Login

Privacy Policy

Effective date: 12 July 2026  ·  Last updated: 12 July 2026

This Privacy Policy explains how CODREUM LABS SDN. BHD. (Company Registration No. 202601000892) (“Codreum”, “we”, “us”, or “our”), the operator of codreum.com and the Codreum customer portal, collects, uses, discloses, retains, and protects personal information when you use our websites, AWSPro products, AWSPro Builder, licensing, subscriptions, support services, and related services (collectively, the “Services”).
AWS and AWSPro data boundary
  • AWSPro is designed so monitored workload telemetry, DNS and flow logs, metrics, dashboards, alarms, AI prompts, and AI responses remain in the AWS account and Region you control.
  • AWSPro Builder runs in your browser. Configuration values you enter or import are processed locally and are not sent to Codreum merely because you use the Builder; saved drafts remain in your browser storage.
  • For AWSPro Premium, a license-status function in your AWS account periodically sends only entitlement metadata needed for license validation, such as AWS account ID, license ID and type, licensed VPC or hosted-zone IDs, and entitled features. Basic Lite does not make this validation call.
  • Codreum processes limited account, authentication, order, subscription, license, portal, support, and security information needed to provide the Services.
  • We do not ask for or store your AWS secret access keys, and we do not store complete payment-card numbers.
Quick view
  • We collect only the information reasonably needed to operate, secure, license, bill, and support the Services.
  • We do not sell personal information or use it for cross-context behavioral advertising.
  • Website purchases are generally processed by the merchant of record identified at checkout.
  • You may contact us to request access, correction, deletion, or other rights available under applicable law.

1. Scope and our role

This Policy applies to personal information processed through Codreum websites, the customer portal, product and license administration, contact forms, support cases, documentation, AWSPro Builder, and related communications. It does not govern third-party services that have their own privacy notices.

Codreum is generally the data controller for account, portal, licensing, support, and business-contact information that we determine how and why to process. Where we process personal information contained in Customer Materials solely on a business customer’s documented instructions, our role may be that of a data processor or service provider, as applicable.

2. Information we collect

Depending on how you interact with us, we may collect the following categories:

Category Examples Primary purposes
Account and business-contact information Name, email address, organization, job role, contact details, and communication preferences Create and administer accounts, communicate with you, and provide customer service
Authentication and security information Authentication identifiers, access and session records, IP address, browser or device information, timestamps, and security events Authenticate users, protect accounts, prevent abuse, and investigate incidents
Order, subscription, and license information Product, plan, billing period, quantity, order and subscription identifiers, renewal status, license ID, validity dates, AWS account identifier, and region Complete orders, issue and administer licenses, manage renewals and add-ons, and provide purchased entitlements
License-validation and portal configuration metadata AWS account ID, license ID and type, licensed VPC or hosted-zone IDs, entitled features, validation status, usage counts, and product selections submitted through the customer portal Validate licensed scope, maintain entitlement status, administer the Service, and troubleshoot licensing issues
Portal and website activity Pages or features used, API requests, error details, performance and diagnostic events, and preferences stored in the browser Operate, secure, maintain, and improve the website and portal
Support and other communications Support cases, descriptions, severity, attachments, contact-form submissions, feedback, and related correspondence Respond to requests, investigate issues, provide support, and maintain service records
Transaction information Customer, invoice, receipt, tax, payment-status, refund, and chargeback metadata supplied by the merchant of record or billing provider Reconcile purchases, administer subscriptions, prevent fraud, and meet accounting or legal obligations
AWSPro Builder data stays local

AWSPro Builder has no application backend, database, or configuration-upload API. Inputs, imported configuration, generated files, and saved drafts remain in your browser unless you separately choose to submit them to Codreum, for example in a support case or other communication.

Information we do not seek to collect
  • complete payment-card numbers, which are handled by the applicable billing provider;
  • AWS secret access keys or passwords; or
  • production workload telemetry or AWS-native monitoring logs that AWSPro is designed to keep inside your AWS account.

Please do not include passwords, private keys, payment-card data, health information, government identifiers, or other unnecessary sensitive information in support cases, contact forms, or free-text fields.

3. Sources of information

We obtain information:

4. How we use information

We may use personal information to:

We process personal information as permitted by applicable law, including where processing is necessary to perform a contract or take steps at your request, comply with legal obligations, protect legitimate interests such as security and service improvement, or where you have provided consent. Where we rely on consent, you may withdraw it at any time, without affecting processing already carried out.

If you provide personal information about another person, you are responsible for ensuring that you are authorized to do so and that the person has received any notice required by law.

6. How we disclose information

We may disclose personal information to:

Service providers may process information only for the services they provide to us and subject to contractual or legal obligations. We do not sell personal information and do not share it for cross-context behavioral advertising.

7. Cookies and browser storage

The Services use cookies and browser storage that are necessary for authentication, account security, session management, preferences, checkout continuity, locally saved AWSPro Builder drafts, and features such as dismissing a banner. Authentication tokens are generally kept in session storage and expire or are cleared in accordance with session controls.

We do not currently use third-party advertising cookies. If we introduce non-essential analytics or marketing technologies, we will update this Policy and request consent where required. You may also control browser storage through your browser settings, although blocking necessary storage may prevent the portal from working correctly.

8. Data retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, including providing the Services, maintaining license and transaction records, meeting legal and accounting obligations, resolving disputes, enforcing agreements, and protecting security.

General retention approach
  • Account, subscription, and license records: while the account, subscription, or license is active and for a reasonable period afterward for support, audit, dispute, and legal purposes.
  • Security and diagnostic logs: generally up to 90 days, unless a longer period is reasonably needed for investigation, fraud prevention, or legal compliance.
  • Support cases and communications: generally up to 24 months after closure or last interaction, and longer where connected to an active contract, dispute, or legal obligation.
  • Financial and transaction records: for the period required by applicable tax, accounting, and commercial laws.

When information is no longer required, we delete it, anonymize it, or securely isolate it until deletion is practical, subject to backup cycles and legal holds.

9. Security and data incidents

We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, authentication, encryption where appropriate, logging, environment separation, and least-privilege practices. No transmission or storage system is completely secure.

If a personal-data incident occurs, we will investigate and take reasonable containment and remediation steps. We will notify affected individuals or authorities where required by applicable law.

10. International transfers

Codreum and its service providers may process information in countries other than the country where you are located. Where required, we use contractual, organizational, or other legally recognized safeguards for cross-border transfers.

11. Your choices and rights

Depending on applicable law, you may have rights to request access to personal information, correct inaccurate or incomplete information, withdraw consent, object to or restrict certain processing, request deletion, obtain a portable copy, or complain to a data-protection authority. Some rights are subject to legal exceptions, verification, and retention obligations.

How to exercise your rights

We may request information reasonably necessary to verify identity and authority. We will respond within the period required by applicable law and will not discriminate against you for exercising privacy rights.

12. Children’s privacy

The Services are intended for business and professional users and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us so we can investigate and take appropriate action.

13. Changes to this Policy

We may update this Policy to reflect changes in the Services, law, or our practices. We will post the revised version and update the “Last updated” date. For material changes, we may provide additional notice by email or through the Services.

14. Contact

Questions, complaints, and privacy requests may be sent to:

CODREUM LABS SDN. BHD.
Company Registration No.: 202601000892
Jalan Seri Taming 2A
43200 Cheras
Selangor, Malaysia
Email: support@codreum.com
Privacy request subject: Privacy Request