Privacy Policy

How we collect, use, and protect your information

Last Updated: June 1, 2025

Important Note: OpenFinOps is an open-source software project. When you download and self-host OpenFinOps, you control all data collection and usage. This privacy policy applies primarily to our website (openfinops.org) and any managed services we may offer.

1. Information We Collect

1.1 Website Information

When you visit openfinops.org, we collect:

  • Analytics Data: Via Google Analytics, including page views, session duration, geographic location (country/city level), browser type, and device information
  • Contact Information: If you email us at finops@infinidatum.net, we collect your email address and message content
  • GitHub Data: If you interact with our GitHub repository, GitHub's privacy policy applies

1.2 Self-Hosted Deployment

When you deploy OpenFinOps on your own infrastructure:

  • No Data Sent to Us: OpenFinOps does not send any telemetry, usage data, or personal information back to Infinidatum or the OpenFinOps project
  • Your Control: All cost data, cloud credentials, and infrastructure metrics remain within your environment
  • Third-Party Integrations: If you configure LLM providers (OpenAI, Anthropic, etc.), their respective privacy policies apply

1.3 Managed Services (If Applicable)

If you use managed/hosted OpenFinOps services offered by Infinidatum:

  • Account Information: Name, email address, company name, billing information
  • Usage Data: Cloud cost metrics, infrastructure metadata (instance IDs, resource tags)
  • Technical Data: API access logs, feature usage patterns, error reports

2. How We Use Your Information

We use collected information for:

  • Website Improvement: Analytics to understand how visitors use our documentation and website
  • Communication: Responding to support inquiries and technical questions
  • Service Delivery: (Managed services only) Providing cost monitoring, optimization recommendations, and platform features
  • Security: Detecting and preventing fraud, abuse, and security incidents
  • Legal Compliance: Meeting regulatory obligations and responding to lawful requests

3. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Service Providers: Google Analytics (website analytics), email providers for communication
  • Cloud Providers: If using managed services, data is stored on AWS/GCP/Azure infrastructure
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

4. Data Security

We implement appropriate technical and organizational measures:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Employee training on data protection practices

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Website Analytics: Retained for 26 months (Google Analytics default)
  • Support Emails: Retained for 2 years or as needed for ongoing support
  • Managed Services: Account data retained for the duration of service plus 90 days; cost data retention as specified in service agreement

6. Your Rights

Depending on your location, you may have rights to:

  • Access: Request a copy of personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Object: Object to certain processing activities

To exercise these rights, contact us at finops@infinidatum.net.

7. Cookies and Tracking

7.1 GDPR Cookie Consent

In compliance with GDPR and ePrivacy Directive, we obtain your explicit consent before placing non-essential cookies on your device. Upon visiting our website, you will see a cookie consent banner with the following options:

  • Accept All: Allows all cookies including analytics
  • Decline: Blocks non-essential cookies; only strictly necessary cookies are used

Your choice is stored for 365 days. You can change your preference anytime using the "Cookie Settings" link at the bottom left of any page.

7.2 Types of Cookies We Use

Essential Cookies (Always Active):

  • Cookie Consent Cookie (openfinops_cookie_consent): Stores your cookie preference (365 days)
  • Session Cookies: For basic website functionality

Analytics Cookies (Requires Consent):

  • Google Analytics (_ga, _gid, _gat): Track website usage, page views, and user behavior
    • _ga: 2 years (user identification)
    • _gid: 24 hours (session tracking)
    • _gat: 1 minute (request throttling)
  • IP Anonymization: We enable IP anonymization in Google Analytics to protect your privacy

7.3 How to Manage Cookies

You can control cookies through:

  • Our Cookie Banner: Accept or decline on your first visit
  • Cookie Settings: Click the "Cookie Settings" link (bottom left) to change preferences
  • Browser Settings: Disable cookies entirely in your browser (may affect functionality)
  • Opt-Out Tools: Use Google Analytics Opt-out Browser Add-on

7.4 Google Analytics Consent Mode

We use Google Analytics Consent Mode v2, which:

  • Defaults to denying analytics storage until you consent
  • Only loads tracking when you click "Accept All"
  • Respects your privacy choices across our entire website
  • Complies with GDPR, ePrivacy Directive, and CCPA requirements

8. Third-Party Links

Our website contains links to third-party sites (GitHub, PyPI, cloud provider documentation). We are not responsible for the privacy practices of these external sites. Please review their privacy policies.

9. Children's Privacy

OpenFinOps is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13.

10. International Data Transfers

Infinidatum LLC is based in the United States. If you are accessing our services from outside the US, your information may be transferred to and processed in the US. We implement appropriate safeguards for international data transfers.

11. California Privacy Rights

California residents have additional rights under CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell information)
  • Right to deletion
  • Right to non-discrimination for exercising privacy rights

12. GDPR Compliance (EEA Residents)

For users in the European Economic Area:

  • Legal basis for processing: Consent, contract performance, legitimate interests, legal obligations
  • Data Controller: Infinidatum LLC
  • Right to lodge a complaint with your local data protection authority

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for managed service customers)

14. Contact Us

For questions about this privacy policy or our data practices:

Open Source Commitment: As an open-source project, transparency is core to our values. The OpenFinOps software is licensed under Apache 2.0, giving you full control over your data when self-hosting. Review our source code at github.com/rdmurugan/openfinops.

This privacy policy is effective as of June 1, 2025