Support

Legal

Privacy Policy

Effective Date: April 27, 2026 Last Updated: April 27, 2026

1. Introduction

Terraback ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Terraback CLI tool, the terraback.io website, and related services (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide

  • Account Information: email address, and optionally name and company name, when you purchase a license or contact us
  • Payment Information: processed exclusively through PCI-compliant third-party payment processors. We do not store credit card details
  • Support Communications: information you provide when contacting support@terraback.io or replying to our emails

2.2 Information Collected Automatically

  • Usage Data: anonymized command-level metrics such as which terraback subcommands were invoked, scan frequency, and aggregate resource counts
  • Device Information: operating system, CLI version, a one-way hashed machine fingerprint (used for license validation), and the IP address of any request to our license-activation endpoint
  • Performance Metrics: scan duration and feature-usage patterns, in aggregate

2.3 Cloud Infrastructure Data — What We Do Not Collect

Terraback scans your cloud infrastructure entirely on your local machine. We do not collect, transmit, or store:

  • Your cloud credentials or session tokens
  • The configuration of any individual resource
  • The names, IDs, or relationships of resources we discover
  • The Terraform code that Terraback generates
  • Any other data read from your cloud accounts

Only the anonymized usage metrics described above leave your machine.

3. How We Use Your Information

We use the information we do collect to:

  • Provide and maintain the Service — activate licenses, verify entitlements, and keep the website online
  • Improve the Service — understand which features are used and where users get stuck
  • Provide support — respond to your questions and diagnose issues
  • Communicate with you — send essential account, security, and product-update emails
  • Comply with the law — meet our legal obligations and enforce our Terms of Service

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in these limited situations:

  • Service Providers: with infrastructure and tooling providers that operate the Service (for example, AWS for hosting, Stripe for payment processing). Each such provider is contractually bound to use your data only for the services they perform for us.
  • Legal Requirements: when required by valid legal process, or to protect our rights, our customers, or the public
  • Business Transfers: in connection with a merger, acquisition, or sale of assets, in which case the acquirer will be bound by this Privacy Policy
  • Aggregated or De-identified Data: we may publish aggregated, non-identifiable statistics about Service usage

5. Data Security

We implement appropriate technical and organizational measures to protect the information we hold:

  • Encryption in transit — all communication with our endpoints uses TLS 1.2+
  • Encryption at rest — license and account databases are encrypted at rest using AWS-managed keys
  • Least-privilege access — only personnel who need access to operate the Service can read account data
  • Periodic review — security configurations and dependencies are reviewed regularly

No system is perfectly secure. We cannot guarantee absolute security, but we work hard to protect your information.

6. Data Retention

  • Account and license data: retained while your license is active and for 90 days after deactivation, after which it is deleted or anonymized
  • Usage metrics: anonymized and aggregated within 12 months of collection
  • Support communications: retained for up to 2 years after the last interaction
  • Payment records: retained as long as required by tax and accounting law (typically 7 years)

7. Your Rights and Choices

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you
  • Correct information that is inaccurate or out of date
  • Delete your personal information ("right to be forgotten")
  • Opt out of non-essential communications
  • Export your information in a portable, machine-readable format

To exercise any of these rights, email privacy@terraback.io. We will respond within 30 days.

8. International Data Transfers

Our infrastructure is hosted in the United States (AWS US-East-1). If you use Terraback from outside the United States, your information will be transferred to and processed in the United States, which may have different data-protection laws than your country.

9. Children's Privacy

Terraback is intended for software professionals and is not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe we have, please contact us so we can delete it.

10. Third-Party Services

The Service may link to third-party websites (for example, our documentation, payment processor, or PyPI). This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third party you interact with.

11. California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • The right to know what personal information we collect, use, and disclose
  • The right to delete personal information we have collected
  • The right to correct inaccurate personal information
  • The right to opt out of the "sale" or "sharing" of personal information — note that we do not sell or share personal information as those terms are defined under California law
  • The right not to be discriminated against for exercising any of these rights

12. European Privacy Rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR / UK GDPR including the rights of access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing your data is one of: your consent, the performance of a contract with you, our legitimate interest in operating the Service, or compliance with a legal obligation.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Email registered customers when the change affects how we handle their data

14. Contact

For questions about this Privacy Policy or our privacy practices:

  • Email: privacy@terraback.io
  • Website: terraback.io
  • GDPR-related inquiries: dpo@terraback.io
We value your privacy

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. Read our privacy policy