Privacy Policy
Effective date: January 1, 2025 · KubeWatch, Inc.
KubeWatch, Inc. (“KubeWatch,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, share, and protect information about you when you access or use the KubeWatch container observability platform (the “Service”). It also describes the rights you have over your data and how to exercise them.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, KubeWatch acts as a data controller for account and billing information and as a data processor for infrastructure telemetry submitted to the Service on your behalf. This policy reflects our obligations under the EU General Data Protection Regulation (GDPR) and the UK GDPR.
1. What We Collect
Account and billing information
When you register for an account, we collect your name, work email address, company name, and password (stored as a salted hash). If you subscribe to a paid plan, our payment processor (Stripe) collects your payment card details directly; we receive only a tokenized card reference, the last four digits, card brand, and billing address.
Usage data
We automatically collect information about how you interact with the Service, including pages visited, features used, dashboard configurations saved, alert rules created, API requests made (endpoint, status code, response time), and error events. This data is linked to your account and used to improve the product and provide support.
Infrastructure metrics and telemetry
KubeWatch Agents installed inside your infrastructure collect and transmit container metrics (CPU, memory, network I/O, disk usage), Kubernetes events (pod scheduling, restarts, node conditions), container logs, and service topology maps. This data is processed entirely on your behalf and is not used for any purpose beyond operating and improving the Service for your account.
Cookies and similar technologies
We use the following categories of cookies and local storage on our website and dashboard:
- Strictly necessary cookies, session tokens and CSRF tokens required to authenticate your login and secure your account. These cannot be disabled.
- Preference cookies, store your UI preferences such as theme, default cluster, and dashboard layout. Expire after 12 months.
- Analytics cookies, set by PostHog (our product analytics provider) to help us understand feature adoption and user flows. These can be disabled via our cookie consent banner or by opting out at app.kubewatchlabs.com/settings/privacy.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service. Processing telemetry, rendering dashboards, evaluating alert rules, and delivering notifications are core functions that require us to store and compute over your Data.
- Account management. Creating and managing your account, authenticating logins, processing payments, and issuing invoices.
- Product improvement. Aggregated and anonymized usage data helps us prioritize features, identify performance bottlenecks, and improve reliability. We do not use identifiable infrastructure telemetry for this purpose.
- Transactional communications. We send email notifications about your account, such as password resets, invoice receipts, Subscription renewal reminders, planned maintenance notices, and security alerts. These emails are required for the Service and cannot be fully unsubscribed from while your account is active.
- Marketing communications. With your explicit opt-in consent, we may send product update emails and newsletters. You can withdraw consent at any time via the unsubscribe link in any marketing email or at app.kubewatchlabs.com/settings/notifications.
- Security and fraud prevention. We analyze log data and account activity to detect and respond to unauthorized access, abuse, or violations of our Terms of Service.
- Legal compliance. We may process or retain data as required by applicable law, court order, or lawful government request.
3. Data Retention
We retain different categories of data for different periods based on business necessity and legal requirements:
- Account data (name, email, billing records) is retained for the lifetime of your account plus 90 days to facilitate recovery from accidental cancellations, after which it is permanently deleted. Invoices and payment records may be retained for up to 7 years to comply with tax and accounting regulations.
- Termination deletion. When your Subscription is terminated or expires, all account data (excluding financial records subject to legal hold) is scheduled for permanent deletion within 30 days. During this window you may request a data export.
- Infrastructure metrics and logsare retained according to your plan's retention policy: 7 days on the Free tier, 30 days on Starter, 90 days on Pro, and up to 365 days on Enterprise. You may configure a shorter custom retention window in the dashboard at any time.
- Support communications are retained for 3 years to maintain a history of issue resolution.
4. Third-Party Sharing
We do not sell, rent, or barter your personal data or infrastructure telemetry to any third party for advertising or commercial purposes. We share data only in the following limited circumstances:
- Infrastructure providers (AWS). The Service is hosted on Amazon Web Services. Data stored in our systems resides in AWS data centers in the us-east-1 and eu-west-1 regions. AWS acts as a data processor under a signed Data Processing Addendum. Data is never transferred to other AWS regions without your explicit configuration.
- Payment processing (Stripe).All payment card transactions are handled directly by Stripe, Inc. KubeWatch does not store full card numbers or CVVs. Stripe's privacy policy is available at stripe.com/privacy.
- Product analytics (PostHog). We use PostHog to understand how users interact with our dashboard. PostHog receives anonymized usage events and does not receive infrastructure telemetry, container logs, or personally identifiable user data beyond a pseudonymous user ID. You may opt out of PostHog tracking in your account privacy settings.
- Legal requirements. We may disclose your information if required to do so by law, subpoena, court order, or other governmental authority, or when we believe in good faith that such disclosure is necessary to protect our rights or the safety of users.
5. Your Rights
Depending on where you reside, you may have the following rights with respect to your personal data. Customers in the EEA, UK, and Switzerland have these rights under the GDPR and UK GDPR. Customers in California have analogous rights under the CCPA/CPRA.
- Right of access. You may request a copy of the personal data we hold about you, including account information and a log of API activity.
- Right to rectification. You may request that we correct inaccurate or incomplete personal data we hold about you. Many fields can be updated directly in your account settings.
- Right to erasure (“right to be forgotten”). You may request deletion of your personal data. We will fulfill this request within 30 days except where retention is required by law (e.g., financial records) or is necessary to resolve a dispute.
- Right to data portability. You may request an export of your account data and infrastructure metrics in a machine-readable format (JSON or CSV) at any time from the dashboard or by contacting us.
- Right to restriction of processing. You may ask us to restrict processing of your personal data in certain circumstances, such as while a dispute about accuracy is being resolved.
- Right to object. You may object to processing of your personal data for direct marketing at any time. You may also object to processing based on our legitimate interests, and we will stop unless we have compelling grounds that override your interests.
- Right to withdraw consent. Where processing is based on your consent (e.g., marketing emails, analytics cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of the above rights, please contact us at support@kubewatchlabs.com. We will respond within 30 days and may ask you to verify your identity before processing the request. If you believe we have not handled your request appropriately, you have the right to lodge a complaint with your local data protection authority.
6. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please reach out to our Privacy team:
KubeWatch, Inc., Privacy Team
Email: support@kubewatchlabs.com
Mail: 651 N. Broad Street, Suite 201, Middletown, Delaware 19709, USA
For EEA residents: our EU representative can be contacted at support@kubewatchlabs.com.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by displaying a prominent notice on the Service before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.