Privacy Policy

Terra Ops ("we", "our", or "the Platform") is a cloud security assessment platform developed and maintained by Sumit Bhadu — CKA, AZ-104, AZ-305 & MLOps certified (GitHub: sumit-bhadu). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our web application, APIs, and associated services.

By accessing or using Terra Ops, you agree to the collection and use of information as described in this policy. If you disagree with any part of this policy, please discontinue use of the platform immediately.

2.1 Account Information
When you register, we collect your email address, full name (optional), and a hashed password. We also store your time-based one-time password (TOTP) secret for two-factor authentication. We never store your TOTP codes — only the shared secret used to verify them.

2.2 AWS Credentials
To perform security assessments, you provide AWS credentials (Access Key ID and Secret Access Key) or an IAM Role ARN. These credentials are encrypted at rest using AES-256 and are used exclusively to perform read-only security scans against your AWS account. We never use your credentials for any other purpose, never sell them, and never transmit them to third parties.

2.3 Scan Data and Findings
Security scan results, compliance reports, cost data, and infrastructure diagrams are stored in your account database. This data is isolated per account and is never shared with other users or third parties.

2.4 Usage Data
We may collect anonymised usage telemetry including feature usage patterns, error rates, and performance metrics. This data contains no personally identifiable information and is used solely to improve the platform.

We use the information we collect to:

• Provide, operate, and maintain the Terra Ops platform
• Authenticate your identity and protect your account
• Run AWS security assessments on your behalf using your credentials
• Generate compliance reports, threat intelligence, and architecture diagrams
• Send account-related communications (security alerts, account updates)
• Improve platform performance, reliability, and security
• Comply with legal obligations

4.1 Encryption at Rest
All sensitive data — including AWS credentials, passwords, and TOTP secrets — is encrypted at rest using AES-256 encryption. Passwords are hashed using bcrypt with a per-user salt and are never stored in plaintext.

4.2 Encryption in Transit
All communication between your browser and Terra Ops servers is encrypted using TLS 1.2 or higher. API endpoints are protected by HTTPS-only policies.

4.3 Access Controls
Row-level data isolation ensures each user can only access their own accounts, scans, and reports. Database access is restricted to authenticated service accounts with least-privilege permissions.

4.4 Two-Factor Authentication
All Terra Ops accounts require TOTP-based two-factor authentication. This is enforced at registration and cannot be disabled, ensuring that even if your password is compromised, your account remains protected.

We do not sell, trade, rent, or share your personal information with third parties, except in the following limited circumstances:

Legal Requirements: We may disclose information if required by law, court order, or government authority.

Security Incidents: If we detect unauthorised access or a breach affecting your data, we will notify you promptly.

Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

Terra Ops takes AWS credential security extremely seriously. Your credentials are:

• Stored encrypted using AES-256 with per-credential encryption keys
• Used only for read-only AWS API calls during security assessments
• Never logged in plaintext in application logs or error messages
• Accessible only by authenticated API requests from your own session
• Deletable at any time — deleting an account removes all associated credentials

We strongly recommend using IAM roles with read-only policies rather than root credentials. See our documentation for the minimum required IAM permissions.

Account Data: Retained while your account is active. Deleted within 30 days of account deletion.

Scan Results: Retained indefinitely in your account until manually deleted. You can delete individual scans from the platform at any time.

AWS Credentials: Retained until you delete the associated cloud account from the platform.

Session Data: Sessions expire after 8 hours of inactivity. Session cookies are automatically invalidated on logout.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of all personal data we hold about you
• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your account and all associated data
• Portability: Export your scan data in machine-readable formats (PDF, DOCX, JSON)
• Objection: Object to specific processing of your data

To exercise any of these rights, contact us via GitHub: github.com/sumit-bhadu

Terra Ops uses:

• Session Cookie (`terraops_session`): An HTTP-only, secure, SameSite=Lax cookie used for authentication. This is strictly necessary and cannot be disabled.
• SessionStorage: Used to remember your last navigation destination for post-login redirect. Contains no personal data and is cleared on browser close.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

Terra Ops is intended for professional use by security engineers, DevOps teams, and cloud architects. We do not knowingly collect information from anyone under the age of 16. If you believe a minor has created an account, contact us immediately.

We may update this Privacy Policy from time to time. Material changes will be notified via the platform interface. Your continued use of Terra Ops after changes take effect constitutes acceptance of the updated policy. The effective date at the top of this page indicates when the policy was last revised.

For privacy questions, data requests, or security concerns, please contact us:

• GitHub: github.com/sumit-bhadu
• Project Repository: github.com/sumit-bhadu/terra-ops

We aim to respond to all privacy inquiries within 72 hours.