Privacy Policy

Effective Date: January 1, 2024
Last Updated: January 1, 2024

At FreeState ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Terraform backend hosting service.

Information We Collect

Personal Information

We may collect personal information that you provide directly to us, including:

  • Account Information: Name, email address, company name, and billing information
  • Contact Information: Information provided when you contact support or sales
  • Profile Information: Optional profile details and preferences

Technical Information

We automatically collect certain technical information when you use our service:

  • Usage Data: API calls, request patterns, and service usage metrics
  • Log Data: IP addresses, user agents, timestamps, and request/response data
  • Device Information: Browser type, operating system, and device identifiers
  • Performance Data: Response times, error rates, and system performance metrics

Terraform State Data

As a Terraform backend service, we store and process your Terraform state files and related metadata. This may include:

  • Infrastructure configuration data
  • Resource identifiers and metadata
  • State file history and versions
  • Lock information and audit logs

How We Use Your Information

We use the collected information for the following purposes:

Service Provision

  • Providing and maintaining our Terraform backend hosting service
  • Processing and storing your Terraform state files securely
  • Managing user accounts and authentication
  • Enabling collaboration features and access controls

Service Improvement

  • Monitoring service performance and reliability
  • Analyzing usage patterns to improve our service
  • Developing new features and functionality
  • Optimizing system performance and security

Communication

  • Sending service-related notifications and updates
  • Providing customer support and technical assistance
  • Sending marketing communications (with your consent)
  • Responding to inquiries and feedback

Legal and Security

  • Protecting against fraud, abuse, and security threats
  • Complying with legal obligations and regulatory requirements
  • Enforcing our terms of service and policies
  • Conducting security audits and investigations

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

Service Providers

We may share information with trusted third-party service providers who assist us in operating our service, such as:

  • Cloud infrastructure providers (for hosting and storage)
  • Payment processors (for billing and payments)
  • Analytics providers (for service improvement)
  • Security providers (for threat detection and prevention)

Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal process or government requests
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users
  • Investigate fraud or security incidents

Business Transfers

In the event of a merger, acquisition, or sale of our business, your information may be transferred as part of the transaction, subject to the same privacy protections.

Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • Encryption: Data encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict access controls and authentication mechanisms
  • Network Security: Firewalls, intrusion detection, and secure network architecture
  • Regular Updates: Regular security updates and vulnerability patching

Operational Safeguards

  • Employee Training: Regular security training for all team members
  • Background Checks: Background verification for employees with data access
  • Incident Response: Comprehensive incident response and breach notification procedures
  • Auditing: Regular security audits and compliance assessments

Compliance

Our security practices are designed to comply with industry standards including:

  • SOC 2 Type II certification
  • ISO 27001 security management standards
  • GDPR privacy requirements
  • Industry-specific compliance frameworks

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for 30 days after closure
  • Terraform State Data: Retained according to your workspace settings and backup policies
  • Usage Logs: Retained for 90 days for operational purposes
  • Audit Logs: Retained for 7 years for compliance and security purposes

You can request deletion of your data at any time, subject to legal and operational requirements.

Your Rights and Choices

You have several rights regarding your personal information:

Access and Portability

  • Request access to your personal information
  • Receive a copy of your data in a portable format
  • Download your Terraform state files and related data

Correction and Updates

  • Update your account information through our dashboard
  • Request correction of inaccurate personal information
  • Modify your communication preferences

Deletion and Restriction

  • Delete your account and associated data
  • Request deletion of specific information
  • Restrict processing of your personal information

Marketing Communications

  • Opt out of marketing emails through unsubscribe links
  • Update your communication preferences in your account settings
  • Contact us to modify your preferences

Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain user sessions and authentication
  • Remember user preferences and settings
  • Analyze website usage and performance
  • Provide personalized experiences

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit functionality of our service.

International Data Transfers

Our service operates globally, and your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Adequacy decisions by relevant data protection authorities
  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules and privacy frameworks

Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing in-service notifications

Your continued use of our service after the effective date of changes constitutes acceptance of the updated policy.

Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@freestate.cloud

Address:
FreeState, Inc.
Privacy Department
San Francisco, CA
United States

For users in the European Union, you also have the right to lodge a complaint with your local data protection authority.