Privacy Policy

Last updated: March 15, 2026

1. Introduction

Nubex (“we,” “our,” or “Company”) provides a cloud cost optimization and monitoring platform that helps engineering teams track, analyze, and reduce their AWS and cloud infrastructure spending. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our service.

Scope: This policy applies to all visitors and users of nubex.app and the Nubex service (the “Service”).

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

  • Full name, email address, company name, job title
  • Phone number (optional)
  • Password and authentication credentials
  • Billing address and payment information (processed through Stripe)

Cloud Account Integration:

  • AWS account details and cross-account role information
  • AWS IAM role ARN and external IDs (for secure API access)
  • Authorization to access AWS Cost Explorer API and usage data

Service Usage:

  • Budget thresholds and cost alert preferences
  • Cost optimization recommendations and notes
  • Tags and labels for organizing cloud resources
  • Workspace and team member information: names, email addresses, roles
  • Comments and annotations within the Service

Communication:

  • Messages, support tickets, and feature requests sent to us
  • Survey responses and feedback, if you choose to participate

2.2 Information Collected Automatically (from AWS)

Through authorized AWS API access, we collect:

Cost and Usage Data:

  • Daily AWS service costs (broken down by service, region, linked account)
  • AWS Cost Explorer data: historical spending patterns, forecasts
  • Resource tags and metadata (used for cost allocation)
  • Service utilization metrics (instances, storage, data transfer)

Technical Data:

  • IP address, browser type, operating system, pages visited, time spent
  • Device information: device type, device ID, mobile device identifiers
  • Cookies and tracking technologies (see Section 5)
  • Error logs and debugging information

3. How We Use Your Information

We use the information we collect for the following purposes:

  1. Service Delivery — Create and maintain your account, retrieve cloud cost data from AWS, process transactions, and provide customer support
  2. Cost Analysis and Optimization — Analyze your cloud spending patterns and provide personalized cost reduction recommendations
  3. Service Improvement — Analyze usage patterns to improve features, detection algorithms, and performance
  4. Communication — Send transactional emails (confirmations, cost alerts, billing notifications) and service updates
  5. Cost Forecasting — Calculate projected monthly cloud spending and send proactive alerts when thresholds are exceeded
  6. Marketing (with consent) — Share cloud optimization tips and new features. You can opt-out at any time.
  7. Legal Compliance — Comply with applicable laws, regulations, and legal processes
  8. Fraud Prevention — Detect, prevent, and address fraud and security issues
  9. Cancellation Feedback — Analyze voluntary feedback provided during subscription cancellation to improve our product and conduct proportionate win-back outreach (see Section 7)

Legal Bases for Processing (GDPR)

Processing ActivityLegal Basis
Account creation, service delivery, billingContract performance — Art. 6(1)(b)
Analytics, usage data, service improvementLegitimate interest — Art. 6(1)(f). We have assessed that our interest in improving service quality does not override your rights, given data is aggregated and not used for profiling.
Transactional emails (account, billing, security)Contract performance — Art. 6(1)(b)
Marketing/promotional emailsConsent — Art. 6(1)(a). You may withdraw consent at any time.
Fraud prevention and securityLegitimate interest — Art. 6(1)(f)
Legal compliance obligationsLegal obligation — Art. 6(1)(c)

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with trusted vendors to operate the Service:

  • Amazon Web Services (AWS) — We access your AWS Cost Explorer API to retrieve cost and usage data (you authorize this via cross-account IAM role)
  • Stripe — Payment processing and billing (payment information is tokenized). See Stripe's Privacy Policy.
  • Postmark — Transactional and marketing email delivery
  • Vercel — Web hosting and deployment
  • Neon/PostgreSQL — Database hosting and storage
  • Sentry — Error tracking and performance monitoring (anonymized error data)

4.2 AWS Data Access

Nubex accesses AWS Cost Explorer API data through a cross-account IAM role that you authorize. We retrieve only cost and usage data. We do not access:

  • Your EC2 instances, databases, or other infrastructure details
  • Your application code or logs
  • Your private data stored in S3 or other AWS services

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or court order, or to protect our rights and safety.

4.4 No Sale of Personal Data

We do not sell or rent your personal information to third parties for marketing purposes.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your dashboard layout and preferences
  • Analyze how you use the Service
  • Detect and prevent fraud

Types of cookies:

  • Essential: Required for service functionality
  • Analytics: Help us understand usage patterns
  • Functional: Remember preferences and settings

Third-party cookies: Analytics providers may set cookies to track aggregate usage.

Managing cookies: Most browsers allow you to control cookies. Disabling cookies may affect Service functionality.

