Privacy Policy

1. Introduction

This Privacy Policy applies to the ConfigCobra website and early-access cloud compliance platform. By using our services, you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect the following types of information:

2.1. Information you provide
• Name, email address, company details
• Configuration settings related to your Microsoft 365 / Azure / Intune environment (early-access users only) • Support requests or feedback submitted through our forms

2.2. Automatically collected data
• IP address, browser type, device information • Anonymous analytics data (page views, referrers, performance metrics) • Event-level telemetry for improving platform reliability

2.3. Assessment data (early-access program only)
ConfigCobra analyzes cloud configuration settings such as security baselines, policies, and benchmark-relevant metadata.
We do not harvest mailbox contents, files, user messages, or other personal content.

3. How We Use Your Data

We use collected data for:

• Delivering and improving the ConfigCobra platform • Running CIS security and compliance assessments • Providing customer support • Communicating updates or relevant notifications • Enhancing product stability and feature development

4. Legal Basis for Processing

We process personal data based on:

• Your consent (newsletter registration, early-access signup)
• Contractual necessity (providing access to the platform)
• Legitimate interest (improving service reliability and security)
• Legal obligations (security logs, audit requirements)

5. How We Store and Protect Data

All data is stored in secure, EU-compliant infrastructure. ConfigCobra uses encryption in transit and at rest, strict access controls, and security monitoring to protect your information.

Access to early-access tenant data is limited to technical personnel for debugging and service improvement purposes only.

6. Data Sharing and Third Parties

We do not sell or trade personal data. Limited data may be shared with:

• Infrastructure providers (hosting, monitoring, analytics)
• Email communication tools
• Authentication or security partners

All third parties operate under GDPR-compliant agreements.

7. Cookies and Analytics

ConfigCobra uses privacy-friendly analytics solutions to understand how visitors use the website. These tools may use cookies or session-based identifiers. No personally identifiable browsing profiles are created.

8. Data Retention

We retain personal information only as long as necessary to provide the service or meet legal obligations. Users can request deletion at any time (see section 11).

9. Your Rights (GDPR)

You have the right to:

• Access your personal data • Request correction or deletion • Restrict or object to processing • Download/export your data • Withdraw consent at any time

10. International Transfers

If data is transferred outside the EU/EEA, we ensure protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Strong technical and organizational safeguards

11. Contact

For privacy questions or data requests, contact us at:
[email protected]

12. Updates to This Privacy Policy

We may revise this policy periodically. Continued use of ConfigCobra after changes means you accept the updated terms.