Wellarwellar
Connect AWS
Back to home

Legal

Privacy Policy

Last updated: June 11, 2026

1. Introduction

Wellar.io ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our cloud optimization platform ("Service").

2. Information We Collect

2.1 Account Information

Access to Wellar starts with a request, not an instant sign-up. When you request access, we collect your full name, work email address, organization name, your approximate AWS monthly spend (selected as a range), your number of AWS accounts (selected as a range), and your role. We use this to review and provision your access.

We do not collect a password at request time. Once your access is approved and your account is activated, your login credentials are created and managed through AWS Cognito.

2.2 AWS Account Data

When you connect your AWS accounts, we access metadata about your AWS resources (instance types, configurations, usage metrics, cost data) through a read-only cross-account IAM role. We do not access the content of your data stored in AWS services (e.g., S3 object contents, database records, application data).

2.3 Usage Data

We collect information about how you interact with the Service, including pages visited, features used, and actions taken. This helps us improve the Service.

2.4 Payment Information

Billing is currently handled by manual invoicing. We do not collect or store credit card numbers or any payment details. If we introduce self-serve billing in the future, payments would be handled by a PCI-compliant payment processor that processes transactions in accordance with applicable data protection laws.

3. How We Use Your Information

We use your information to:

  • Review and provision your access to the Service
  • Provide and maintain the Service
  • Generate optimization recommendations for your AWS infrastructure
  • Manage your subscription and issue invoices
  • Send you service-related communications (e.g., security alerts, feature updates)
  • Improve and develop new features
  • Respond to your support requests

We do not sell your personal information or AWS data to third parties.

4. Data Storage and Security

Your data is stored on Amazon Web Services infrastructure in the US East (Virginia) region. We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest (AWS managed encryption)
  • Access controls and authentication via AWS Cognito
  • Regular security reviews

5. Data Retention

We retain your account information for as long as your account is active. AWS resource data and optimization recommendations are cached temporarily (typically 24 hours to 7 days) and refreshed periodically. Upon account deletion, we remove your data within 30 days.

6. Data Sharing

We share your information only with:

  • Amazon Web Services — for infrastructure hosting and service delivery.
  • Anthropic — for AI-powered analysis features, using anonymized data only (no personally identifiable information).
  • A future payment processor — if and when self-serve billing is offered, a PCI-compliant payment processor would receive only the billing information necessary to process transactions. Today, no payment processor receives customer data.

We may also disclose information if required by law or to protect our rights.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential communications
  • Disconnect your AWS accounts at any time by removing the IAM role

To exercise any of these rights, contact us at mail@wellar.io.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

9. GDPR Compliance

If you are located in the European Economic Area (EEA), we process your data under the following legal bases: contract performance (providing the Service), legitimate interest (improving the Service), and consent (optional communications). You may contact us to exercise your GDPR rights at any time.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions or concerns, contact us at mail@wellar.io.