Privacy Policy
- AWSPro is designed so monitored workload telemetry, DNS and flow logs, metrics, dashboards, alarms, AI prompts, and AI responses remain in the AWS account and Region you control.
- AWSPro Builder runs in your browser. Configuration values you enter or import are processed locally and are not sent to Codreum merely because you use the Builder; saved drafts remain in your browser storage.
- For AWSPro Premium, a license-status function in your AWS account periodically sends only entitlement metadata needed for license validation, such as AWS account ID, license ID and type, licensed VPC or hosted-zone IDs, and entitled features. Basic Lite does not make this validation call.
- Codreum processes limited account, authentication, order, subscription, license, portal, support, and security information needed to provide the Services.
- We do not ask for or store your AWS secret access keys, and we do not store complete payment-card numbers.
- We collect only the information reasonably needed to operate, secure, license, bill, and support the Services.
- We do not sell personal information or use it for cross-context behavioral advertising.
- Website purchases are generally processed by the merchant of record identified at checkout.
- You may contact us to request access, correction, deletion, or other rights available under applicable law.
1. Scope and our role
This Policy applies to personal information processed through Codreum websites, the customer portal, product and license administration, contact forms, support cases, documentation, AWSPro Builder, and related communications. It does not govern third-party services that have their own privacy notices.
Codreum is generally the data controller for account, portal, licensing, support, and business-contact information that we determine how and why to process. Where we process personal information contained in Customer Materials solely on a business customer’s documented instructions, our role may be that of a data processor or service provider, as applicable.
2. Information we collect
Depending on how you interact with us, we may collect the following categories:
| Category | Examples | Primary purposes |
|---|---|---|
| Account and business-contact information | Name, email address, organization, job role, contact details, and communication preferences | Create and administer accounts, communicate with you, and provide customer service |
| Authentication and security information | Authentication identifiers, access and session records, IP address, browser or device information, timestamps, and security events | Authenticate users, protect accounts, prevent abuse, and investigate incidents |
| Order, subscription, and license information | Product, plan, billing period, quantity, order and subscription identifiers, renewal status, license ID, validity dates, AWS account identifier, and region | Complete orders, issue and administer licenses, manage renewals and add-ons, and provide purchased entitlements |
| License-validation and portal configuration metadata | AWS account ID, license ID and type, licensed VPC or hosted-zone IDs, entitled features, validation status, usage counts, and product selections submitted through the customer portal | Validate licensed scope, maintain entitlement status, administer the Service, and troubleshoot licensing issues |
| Portal and website activity | Pages or features used, API requests, error details, performance and diagnostic events, and preferences stored in the browser | Operate, secure, maintain, and improve the website and portal |
| Support and other communications | Support cases, descriptions, severity, attachments, contact-form submissions, feedback, and related correspondence | Respond to requests, investigate issues, provide support, and maintain service records |
| Transaction information | Customer, invoice, receipt, tax, payment-status, refund, and chargeback metadata supplied by the merchant of record or billing provider | Reconcile purchases, administer subscriptions, prevent fraud, and meet accounting or legal obligations |
AWSPro Builder has no application backend, database, or configuration-upload API. Inputs, imported configuration, generated files, and saved drafts remain in your browser unless you separately choose to submit them to Codreum, for example in a support case or other communication.
- complete payment-card numbers, which are handled by the applicable billing provider;
- AWS secret access keys or passwords; or
- production workload telemetry or AWS-native monitoring logs that AWSPro is designed to keep inside your AWS account.
Please do not include passwords, private keys, payment-card data, health information, government identifiers, or other unnecessary sensitive information in support cases, contact forms, or free-text fields.
3. Sources of information
We obtain information:
- directly from you, when you create an account, configure or purchase a product through the portal, contact us, open a case, or voluntarily submit Builder output or other materials to us;
- automatically from your use of the Services, such as authentication, browser, API, diagnostic, and security records; and
- from service providers, such as authentication providers, the merchant of record, email-delivery providers, and infrastructure providers.
4. How we use information
We may use personal information to:
- provide, operate, configure, license, and support the Services;
- authenticate users and manage permissions, sessions, account preferences, and customer records;
- process and reconcile orders, subscriptions, renewals, cancellations, add-ons, refunds, and invoices;
- issue and validate product entitlements using limited license metadata; AWSPro Builder output itself is generated locally in your browser;
- communicate about transactions, support cases, maintenance, security, product changes, and service announcements;
- detect, prevent, and investigate fraud, misuse, technical failures, and security incidents;
- measure performance, troubleshoot, and improve reliability, usability, and product design;
- comply with law, enforce agreements, establish or defend legal claims, and respond to lawful requests; and
- send marketing communications where permitted and consistent with your preferences.
