Plain-language privacy policy.
We keep the legal text minimal and only commit to what's actually true. Last updated 2026-05-12.
Scope
This policy covers the heapoverflow.dev marketing site, the InfraTwin application, and the data we process to deliver it. If you are an InfraTwin customer, your data processing agreement and order form govern in case of conflict.
What we collect
On this site: page views, referring URL, and approximate region — only via privacy-respecting analytics. In InfraTwin: only what your administrators connect. We never request credentials capable of mutating your cloud, and our connectors are scoped to read-only IAM.
How we use it
To deliver the product, respond to inquiries, and improve the platform. We do not sell or share your personal information. We do not enrich marketing profiles. We do not use customer environment data to train any model.
Where it lives
Customer environment data is stored in the region selected by your administrator (US or EU by default). Enterprise customers may run InfraTwin in single-tenant private regions. We never copy data across regions without explicit authorization.
Retention
Simulation history is retained for 90 days by default and configurable to between 7 days and 7 years. Audit logs follow the configured retention window. Marketing-site analytics are aggregated after 30 days.
Your rights
You can request access, correction, deletion, or portability of your personal information at any time. Contact privacy@heapoverflow.dev — we respond within 30 days. We honor GDPR, CCPA, and Brazil's LGPD.
Sub-processors
A current list of sub-processors is available in our Trust Center. We notify customers 30 days before adding or changing a sub-processor.
Updates
We will notify you of material changes at least 30 days before they take effect. The current version is dated below.