Privacy Policy

AutonomOps AI Inc. ("AutonomOps AI," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at autonomops.ai, use our HealR platform, or engage with our services.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our services. This policy applies to all visitors, users, and customers of AutonomOps AI.

For any questions about this Privacy Policy, please contact us at shafi@autonomops.ai.

We collect several types of information to provide, maintain, and improve our services. The categories of information we collect include:

Account & Profile Information

When you register for an account, we collect your name, email address, company name, job title, and billing information. This information is necessary to create and manage your account, communicate with you, and process payments.

Observability & Service Data

As an AI-powered Site Reliability Engineering platform, HealR processes observability data that you choose to integrate with our services. This may include logs, metrics, traces, event data, topology information, infrastructure metadata, and alerting configurations. This data is processed solely for the purpose of delivering the services you have subscribed to.

Usage & Analytics Data

We automatically collect information about how you interact with our platform, including pages visited, features used, session duration, click patterns, and error reports. We use this data to improve our product, troubleshoot issues, and understand user behavior.

Communications

When you contact our support team, participate in surveys, or communicate with us via email, we collect and store the content of those communications to respond to your inquiries and improve our services.

Cookies & Similar Technologies

We use cookies and similar tracking technologies to operate our website, remember your preferences, understand how you use our services, and deliver relevant content. For more details, see the Cookies section below.

We use the information we collect for the following purposes:

• Service Delivery: To operate, maintain, and provide the features and functionality of the HealR platform, including AI-powered incident detection, root cause analysis, and autonomous remediation recommendations.
• AI/ML Model Improvement: To train and improve our machine learning models for anomaly detection, predictive intelligence, and pattern recognition. See the AI & Automated Decision-Making section for details on how we handle your data in this context.
• Security & Fraud Prevention: To detect, prevent, and respond to security incidents, fraudulent activity, and abuse of our services.
• Billing & Administration: To process payments, manage subscriptions, send invoices, and handle account-related communications.
• Communication: To send you service-related notifications, updates, security alerts, and marketing communications (where permitted by law and where you have consented).
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

HealR uses artificial intelligence and machine learning to analyze observability data, detect anomalies, predict incidents, and recommend remediation actions. We want to be transparent about how this works:

Data Ownership

You retain full ownership of all observability data, logs, metrics, and infrastructure information that you integrate with HealR. We do not claim ownership over your data. Our role is to process your data on your behalf to deliver the services you have subscribed to.

AI Training & Model Improvement

We may use aggregated, de-identified, and anonymized data to improve our AI models. We do not use your raw observability data to train models that benefit other customers without your explicit consent. Any model training involving your data is done in a way that protects your confidentiality and complies with your data processing agreement.

Advisory Nature of AI Outputs

All recommendations, predictions, and analyses generated by HealR's AI systems are advisory in nature. You retain full control and final decision-making authority over any actions taken based on AI-generated insights. We recommend that all critical decisions be reviewed by qualified personnel.

Transparency & Explainability

Where technically feasible, we provide explanations for AI-generated recommendations, including the data sources and reasoning patterns that contributed to a particular insight. This helps you understand and validate the outputs of our AI systems.

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar data protection laws, we process personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

• Contractual Necessity (Article 6(1)(b)): Processing is necessary to perform our contract with you, including providing the HealR platform and related services.
• Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate interests, such as improving our services, ensuring security, and preventing fraud, provided these interests are not overridden by your rights and freedoms.
• Consent (Article 6(1)(a)): Where required by law, we obtain your explicit consent before processing your data for specific purposes, such as marketing communications or AI model training involving identifiable data.
• Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with legal obligations, such as tax and accounting requirements.

We do not sell your personal data or observability data to third parties. We may share information with trusted service providers (subprocessors) who assist us in operating our business and delivering our services. Our current subprocessors include:

• Cloud Infrastructure: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure for hosting and data storage.
• Analytics: Tools such as Google Analytics and Mixpanel for understanding platform usage and improving user experience.
• Payment Processing: Stripe and other secure payment processors for handling billing and subscription management.
• Communications: Email service providers and customer support platforms for managing support tickets and service notifications.
• AI/ML Services: Large language model APIs and machine learning infrastructure providers that power certain AI features within HealR.

All subprocessors are contractually bound to handle your data in accordance with this Privacy Policy and applicable data protection laws. We require them to maintain appropriate security measures and to use your data only for the specific purposes for which we engage them.

We may also disclose information if required by law, such as in response to a subpoena, court order, or other legal process, or to protect our rights, property, or safety, or that of our users or the public.

AutonomOps AI is headquartered in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our subprocessors operate. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to countries that do not provide an adequate level of data protection, we rely on appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers of personal data to third countries.
• Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission recognizing certain countries as providing adequate data protection.
• Data Processing Agreements: Comprehensive agreements with our subprocessors that include GDPR-compliant data protection terms.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

GDPR Rights (EEA/UK Residents)

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data in certain circumstances.
• Right to Restriction: You can request that we restrict the processing of your personal data in certain situations.
• Right to Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.

CCPA/CPRA Rights (California Residents)

• Right to Know: You can request information about the categories and specific pieces of personal data we have collected about you.
• Right to Delete: You can request that we delete your personal data, subject to certain exceptions.
• Right to Opt-Out: You can opt out of the sale or sharing of your personal data.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us at shafi@autonomops.ai. We will respond within the timeframe required by applicable law.

We retain your personal data and observability data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements.

Account Data

We retain your account information for the duration of your subscription and for 90 days after account closure, unless a longer retention period is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

Observability Data

Observability data (logs, metrics, traces, etc.) is retained according to your subscription plan:

• Starter Plan: 7 days
• Professional Plan: 30 days
• Unlimited Plan: 90 days
• Enterprise Plan: Custom retention period as agreed in your contract

After the retention period expires, observability data is securely deleted or anonymized. Backup copies may be retained for an additional period in accordance with our backup policies, after which they are also securely deleted.

We implement industry-standard technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption: AES-256 encryption at rest and TLS 1.3 encryption in transit for all data.
• Access Control: Multi-factor authentication (MFA), role-based access control (RBAC), and the principle of least privilege.
• Infrastructure: Zero-trust network architecture, web application firewalls (WAF), and DDoS protection.
• Monitoring: 24/7 security monitoring, automated threat detection, and regular penetration testing.
• Compliance: We maintain SOC 2 Type II, ISO 27001, GDPR, CCPA, and HIPAA compliance programs. For more details, please visit our Security & Compliance page.

While we strive to protect your data, no security system is impenetrable. We encourage you to use strong passwords, enable MFA, and promptly report any suspected security issues to us.

Our services are not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will take steps to delete that information as soon as possible.

If you believe that a child under 16 may have provided us with personal data, please contact us at shafi@autonomops.ai.

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content. The types of cookies we use include:

• Essential Cookies: Necessary for the operation of our website and services. These cannot be disabled.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will notify you by email or through a prominent notice on our platform at least 30 days before the changes take effect, unless a shorter notice period is required by law.

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes indicates your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving any privacy concerns you may have. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.