← Back to Home
Privacy Policy — AI Incident Commander
Last Updated: April 22, 2026
1. INTRODUCTION
NovaAI Technologies LLC ("we," "us," or "our") operates AI Incident Commander ("AIC" or "the Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.
By using AIC, you consent to the practices described in this Privacy Policy.
2. INFORMATION WE COLLECT
2.1 Account Information
When you sign up for AIC, we collect:
- Company name
- Contact name and title
- Email address
- Phone number (optional)
- AWS Account ID (for marketplace integration)
2.2 Technical Data
When you use AIC, we automatically collect:
- API keys (generated by us for your authentication)
- Incident data you send to AIC:
- Alert title and description
- Service name and environment (production, staging, etc.)
- Timestamp of incident
- Severity classification (P0-P3)
- AWS diagnostic output generated by AIC
- Integration configuration:
- Slack webhook URLs
- Microsoft Teams webhook URLs
- Email addresses for notifications
- Usage metrics:
- Number of incidents processed
- API request volume
- Response times
- Feature usage patterns
2.3 Billing Information
For paid plans:
- Billing contact information
- AWS Marketplace account ID (if billing through AWS)
- Invoice payment details (if direct billing)
Note: We do NOT store credit card numbers. Payments are processed through AWS Marketplace or our payment processor.
2.4 Communications
- Email correspondence with support
- Feedback and feature requests
- Chat transcripts (if using in-app chat)
2.5 Information We Do NOT Collect
- Passwords (we use API key authentication only)
- Credit card numbers (processed by third parties)
- Social Security Numbers or government IDs
- Health information (HIPAA data)
- Payment card data (PCI data)
3. HOW WE USE YOUR INFORMATION
3.1 To Provide the Service
- Triage incidents and classify severity
- Execute AWS diagnostic commands on your behalf
- Generate AI-powered analysis of incidents
- Send notifications to your Slack/Teams channels
- Learn from historical incidents to improve future triage accuracy
- Provide customer support
3.2 To Improve the Service
- Analyze usage patterns to identify bugs and performance issues
- Develop new features based on user needs
- Train and improve our AI models (using anonymized data only)
- Conduct security audits and threat detection
3.3 To Communicate With You
- Send service-related notifications (trial expiring, incidents detected, etc.)
- Respond to support requests
- Announce new features or service changes
- Send billing invoices (for paid plans)
3.4 For Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests (subpoenas, court orders)
- Protect against fraud, abuse, or security threats
- Enforce our Terms of Service
4. HOW WE SHARE YOUR INFORMATION
4.1 Service Providers (Sub-Processors)
We share data with third parties who help us operate the Service:
| Provider |
Purpose |
Data Shared |
Location |
| Amazon Web Services (AWS) |
Cloud infrastructure, database, AI models |
All incident data, diagnostic output |
US (us-east-1) |
| Anthropic (via AWS Bedrock) |
AI model for incident analysis |
Alert text, historical incident data |
US (via AWS) |
| Slack |
Incident notifications |
Webhook URL, incident details |
US (Slack servers) |
| Microsoft |
Teams notifications |
Webhook URL, incident details |
US (Microsoft servers) |
These providers are contractually bound to protect your data and use it only as directed by us.
4.2 Business Transfers
If NovaAI Technologies LLC is acquired, merged, or sold:
- Your data may be transferred to the acquiring entity
- We will notify you 30 days in advance
- The new owner must honor this Privacy Policy
4.3 Legal Requirements
We may disclose your data if required by law:
- To comply with subpoenas or court orders
- To protect our legal rights or defend against legal claims
- To prevent fraud, security threats, or harm to others
- To enforce our Terms of Service
4.4 With Your Consent
We may share data in other ways with your explicit permission.
4.5 What We Do NOT Do
- ❌ We do NOT sell your data to advertisers or data brokers
- ❌ We do NOT use your incident details for marketing without permission
- ❌ We do NOT share data with competitors
5. DATA STORAGE AND SECURITY
5.1 Where We Store Data
- Primary region: AWS us-east-1 (US East - N. Virginia)
- Database: Amazon RDS (PostgreSQL) with Multi-AZ for redundancy
- Cache: Amazon ElastiCache (Redis)
- Logs: Amazon CloudWatch Logs (30-day retention)
5.2 How We Protect Data
Encryption:
- Data in transit: TLS 1.2 or higher (HTTPS)
- Data at rest: AES-256 encryption (RDS encryption enabled)
- API keys: Hashed using bcrypt before storage
Access Controls:
- Multi-factor authentication (MFA) required for admin access
- Least-privilege IAM roles (AWS best practices)
- API key authentication for all API requests
- Role-based access control (RBAC) for multi-tenant isolation
Infrastructure Security:
- VPC isolation (private subnets for databases)
- Security groups (firewall rules)
- Regular security patches via AWS managed services
- CloudTrail logging of all API activity
Monitoring:
- 24/7 automated security monitoring
- Intrusion detection via AWS GuardDuty (planned)
- Real-time alerts for suspicious activity
5.3 Data Retention
- Active users: Incident data retained for duration of service
- Trial users: Data retained for 30 days after trial expiration, then deleted
- Canceled accounts: Data retained for 30 days, then permanently deleted
- Backups: Automated daily backups retained for 7 days (RDS snapshots)
You may request immediate deletion by emailing info@incidentai.io.
