Privacy Policy - Scratch

1. Introduction

KubeBento ("we," "our," or "us") operates the Scratch service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring transparency about our data practices.

2. Information We Do NOT Collect or Store

IMPORTANT: KubeBento does NOT collect, store, backup, or retain any data created within Kubernetes sessions. This includes:

Files, documents, or code created in sessions
Container images or custom configurations
Kubernetes resources (pods, services, deployments, etc.)
Logs or output from applications running in sessions
Environment variables or secrets
Network traffic or communications within sessions
Any personal or business data processed within sessions

All session data is ephemeral and permanently deleted when sessions terminate. We have no ability to recover this data.

3. Information We Do Collect

3.1 Account Information

Email address
Full name
Password (encrypted)
Account creation date
Subscription tier and billing information

3.2 Usage Metrics

We collect anonymized usage metrics to monitor service performance and billing:

Session count: Number of sessions created
Session duration: How long each session was active
Resource usage: CPU, memory, and storage consumption per session
Timestamps: When sessions were created and terminated
Service tier: Which subscription plan was used

These metrics contain no personal data or session content.

3.3 Technical Information

IP address (for security and abuse prevention)
Browser type and version
Operating system
Device information
Access logs (page visits, timestamps)

3.4 Communication Data

Support tickets and correspondence
Contact form submissions
Email communications

4. How We Use Your Information

Service Provision: To provide and maintain the Scratch service
Account Management: To manage your account and subscription
Billing: To process payments and calculate usage-based charges
Resource Monitoring: To ensure fair usage and prevent abuse
Service Improvement: To analyze usage patterns and improve the service
Security: To detect and prevent fraud, abuse, and security threats
Communication: To respond to support requests and send service updates
Legal Compliance: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in these limited circumstances:

5.1 Service Providers

Payment processors (for billing)
Cloud infrastructure providers (for hosting)
Analytics services (anonymized usage data only)
Customer support tools

5.2 Legal Requirements

When required by law or legal process
To protect our rights, property, or safety
To investigate fraud or security issues
In connection with business transfers or acquisitions

6. Data Security

We use industry-standard encryption for data transmission and storage
Access to personal information is restricted to authorized personnel only
We regularly monitor our systems for security vulnerabilities
Session environments are isolated and automatically destroyed
Payment information is processed by certified payment processors

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

Account Information: Retained while your account is active and for up to 30 days after deletion
Usage Metrics: Retained for up to 2 years for billing and service improvement purposes
Session Data: Immediately and permanently deleted upon session termination
Support Communications: Retained for up to 3 years
Billing Records: Retained as required by law (typically 7 years)

8. Your Rights and Choices

8.1 Account Control

Update your account information at any time
Change your password and security settings
Delete your account (subject to outstanding obligations)

8.2 Data Rights (where applicable)

Access: Request a copy of your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Portability: Request transfer of your data
Objection: Object to certain processing activities

8.3 Marketing Communications

Opt out of marketing emails at any time
Unsubscribe links are provided in all marketing communications
Essential service communications cannot be opted out of

9. Cookies and Tracking

Essential Cookies: Required for authentication and security
Analytics Cookies: Help us understand service usage (anonymized)
No Advertising Cookies: We do not use cookies for advertising
You can control cookies through your browser settings

10. International Data Transfers

Your information may be processed in countries other than your residence. We ensure appropriate safeguards are in place for international transfers, including:

Adequacy decisions by relevant authorities
Standard contractual clauses
Certification schemes

11. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover such information, we will delete it immediately.

12. Changes to Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:

Email notification to registered users
Prominent notice on our website
In-service notifications

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Information

For questions about this Privacy Policy or to exercise your data rights, please contact us:

Through our website contact form
Via our customer support channels
By email (available through the Service)

14. Data Protection Officer

If required by applicable law, we will appoint a Data Protection Officer. Contact information will be provided when applicable.