4.3 Data Retention

  • Account data is retained for the duration of your subscription plus 90 days after cancellation
  • Scan results are retained for 12 months by default; this may be configurable on higher-tier plans
  • You may request deletion of your data at any time (see Section 7)

5. Sharing of Information

We do not sell, trade, or rent your personal information. We may share data only in these limited circumstances:

Recipient Purpose Safeguards
AWS (infrastructure) Hosting, compute, storage AWS DPA applies
AWS Cognito Authentication and identity management AWS DPA applies
Support tools (e.g., email) Transactional notifications Minimal data shared
Legal authorities Compliance with law, court order, or regulatory requirement Only when legally required

6. Third-Party Services

The Service uses the following AWS-managed services which process data on our behalf:

  • AWS Cognito — authentication and user management
  • AWS Lambda — serverless scan orchestration
  • AWS DynamoDB — account and scan metadata storage
  • AWS S3 — scan result storage
  • AWS CloudFront — content delivery

All AWS services are governed by the AWS Data Processing Addendum.

7. Your Rights

Depending on your jurisdiction (including Australia under the Privacy Act 1988 and GDPR where applicable), you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your account and associated data
  • Portability — Request an export of your scan data in JSON or CSV format
  • Withdraw consent — Disconnect your AWS integration at any time from your account settings

To exercise any of these rights, email us at support@acloudwizard.com. We will respond within 30 days.

8. Children’s Privacy

The Service is intended for business and professional use only. We do not knowingly collect personal information from individuals under the age of 16. If you believe a minor has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before changes take effect. Continued use of the Service after changes constitutes your acceptance of the updated policy.

10. Contact Us

For privacy-related questions, requests, or complaints:

Email: support@acloudwizard.com
Website: https://www.acloudwizard.com
Location: New South Wales, Australia

CloudWizard is committed to protecting your data and operating with transparency. This policy is written in plain language to ensure clarity for all users.