Legal
Privacy Policy
Effective Date: April 2, 2026
This Privacy Policy describes how AnyCloud IT LLC (“Company,” “we,” “us,” or “our”), operating as BobSentry, collects, uses, and shares information about you when you use our website at bobsentry.com and our cloud security scanning platform (collectively, the “Service”).
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
Account Information
When you register, we collect your email address and name through our authentication provider, Clerk. If you use a social login (e.g., Google), we receive your name and email from the identity provider. We also store your organization name, country, and the role you hold within your organization.
AWS Configuration Metadata
When you connect an AWS account, BobSentry reads configuration metadata through a read-only IAM role you create in your account. This includes IAM policies and roles, S3 bucket configurations, security group settings, EC2 instance metadata, RDS instance configurations, and CloudTrail logging settings. We do not access application data, customer data, database contents, or any data stored within your AWS resources.
Payment Information
Payments are processed by Stripe. We do not receive or store your credit card number or bank account details. Stripe provides us with a customer identifier, subscription status, and billing email so we can manage your plan.
Usage and Analytics Data
We use Google Analytics 4 to collect anonymized usage data such as pages visited, session duration, and general geographic region. Google Analytics may set cookies on your browser. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Audit Logs
We log security-relevant actions (e.g., scans initiated, settings changed) along with your IP address, user identifier, and timestamp to maintain the integrity and security of the Service.
2. How We Use Your Information
- Provide, operate, and maintain the Service, including scanning your AWS environment and generating security findings and compliance reports.
- Process payments and manage your subscription through Stripe.
- Send transactional emails such as welcome messages, scan reminders, trial notifications, and account alerts through our email provider, Brevo.
- Monitor and analyze usage patterns to improve the Service.
- Detect, prevent, and address technical issues and security incidents.
- Comply with legal obligations.
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
3. Third-Party Services
We use the following third-party services to operate BobSentry:
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, OAuth tokens |
| Stripe | Billing & payments | Email, org ID, payment method (handled by Stripe) |
| Brevo | Transactional email | Email, first name |
| Google Analytics | Usage analytics | Anonymized page views, session data (via cookies) |
| Amazon Web Services | Infrastructure & hosting | All Service data (stored encrypted) |
| Vercel | Frontend hosting | Website traffic (no PII stored) |
Each provider processes data in accordance with their own privacy policy. We encourage you to review their policies independently.
4. Cookies
The Service uses cookies and similar tracking technologies for authentication (Clerk session cookies) and analytics (Google Analytics). These are essential for the Service to function and to help us understand how the Service is used.
You can configure your browser to reject cookies. However, disabling cookies may prevent you from logging in or using certain features of the Service.
5. Data Retention
- Active accounts: Your data is retained for as long as your account is active and your subscription is in good standing.
- Account deletion: When you request account deletion (via the dashboard or by contacting us), we enter a 30-day grace period during which you can restore your account. After 30 days, all data is permanently deleted.
- Inactive accounts: Accounts that remain inactive for 90 days after trial expiration or subscription cancellation are automatically scheduled for deletion. You will receive email notice before deletion occurs.
- Scan results: Security findings, compliance scores, and reports are retained for the duration of your subscription. Deleted scans cannot be recovered.
6. Data Security
We implement industry-standard security measures to protect your data:
- All data in transit is encrypted using TLS (HTTPS).
- Data at rest is encrypted using AWS-managed encryption (AES-256).
- No AWS credentials are stored. We use temporary STS tokens that expire automatically after each scan.
- Access to production systems is restricted and logged.
- We store only the IAM role ARN and external ID needed to initiate read-only scans.
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate personal information.
- Deletion: Request deletion of your account and associated data. You can initiate this from your dashboard settings or by contacting us.
- Data Portability: Request an export of your data in a machine-readable format by contacting us.
To exercise any of these rights, contact us at support@bobsentry.com.
8. California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights:
- Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You may request that we delete personal information we have collected from you.
- Right to Opt-Out of Sale: We do not sell your personal information to third parties.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Categories of personal information collected: identifiers (name, email, IP address), commercial information (subscription plan, billing history), internet activity (pages visited, usage data), and professional information (organization name, role).
9. Children's Privacy
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at support@bobsentry.com.
10. International Data Transfers
BobSentry is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfer and processing.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the Service prior to the change becoming effective. The “Effective Date” at the top of this page indicates when this policy was last revised.
Your continued use of the Service after changes take effect constitutes your acceptance of the revised Privacy Policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us: