Beamreach AI Logo Beamreach AI

Compass Privacy Policy

Privacy Policy

Last updated: March 23, 2026

This Privacy Policy describes how Beamreach AI ("Beamreach," "we," "us," and "our") collects, uses, stores, and discloses information in connection with the Compass application, related websites, and associated services (collectively, the "Services").

1. Information We Collect

Depending on how you use the Services, we may collect the following categories of information:

  • Account and profile information, such as your name, email address, organization, and login identifiers.
  • Authentication and sign-in information, including information received from Google or other identity providers to authenticate your account and maintain your session.
  • Customer environment data, such as AWS account identifiers, IAM role or resource metadata, cloud configuration details, infrastructure findings, FinOps savings findings, repository metadata, uploaded files, logs, prompts, or other materials you submit or authorize us to access.
  • Integration credentials and secret material, including access keys, session credentials, tokens, certificates, or similar authentication material you provide or authorize us to store or process in order to enable integrations, scans, or approved workflows.
  • Usage and device information, such as IP address, browser type, approximate location derived from IP, access times, pages viewed, and service diagnostics.
  • Communications and support information you send to us.

2. How We Use Information

We may use information we collect to:

  • Provide, operate, maintain, and improve the Services.
  • Authenticate users, administer accounts, and support Google login or other identity-provider flows.
  • Connect to authorized third-party systems, analyze customer environments, generate findings, estimate savings opportunities, and execute approved product workflows.
  • Monitor, secure, troubleshoot, and debug the Services.
  • Communicate with you about updates, support requests, security matters, and service-related notices.
  • Comply with applicable law, enforce our agreements, and protect our rights, users, and systems.

3. Credentials and Sensitive Access Data

Some Compass features may require access to credentials, tokens, keys, or other secret material associated with your cloud or developer systems. We may store and process that information to authenticate integrations, perform scans, maintain connections, and provide the Services you request.

You are responsible for ensuring that any credentials or permissions you provide are lawfully available for your use, appropriately scoped, and suitable for the intended workflow. Where possible, you should use least-privilege roles, temporary credentials, and rotation or revocation practices appropriate to your environment.

4. How We Share Information

We may disclose information:

  • To vendors, hosting providers, and service providers that support the operation of the Services.
  • To affiliates or contractors working on our behalf and subject to appropriate confidentiality or security obligations.
  • To comply with law, regulation, legal process, or governmental request.
  • To investigate, prevent, or address fraud, abuse, security incidents, or technical issues.
  • In connection with a merger, financing, acquisition, reorganization, or sale of assets.
  • At your direction or with your consent.

We do not sell personal information for monetary consideration.

5. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain appropriate business records. Retention periods may vary based on the type of data, the sensitivity of the information, the nature of the Services provided, and operational or legal requirements.

6. Security

We use administrative, technical, and organizational measures designed to protect information we process. However, no method of transmission, storage, or security control is completely secure, and we cannot guarantee absolute security.

7. Your Choices

Subject to applicable law, you may request access to, correction of, or deletion of certain personal information. You may also disconnect integrations, revoke third-party access, rotate credentials, or stop using the Services at any time. Some information may remain in backups, logs, or records retained for legitimate operational or legal reasons.

8. Children

The Services are not directed to children, and we do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised effective date. Your continued use of the Services after the updated policy becomes effective constitutes your acknowledgment of the revised policy.

10. Contact

Questions or requests regarding this Privacy Policy may be submitted through the contact methods published on the Beamreach website.