Complimetric
PlatformSolutionsPricingBlog
ComplimetricComplimetric

Infrastructure-as-Code governance for teams that treat compliance as a scene to direct, not a checkbox to ship.

All systems operational

Product

  • Platform
  • Compliance
  • Solutions
  • Pricing
  • Changelog

Company

  • About
  • Blog
  • Getting Started
  • Security

Legal

  • Legal Notice
  • Privacy
  • Cookies
  • Terms
  • Terms of Sale
  • Open Source
  • DPA
Complimetric

© 2026 0x0800 SRL. Directed in production.

Privacy

Privacy Policy

Last updated · January 3, 2026

01 —

Introduction

0x0800 SRL, operating under the brand Complimetric ("we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Infrastructure-as-Code compliance platform.

Data Controller: 0x0800 SRL, a Belgian company (SRL).

02 —

Information We Collect

2.1 Account Information

When you create an account, we collect:

  • GitHub username and email address (via OAuth)
  • Organization name and billing information
  • Team member information you provide

2.2 Repository Data

When you connect repositories, we access:

  • Repository metadata (name, visibility, branches)
  • Terraform/IaC configuration files for scanning
  • We do NOT store your source code permanently

2.3 Cloud Credentials

For drift detection, we securely store encrypted cloud credentials:

  • AWS Access Keys (encrypted at rest with AES-256)
  • Azure Service Principal credentials (encrypted)
  • Credentials are used only for read-only infrastructure scanning

2.4 Usage Data

We automatically collect:

  • Scan history and results
  • Feature usage analytics
  • Error logs for debugging
03 —

How We Use Your Information

We use the collected information to:

  • Provide and maintain our service
  • Generate compliance reports and security findings
  • Detect infrastructure drift
  • Send notifications about critical issues
  • Process payments and manage subscriptions
  • Improve our service and develop new features
04 —

Data Security

We implement industry-standard security measures:

  • AES-256 encryption for sensitive data at rest
  • TLS 1.3 for data in transit
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)
05 —

Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Personal data is deleted within 30 days
  • Scan results are anonymized or deleted
  • Cloud credentials are immediately and permanently deleted
06 —

Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (PCI DSS compliant)
  • GitHub: OAuth authentication and repository access
  • AWS/Azure: Infrastructure scanning (with your credentials)
07 —

Your Rights (GDPR)

If you are in the EU, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to processing

To exercise these rights, contact us at: privacy@complimetric.com

08 —

Contact Us

For privacy-related questions:

Data Protection Officer: dpo@complimetric.com

General inquiries: privacy@complimetric.com

Company: 0x0800 SRL, Belgium

09 —

Supervisory Authority

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorite de protection des donnees / Gegevensbeschermingsautoriteit):

Rue de la Presse 35 / Drukpersstraat 35
1000 Brussels, Belgium
www.dataprotectionauthority.be