Trueno
Privacy

What we collect, what we don't, and where it lives.

The page below documents how Trueno currently handles data, in plain language. It is not a legal document — see the disclaimer below.

Draft only

Not legally reviewed. Not suitable for enterprise contracts or paid plans. The page below documents how the product currently behaves, in plain language — it is not a legal agreement. Legal review is required before any commercial use.

What we collect

  • Account info

    Email, display name, and the workspaces you belong to. Required to authenticate and route you to the right tenant.

  • Workspace data

    Findings, resource snapshots, scan history, recommendations, comments, and assignments. Everything you write through the app, scoped to your workspace.

  • Operational telemetry

    Error rates, scan latencies, retry counts, and timing of admin actions. Used to operate the service. No content of your findings or resources is included in telemetry.

What we don't collect

  • AWS access keys

    We never see them. Trueno authenticates to AWS via AssumeRole + external ID, not long-lived credentials.

  • AWS billing data beyond what scans return

    We read what your scans surface (estimated savings per finding, daily cost snapshots). We don't pull your AWS billing console directly.

  • Resource contents

    We read metadata — instance type, region, tags, attached policies. We don't read S3 object contents, RDS row contents, or any application-level data.

Where data lives

  • Supabase

    Hosts the Postgres database and authentication. Workspace data lives here. RLS policies are enforced at the database layer.

  • Vercel

    Hosts the Next.js application and drives scheduled jobs via Vercel Cron. Serverless function execution happens here.

  • AWS (your accounts)

    Trueno calls AWS APIs as a read-only client against the role you authorize. Data flows in only — we don't write back to AWS.

Your rights

  • Delete your workspace

    Request workspace deletion via support and we'll remove the workspace and all associated data within 30 days.

  • Export your data

    Per-workspace export is available on request via support. Format is JSON snapshots of the tables you care about.

  • Revoke AWS access

    Delete the IAM role in your AWS account. AssumeRole calls then fail; no further data flows in.

Questions?

Privacy and data-handling questions go to info@gigant.tech with the subject line [privacy]. We respond from a real engineer.