5. Legal grounds and consent
We process personal information as permitted by applicable law, including where processing is necessary to perform a contract or take steps at your request, comply with legal obligations, protect legitimate interests such as security and service improvement, or where you have provided consent. Where we rely on consent, you may withdraw it at any time, without affecting processing already carried out.
If you provide personal information about another person, you are responsible for ensuring that you are authorized to do so and that the person has received any notice required by law.
6. How we disclose information
We may disclose personal information to:
- infrastructure and technology providers that host, secure, authenticate, monitor, or support the Services;
- the merchant of record and billing providers for checkout, tax, invoicing, payment, refund, fraud, and subscription administration;
- communications and support providers that deliver transactional email or assist with customer service;
- professional advisers, including auditors, insurers, lawyers, and accountants, where reasonably necessary;
- authorities or other parties where required by law or reasonably necessary to protect rights, safety, security, or the integrity of the Services; and
- a successor or transaction participant in connection with a merger, financing, reorganization, or sale of all or part of the business, subject to appropriate confidentiality safeguards.
Service providers may process information only for the services they provide to us and subject to contractual or legal obligations. We do not sell personal information and do not share it for cross-context behavioral advertising.
7. Cookies and browser storage
The Services use cookies and browser storage that are necessary for authentication, account security, session management, preferences, checkout continuity, locally saved AWSPro Builder drafts, and features such as dismissing a banner. Authentication tokens are generally kept in session storage and expire or are cleared in accordance with session controls.
We do not currently use third-party advertising cookies. If we introduce non-essential analytics or marketing technologies, we will update this Policy and request consent where required. You may also control browser storage through your browser settings, although blocking necessary storage may prevent the portal from working correctly.
8. Data retention
We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, including providing the Services, maintaining license and transaction records, meeting legal and accounting obligations, resolving disputes, enforcing agreements, and protecting security.
- Account, subscription, and license records: while the account, subscription, or license is active and for a reasonable period afterward for support, audit, dispute, and legal purposes.
- Security and diagnostic logs: generally up to 90 days, unless a longer period is reasonably needed for investigation, fraud prevention, or legal compliance.
- Support cases and communications: generally up to 24 months after closure or last interaction, and longer where connected to an active contract, dispute, or legal obligation.
- Financial and transaction records: for the period required by applicable tax, accounting, and commercial laws.
When information is no longer required, we delete it, anonymize it, or securely isolate it until deletion is practical, subject to backup cycles and legal holds.
9. Security and data incidents
We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, authentication, encryption where appropriate, logging, environment separation, and least-privilege practices. No transmission or storage system is completely secure.
If a personal-data incident occurs, we will investigate and take reasonable containment and remediation steps. We will notify affected individuals or authorities where required by applicable law.
10. International transfers
Codreum and its service providers may process information in countries other than the country where you are located. Where required, we use contractual, organizational, or other legally recognized safeguards for cross-border transfers.
11. Your choices and rights
Depending on applicable law, you may have rights to request access to personal information, correct inaccurate or incomplete information, withdraw consent, object to or restrict certain processing, request deletion, obtain a portable copy, or complain to a data-protection authority. Some rights are subject to legal exceptions, verification, and retention obligations.
How to exercise your rights
- Update available account details through the customer portal.
- Email support@codreum.com with the subject “Privacy Request.”
- Use the unsubscribe link in marketing email, where available.
We may request information reasonably necessary to verify identity and authority. We will respond within the period required by applicable law and will not discriminate against you for exercising privacy rights.
12. Children’s privacy
The Services are intended for business and professional users and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us so we can investigate and take appropriate action.
13. Changes to this Policy
We may update this Policy to reflect changes in the Services, law, or our practices. We will post the revised version and update the “Last updated” date. For material changes, we may provide additional notice by email or through the Services.
14. Contact
Questions, complaints, and privacy requests may be sent to:
CODREUM LABS SDN. BHD.
Company Registration No.: 202601000892
Jalan Seri Taming 2A
43200 Cheras
Selangor, Malaysia
Email: support@codreum.com
Privacy request subject: Privacy Request