Legal

Privacy Policy

Last updated: March 26, 2026

1. Overview

Ontracko ("we", "our", or "us") operates the Ontracko Vendor SLA Credit Recovery Platform at ontracko.app ("Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the Service you agree to the practices described here.

2. Information We Collect

2.1 Account Information

When you sign up we collect your name, email address, and organization name via our authentication provider (Clerk). We do not store passwords directly.

2.2 Vendor Credentials

To monitor your cloud vendors we collect OAuth tokens (Azure, GCP) or AWS IAM Role ARNs. All credentials are encrypted at rest using AES-256 before storage. We use read-only scopes wherever possible and never request write or billing-modification permissions.

2.3 Usage and Monitoring Data

We collect SLA metrics, uptime percentages, and incident data fetched from your connected vendors. This data is used solely to detect SLA breaches and generate credit claim packages.

2.4 Log and Technical Data

We collect standard server logs including IP addresses, browser type, and pages visited. This information is used to operate, maintain, and improve the Service.

3. How We Use Your Information

  • Provide, operate, and improve the Service
  • Detect vendor SLA breaches and generate credit claim evidence
  • Send transactional emails (breach alerts, claim notifications, deadline reminders)
  • Send weekly digest reports (if opted in)
  • Respond to support requests
  • Comply with legal obligations

We do not sell your personal data. We do not use your data for advertising.

4. Data Sharing

We share data only with the following categories of service providers, each bound by confidentiality obligations:

ProviderPurpose
ClerkAuthentication & session management
Neon / PostgreSQLDatabase hosting
UpstashRedis queue & cache
ResendTransactional email delivery
VercelHosting & edge network

We may disclose information if required by law, court order, or to protect the rights and safety of Ontracko, our users, or the public.

5. Data Retention

We retain your account data for as long as your account is active. SLA monitoring data and incident records are retained for 36 months to support claim filing (most vendor SLA credit windows are 30–90 days, but disputes can take longer). You may request deletion of your data at any time by contacting us.

6. Security

We encrypt vendor credentials at rest (AES-256), enforce HTTPS for all data in transit, and limit access to production systems to authorized personnel. OAuth tokens are stored in encrypted fields and never logged. Despite these measures, no system is completely secure and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise any of these rights, email us at privacy@ontracko.app. We will respond within 30 days.

8. Cookies

We use session cookies set by Clerk for authentication and security. We do not use third-party tracking or advertising cookies. You can configure your browser to reject cookies, but this may prevent you from logging in.

9. Children

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We will notify you by email and post the revised policy with an updated date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

Questions about this policy? Email privacy@ontracko.app or write to: Ontracko, Inc., 447 Broadway, 2nd Floor, New York, NY 10013, USA.