Legal

Privacy Policy

Last updated: June 2026 · Effective: June 2026

What We Collect

We collect information you provide directly: your name, email address, and password when you create an account. We collect information about your organisation's cloud accounts only to the extent you authorise through read-only IAM roles. We never store your cloud credentials directly — we use short-lived session tokens issued through your cloud provider's standard IAM mechanisms.

We collect usage data about how you interact with Amajoni: pages visited, features used, scan results generated. This data is used to improve the product and is not sold to third parties.

What We Do Not Collect

We do not intercept, store, or process the contents of your AI agents' prompts, completions, or conversation history. We do not read the actual data in your cloud storage buckets, databases, or secrets manager entries. We read only metadata: function names, IAM role policies, CloudWatch metric summaries, and environment variable key names (not values) that indicate the presence of LLM API keys.

How We Use Your Data

We use your account data to authenticate you and manage your subscription. We use your cloud scan results to build and display your agent inventory and risk scores within Amajoni. We use aggregate, anonymised usage data to understand product performance and prioritise improvements. We do not use your data to train AI models.

Data Sharing

We do not sell your data. We share data with the following categories of service providers, solely to operate the product: our cloud infrastructure provider (Supabase / AWS), payment processor (Stripe), and email service provider. All sub-processors are bound by data processing agreements. We may disclose data if required by law or to protect our rights, provided we notify you where legally permitted to do so.

Data Retention

We retain your account data for as long as your account is active. Scan results are retained for 12 months by default. Activity logs are retained for 90 days. If you delete your account, we delete your personal data within 30 days, subject to legal obligations to retain certain records.

Security

We implement industry-standard security measures: encryption in transit (TLS 1.3), encryption at rest (AES-256), principle of least privilege for all internal access, and regular security reviews. Our cloud scan credentials use read-only IAM roles with the minimum permissions required for discovery. We are committed to disclosing security incidents to affected users promptly.

Your Rights (POPIA)

Under the Protection of Personal Information Act (South Africa), you have the right to access your personal information, request corrections, request deletion of your data, and object to processing. To exercise any of these rights, email hi@amajoni.com. We will respond within 30 days.

Cookies

We use session cookies to keep you logged in. We use no third-party advertising or tracking cookies. We use Supabase Auth session tokens stored in secure, HttpOnly cookies. You can disable cookies in your browser, but this will prevent you from using authenticated features.

Contact

Questions about this policy: hi@amajoni.com. We will respond within 5 business days.