Privacy Policy

1. Information We Collect

We collect only the information necessary to operate and protect our services.

1a. Information you provide

Email address (if provided) — Used to enforce usage limits and prevent abuse. By entering your email and clicking the "Get Full Report" button, you consent to the use of your email to send you your requested analysis and occasional AWS security insights from Osias. You may unsubscribe at any time by emailing hello@osias.io.

1b. Information collected automatically

IP address (temporary use only) — Used solely for abuse prevention and rate limiting. IP addresses are not used for tracking, profiling, or analytics. They expire after 24 hours and are scheduled for deletion shortly thereafter.

Usage data — Includes interactions with our tools such as number of analyses performed. Used for enforcing limits and improving performance.

1c. Content you submit for analysis

IAM policy content — When you submit an IAM policy for analysis, that content is transmitted to Anthropic's API for processing. Osias does not store, log, or retain submitted IAM policy content. Policy content is used solely to generate the analysis result and is not retained after the response is returned.

2. How We Use Information

We use collected information strictly to:

• Operate and provide our tools
• Enforce usage limits and prevent abuse
• Protect the security and integrity of our services
• Improve performance and reliability
• Send occasional AWS security insights to users who have consented at the time of email submission

We do not use your data for advertising, profiling, or tracking.

2A. Legal Basis for Processing

We process personal data under the following legal bases:

• Legitimate interest — to operate the service, prevent abuse, and ensure security
• Consent — for sending AWS security insights via email where you have provided your email and requested a report

3. Data Retention

We retain data only as long as necessary:

• Email address (outreach): retained until you unsubscribe or request deletion
• Email-derived identifiers (rate limiting): expire after 24 hours and are scheduled for deletion shortly thereafter
• IP addresses: expire after 24 hours and are scheduled for deletion shortly thereafter
• Usage data: expire after 24 hours and are scheduled for deletion shortly thereafter
• IAM policy content: not retained

4. Data Sharing

We do not sell or share your personal data.

We use trusted service providers to operate our services:

• Amazon Web Services — hosting and infrastructure
• Anthropic — AI processing for analysis results. IAM policy content is transmitted solely to generate analysis results and is not retained by Osias. Processing by Anthropic is subject to their privacy policy.
• Cloudflare — DNS validation used to verify email domains at the time of submission. Only the email domain name is transmitted, no personal data beyond the domain.

These providers process data only as necessary to deliver the service.

5. Cookies and Local Storage

We do not use cookies for advertising or tracking.

This tool uses browser localStorage solely to enforce the 60-second cooldown between analyses and to store your email address client-side for user convenience. This data is not transmitted to third parties and remains on your device until cleared by you.

6. Security

We implement reasonable technical and organizational measures to protect your data. We minimize data collection and limit retention to reduce risk.

7. Your Rights

You may request deletion of your data by contacting us at hello@osias.io. We will respond within 30 days.

To unsubscribe from Osias security insights emails, reply to any email with "unsubscribe" in the subject line or email hello@osias.io directly. We will process unsubscribe requests within 5 business days.

8. International Users

Our services are operated in the United States. By using our services, you understand that your information may be processed in the U.S.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.

10. Contact

If you have any questions about this Privacy Policy, contact us at hello@osias.io.