6. Data Retention Schedule

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

Data CategoryRetention Period
Account informationDuration of active subscription + 90 days after cancellation
AWS cost and usage data24 months (for historical trend analysis and forecasting)
Cost recommendations12 months
Payment records7 years (tax/legal compliance)
Support tickets3 years for reference and dispute resolution
Email communications3 years
Usage logs/analytics12 months
Cancelled feedback data24 months from cancellation date (see Section 7)

7. Cancellation Feedback

When you cancel your subscription, we provide an optional form where you may share the reason for your cancellation and any additional feedback. Submitting this information is entirely voluntary — your cancellation is processed regardless of whether you respond.

What we collect: If you choose to respond, we collect your selected cancellation reason and any written feedback you provide at that time.

Why we collect it: We use this information to improve our products and to potentially offer you personalized re-engagement offers, discounts, or product updates based on the reason you shared.

Legal basis (GDPR): Legitimate interest (GDPR Art. 6(1)(f)). Analyzing voluntary cancellation feedback and conducting proportionate win-back outreach is a legitimate commercial interest that does not override your rights, given the data is limited, non-sensitive, and voluntarily provided.

Retention: This data is retained for 24 months from your cancellation date. After 24 months, it is automatically and permanently deleted from our systems.

Your rights: You may request deletion of your cancellation feedback at any time by contacting us at privacy@nubex.app. Deletion requests are honored within 30 days. EU/EEA residents have the right to object to this processing at any time under GDPR Art. 21.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to request a copy of your personal information we hold in a commonly used, machine-readable format.

8.2 Deletion (Right to be Forgotten)

You may request deletion of your personal information, except where we are required to retain it for legal or tax compliance purposes. Deletion requests are honored within 30 days.

8.3 Correction

You can update your account information directly within the Service or by contacting us.

8.4 Opt-Out of Marketing

Unsubscribe from promotional emails by clicking the unsubscribe link in any marketing email or updating your preferences in account settings.

8.5 Right to Object (GDPR)

EU/EEA residents have the right to object to processing of their personal information based on legitimate interest.

8.6 Revoke AWS Access

You can revoke Nubex's access to your AWS account at any time by removing the cross-account IAM role in your AWS console. Upon revocation, we will stop accessing new cost data and will delete your AWS cost data within 30 days.

To exercise any of these rights, contact us at: privacy@nubex.app

9. CCPA Rights (California Residents)

If you are a California resident, you have the following rights:

9.1 Right to Know

You have the right to request what personal information we collect, use, share, and sell about you.

9.2 Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to exceptions for records we are required to maintain for tax purposes.

9.3 Right to Opt-Out

You have the right to direct us not to sell or share your personal information. (Note: Nubex does not sell personal information.)

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

9.5 Authorized Agent

You may designate an authorized agent to submit requests on your behalf.

To submit a CCPA request, contact us at: privacy@nubex.app

We will verify your identity and respond within 45 days.

10. Data Security

We implement industry-standard security measures:

  • SSL/TLS encryption in transit
  • Encrypted storage for sensitive data (IAM credentials, API keys)
  • Regular security audits and penetration testing
  • Role-based access controls for employee access
  • Secure password hashing and multi-factor authentication support
  • Encrypted storage of AWS cross-account role ARNs
  • No storage of AWS access keys or secrets (we use temporary STS tokens)

No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

11. AWS IAM Security Best Practices

We recommend you:

  • Use an AWS IAM role with least privilege permissions — grant only ce:GetCostAndUsageWithResources (Cost Explorer read-only)
  • Review the role periodically in your AWS console
  • Remove the role if you no longer use Nubex
  • Monitor CloudTrail for any API calls from Nubex
  • Use AWS Config or AWS Security Hub to monitor role changes

12. Data Transfers

If you are located outside the United States, your personal data will be transferred to, stored in, and processed in the United States.

EU/EEA Users: Transfers of personal data from the EEA to the United States are made on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Art. 46(2)(c). You may request a copy of the applicable SCCs by contacting privacy@nubex.app.

13. Children's Privacy

Nubex is not intended for children under 13. We do not knowingly collect information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted with an updated “Last Updated” date. Significant changes will be communicated via email. Your continued use of the Service constitutes acceptance of the updated policy.

15. Governing Law

This Privacy Policy is governed by the laws of the State of New York, United States, without regard to its conflict of law provisions. Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of the State of New York.

16. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or our privacy practices, contact:

Leonenko Group LLC

16 Whitetail Lane

Commack, NY 11725, United States

Nubex Privacy Team

Email: privacy@nubex.app

Website: nubex.app

For EU/EEA residents: You have the right to lodge a complaint with your local data protection authority.