Skip to main content
Five Steps for Cloud Compliance Readiness·A practical playbook for security teamsDownload

Privacy Policy

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how ConfigCobra collects, stores, and processes information when you access our website or participate in our early-access program.

1. Introduction #

This Privacy Policy applies to the ConfigCobra website and early-access cloud compliance platform. By using our services, you acknowledge that you have read and understood this policy.

2. Data We Collect #

2.1. Information you provide

  • Name, email address, company details
  • Configuration settings related to your Microsoft 365 environment (early-access users only)
  • Support requests or feedback submitted through our forms

2.2. Automatically collected data

  • IP address, browser type, device information
  • Anonymous analytics data (page views, referrers, performance metrics)
  • Event-level telemetry for improving platform reliability

2.3. Assessment data (early-access program only)

ConfigCobra analyzes cloud configuration settings such as security baselines, policies, and benchmark-relevant metadata. We do not harvest mailbox contents, files, user messages, or other personal content.

3. How We Use Your Data #

We use collected data for:

  • Delivering and improving the ConfigCobra platform
  • Running CIS security and compliance assessments
  • Providing customer support
  • Communicating updates or relevant notifications
  • Enhancing product stability and feature development

We process personal data based on:

  • Your consent (newsletter registration, early-access signup)
  • Contractual necessity (providing access to the platform)
  • Legitimate interest (improving service reliability and security)
  • Legal obligations (security logs, audit requirements)

5. How We Store and Protect Data #

All data is stored in secure, EU-compliant infrastructure. ConfigCobra uses encryption in transit and at rest, strict access controls, and security monitoring to protect your information.

Access to early-access tenant data is limited to technical personnel for debugging and service improvement purposes only.

6. Data Sharing and Third Parties #

We do not sell or trade personal data. Limited data may be shared with:

  • Infrastructure providers (hosting, monitoring, analytics)
  • Email communication tools
  • Authentication or security partners

All third parties operate under data processing agreements aligned with applicable privacy law.

7. Cookies and Analytics #

ConfigCobra uses privacy-friendly analytics solutions to understand how visitors use the website. These tools may use cookies or session-based identifiers. No personally identifiable browsing profiles are created. See our Cookie Policy for details.

8. Data Retention #

We retain personal information only as long as necessary to provide the service or meet legal obligations. Users can request deletion at any time (see section 11).

9. Your Rights #

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Download / export your data
  • Withdraw consent at any time

10. International Transfers #

If data is transferred outside the EU/EEA, we ensure protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Strong technical and organizational safeguards

11. Contact #

For privacy questions or data requests, contact us at info@configcobra.com or via our contact form.

12. Updates to This Privacy Policy #

We may revise this policy periodically. Continued use of ConfigCobra after changes means you accept the updated terms.

Free trial