Legal

Privacy Policy

Effective date: May 20, 2026  ·  Redline Analytics LLC

This Privacy Policy explains how Redline Analytics LLC ("we," "us," or "our"), operating PlutoVault and CID DCIM, collects, uses, stores, and shares information when you use our services. We are committed to protecting your privacy and handling your data transparently.

1. Who We Are

Redline Analytics LLC is the data controller for personal data collected through PlutoVault and CID DCIM. Our services are hosted at www.plutovault.cloud and app.plutovault.cloud.

For privacy enquiries, contact us at: privacy@plutovault.cloud

2. Information We Collect

2.1 Account and identity information

  • Name, email address, and organisational details provided during sign-up.
  • Authentication credentials managed via Auth0 (we do not store raw passwords).
  • OAuth identity tokens when you sign in with Google or Microsoft.

2.2 Billing and payment information

  • Stripe customer ID and subscription ID. We do not store raw card numbers; all payment data is handled by Stripe.
  • Invoice history and subscription plan details.

2.3 Environment and usage data

  • Customer Data you enter into CID DCIM: device records, rack configurations, network data, power readings, and any other data managed within your environment.
  • Time-series metrics stored in your dedicated InfluxDB bucket.
  • AI operator query logs and action logs (tenant-scoped, stored in your PostgreSQL cluster).

2.4 Technical and log data

  • IP address, browser type, and request logs retained for up to 30 days for security and debugging purposes.
  • Application error logs that may include environment identifiers.
  • Kubernetes pod health and resource utilisation metrics for operational monitoring.

2.5 Cookies and session data

  • A session cookie is set upon authentication to maintain your login state. This cookie is HTTP-only and not accessible to JavaScript.
  • We do not use third-party advertising cookies or tracking pixels.
  • We do not use Google Analytics or similar behavioural analytics tools.

3. How We Use Your Information

  • Service delivery: To provision, operate, and maintain your CID DCIM environment.
  • Billing: To process payments, issue invoices, and manage your subscription via Stripe.
  • Authentication: To verify your identity and manage access controls via Auth0.
  • Support: To diagnose issues and respond to support requests.
  • Security: To detect, investigate, and prevent fraudulent or unauthorised activity.
  • Legal compliance: To comply with applicable laws, regulations, and court orders.
  • Service improvements: Aggregate, anonymised usage patterns may be used to improve the platform. We do not sell individual-level data.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

4. Third-Party Sub-Processors

We engage the following sub-processors to deliver the Services:

Provider Purpose Data shared Privacy policy
Stripe, Inc. Payment processing Email, billing details stripe.com/privacy
Auth0 (Okta) Identity & authentication Email, name, OAuth tokens auth0.com/privacy
Vultr Holdings LLC Cloud infrastructure hosting Encrypted tenant data at rest vultr.com/legal/privacy
Temporal Technologies Workflow orchestration (AI operator) Workflow metadata, activity logs temporal.io/privacy
InfluxData, Inc. Time-series metrics storage Device metrics in isolated buckets influxdata.com
Bunny.net CDN and DNS IP address, request headers bunny.net/privacy

5. Data Isolation and Security

Each customer environment is deployed in a dedicated, isolated Kubernetes namespace with its own PostgreSQL cluster, InfluxDB bucket, and Auth0 organisation. Customer Data is logically and technically separated from other customers' data.

We implement the following security measures:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • All data at rest is encrypted at the infrastructure level by Vultr.
  • Sensitive environment secrets (API keys, database credentials) are stored in Kubernetes Secrets and never exposed in logs or application output.
  • Credential fields in the application database use AES encryption via an application-level encryption key.
  • Access to production infrastructure is restricted to authorised personnel via multi-factor authentication.

No security measure is 100% guaranteed. In the event of a data breach affecting your data, we will notify you within 72 hours of becoming aware, as required by applicable regulations.

6. Data Retention

  • Active subscriptions: Customer Data is retained for the duration of your subscription.
  • After cancellation: Customer Data is retained for 30 days to allow data export. After 30 days it is permanently deleted.
  • Billing records: Invoice and payment records are retained for 7 years as required by tax law.
  • Log data: Application and access logs are retained for 30 days, then deleted.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data (subject to legal retention obligations).
  • Portability: Request your Customer Data in a machine-readable format.
  • Objection / restriction: Object to or request restriction of certain processing activities.
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, email privacy@plutovault.cloud. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

California residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect about you, the right to delete that information, and the right to opt out of the "sale" of your personal information. We do not sell personal information. To exercise your CCPA rights, contact privacy@plutovault.cloud.

EU/UK residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, our legal basis for processing your personal data includes: (a) performance of a contract (to provide the Services), (b) compliance with legal obligations, and (c) legitimate interests (security and fraud prevention). You have the right to lodge a complaint with your local supervisory authority.

8. International Data Transfers

Our infrastructure is hosted in the United States (Vultr EWR region). If you are accessing the Services from outside the United States, your data will be transferred to and processed in the United States. We take steps to ensure appropriate safeguards are in place for such transfers, including use of providers that participate in applicable data transfer frameworks.

9. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Links to Third-Party Sites

Our Services may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via the customer dashboard. The updated policy will be effective on the date posted. Your continued use of the Services after that date constitutes acceptance of the updated policy.

12. Contact Us

For privacy questions, data requests, or to report a concern:

Redline Analytics LLC — Privacy
Email: privacy@plutovault.cloud
Website: www.plutovault.cloud