Security & Privacy

Last updated: Aug 1, 2025

Requested roles (read‑only)

roles/resourcemanager.viewer
roles/serviceusage.serviceUsageViewer
roles/compute.viewer
roles/bigquery.dataViewer
roles/bigquery.jobUser (read‑only queries)
roles/cloudasset.viewer

Used APIs

Compute, BigQuery, Cloud Asset Inventory, Service Usage.

Key handling

TLS in transit
Keys processed in memory; not persisted to disk
If persisted due to retries: encrypted with KMS; auto‑deletion ≤ 24h

Report data

Analysis artifacts stored up to 24h for download reliability
Immediate deletion on user request

Logging

Aggregated operational logs; secrets masked
Minimal retention; used for reliability and abuse detection

Security contacts

security@ai-finops.cloud — responsible disclosure welcome.