ComplimetricComplimetric
PlatformComplianceSolutionsPricingBlogGetting Started
ComplimetricComplimetric

The leading Infrastructure-as-Code governance platform for engineering teams that value security and compliance.

Product

  • Platform
  • Compliance
  • Solutions
  • Pricing

Company

  • About
  • Blog
  • Getting Started

Legal

  • Legal Notice
  • Privacy Policy
  • Cookie Policy
  • Terms of Service
  • Terms of Sale
  • Open Source

© 2026 0x0800 SRL. All rights reserved.

Privacy

Privacy Policy

Last updated: January 3, 2026

1. Introduction

0x0800 SRL, operating under the brand Complimetric ("we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Infrastructure-as-Code compliance platform.

Data Controller: 0x0800 SRL, a Belgian company (SRL).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • GitHub username and email address (via OAuth)
  • Organization name and billing information
  • Team member information you provide

2.2 Repository Data

When you connect repositories, we access:

  • Repository metadata (name, visibility, branches)
  • Terraform/IaC configuration files for scanning
  • We do NOT store your source code permanently

2.3 Cloud Credentials

For drift detection, we securely store encrypted cloud credentials:

  • AWS Access Keys (encrypted at rest with AES-256)
  • Azure Service Principal credentials (encrypted)
  • Credentials are used only for read-only infrastructure scanning

2.4 Usage Data

We automatically collect:

  • Scan history and results
  • Feature usage analytics
  • Error logs for debugging

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain our service
  • Generate compliance reports and security findings
  • Detect infrastructure drift
  • Send notifications about critical issues
  • Process payments and manage subscriptions
  • Improve our service and develop new features

4. Data Security

We implement industry-standard security measures:

  • AES-256 encryption for sensitive data at rest
  • TLS 1.3 for data in transit
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)

5. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Personal data is deleted within 30 days
  • Scan results are anonymized or deleted
  • Cloud credentials are immediately and permanently deleted

6. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (PCI DSS compliant)
  • GitHub: OAuth authentication and repository access
  • AWS/Azure: Infrastructure scanning (with your credentials)

7. Your Rights (GDPR)

If you are in the EU, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to processing

To exercise these rights, contact us at: privacy@complimetric.com

8. Contact Us

For privacy-related questions:

Data Protection Officer: dpo@complimetric.com

General inquiries: privacy@complimetric.com

Company: 0x0800 SRL, Belgium

9. Supervisory Authority

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorite de protection des donnees / Gegevensbeschermingsautoriteit):

Rue de la Presse 35 / Drukpersstraat 35
1000 Brussels, Belgium
www.dataprotectionauthority.be