6. YOUR RIGHTS
6.1 Access Your Data
You have the right to:
- Request a copy of all data we have about you
- Access your incident history via the AIC API or dashboard
How to request: Email info@incidentai.io with subject "Data Access Request"
6.2 Correct Your Data
You can update:
- Account information via dashboard or API
- Incorrect incident data by contacting support
6.3 Delete Your Data
You can request deletion of:
- All incident data (account closure)
- Specific incidents
- Personal information (email, name)
How to request: Email info@incidentai.io with subject "Data Deletion Request"
Note: We must retain some data for legal/accounting purposes (e.g., billing records for 7 years).
6.4 Export Your Data
You can export:
- Incident history in JSON or CSV format
- Diagnostic output reports
- Configuration data (API keys, integrations)
How to request: Use AIC API export endpoint or email info@incidentai.io
6.5 Object to Processing
You can object to:
- Use of your data for marketing purposes
- Automated decision-making (AI triage) — however, this is core to the Service
How to object: Email info@incidentai.io
6.6 Withdraw Consent
- You may withdraw consent at any time by canceling your account
- Withdrawal does not affect lawfulness of processing before withdrawal
7. COOKIES AND TRACKING
7.1 What We Use
- Session cookies: To keep you logged in (essential)
- Analytics cookies: To measure website traffic (Google Analytics)
7.2 Third-Party Tracking
- We do NOT use third-party advertising cookies
- We do NOT sell your data to advertisers
7.3 Your Choices
- Most browsers allow you to block cookies
- Blocking essential cookies may prevent login functionality
8. INTERNATIONAL DATA TRANSFERS
8.1 Data Location
- All data is stored in AWS us-east-1 (United States)
- If you are outside the US, your data will be transferred to the US
8.2 EU/UK Users (GDPR)
If you are in the EU or UK:
- We rely on AWS's GDPR compliance and Standard Contractual Clauses (SCCs)
- You have additional rights under GDPR (see Section 6)
- Data transfers comply with EU-US Data Privacy Framework
8.3 California Users (CCPA)
If you are a California resident:
- You have the right to know what data we collect
- You have the right to delete your data
- You have the right to opt out of data sales (we don't sell data)
- Contact info@incidentai.io to exercise rights
9. CHILDREN'S PRIVACY
- AIC is NOT intended for users under 18 years old
- We do not knowingly collect data from children
- If we discover we have collected data from a child, we will delete it immediately
- Contact info@incidentai.io if you believe we have child data
10. CHANGES TO THIS POLICY
- We may update this Privacy Policy at any time
- We will notify you of material changes via email 30 days in advance
- Continued use after changes constitutes acceptance
- You can always view the current policy at https://incidentai.io/privacy
11. CONTACT US
For privacy-related questions or requests:
Data Protection Officer:
Email: info@incidentai.io
Mail: NovaAI Technologies LLC, Privacy Dept, [Address TBD]
General Inquiries:
Email: info@incidentai.io
Website: https://incidentai.io
Response Time:
- Data requests: 30 days
- Urgent privacy issues: 48 hours
12. REGULATORY COMPLIANCE
12.1 GDPR (EU General Data Protection Regulation)
- We comply with GDPR for EU users
- Legal basis for processing: Contract performance, legitimate interest, consent
- Data Protection Officer: info@incidentai.io
- EU Representative: [TBD if needed based on user volume]
12.2 CCPA (California Consumer Privacy Act)
- We comply with CCPA for California residents
- We do not sell personal information
- California users can request deletion or access via info@incidentai.io
12.3 SOC 2 (Planned Q2 2026)
- We are working toward SOC 2 Type II certification
- Security controls align with SOC 2 requirements
- Audit completion expected Q2 2026
By using AI Incident Commander, you acknowledge that you have read and understood this Privacy Policy.
Last updated: April 22, 2026 | Version: 1.0