Privacy Policy

1. Overview

Data2Cloud Solutions LLC (DBA Data2Cloud, “we,” “us,” or “our”) operates JEFFE.ai™, an AI agent orchestration platform for AWS. This Privacy Policy explains how we collect, use, and protect information when you use the Service.

2. Information We Collect

Account and registration data (collected at signup via AWS Marketplace):

Operational data (generated while using the Service):

Technical and usage data:

• Browser type, device type, and IP address (via standard web server logs)
• Pages visited and features used (aggregated, not linked to individuals)
• Error logs and diagnostic data for service reliability

3. How We Use Your Information

We use the information we collect to:

• Provide the Service — create and manage your tenant account, execute agents, store run history, and manage approval workflows
• Subscription management — verify entitlements via AWS Marketplace, enforce plan limits, handle subscription lifecycle events (activation, suspension, cancellation)
• Communications — send account credentials, service notifications, and respond to support requests. We do not send marketing emails without your consent.
• Security and fraud prevention — detect abuse, unauthorized access, and violations of our Terms of Service
• Service improvement — aggregated, anonymized usage patterns to understand which features are used and where the Service can be improved. Individual user data is not used for this purpose.
• Legal compliance — meet applicable legal obligations

We do not use your data to train AI or machine learning models, whether operated by the Company or any third party.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share it only in these limited circumstances:

• AWS services — the Service is built on AWS (DynamoDB, S3, Lambda, Cognito, Bedrock AgentCore, SQS). Your data is processed by these services under AWS’s privacy and security commitments. See the AWS Privacy Notice.
• AWS Marketplace — subscription status, entitlement, and lifecycle events are exchanged with AWS Marketplace to manage your subscription.
• Legal requirements — we may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of the Company, our users, or the public.
• Business transfers — if the Company is acquired, merged, or sells substantially all its assets, your information may be transferred as part of that transaction. We will notify you via email before your data is subject to a different privacy policy.

We do not use third-party analytics services (such as Google Analytics) that track individual users across the web.

5. Your AWS Data

JEFFE.ai™ operates by assuming a cross-account IAM role in your AWS account. When agents execute, they interact directly with your AWS resources. The Company does not store copies of your AWS infrastructure data (EC2 configurations, S3 object contents, Glue job definitions, etc.) except as explicitly described in operational data above (e.g., agent-generated run logs and script outputs stored for audit purposes).

You control the scope of the cross-account IAM role. You can revoke access at any time by deleting or modifying the role in your AWS account. The Company will not be able to access your AWS resources after the role is removed.

Agent conversation memory (maintained by Amazon Bedrock AgentCore) is scoped to your tenant. Memory is used to provide context across sessions and is not shared with other tenants.

6. Data Retention

We retain your data for as long as your subscription is active and for 30 days following termination, to allow you to export your data. Specifically:

• Account and tenant data — retained for the duration of the subscription plus 30 days
• Run logs and approval history — retained for 90 days by default; may be extended on Professional plans
• Script artifacts (S3) — retained for 90 days after execution
• Agent conversation memory — retained for the duration of the subscription; deleted upon account termination
• Web server logs — retained for 30 days and then deleted

You may request deletion of your data at any time by contacting support@jeffe.ai. Deletion requests will be honored within 30 days, subject to any legal retention obligations.

7. Security

We implement commercially reasonable technical and organizational measures to protect your information, including:

• Encryption in transit (TLS 1.2+) for all API and web traffic
• Encryption at rest for DynamoDB and S3 storage
• Tenant isolation — each customer’s data is logically separated with Cognito group-scoped access controls
• Cross-account role assumption with ExternalId conditions to prevent confused-deputy attacks
• AWS IAM least-privilege principles for all internal service roles

No security measure is perfect. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

8. Your Rights

Depending on your location, you may have the following rights with respect to your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate information
• Deletion — request deletion of your personal information (subject to legal retention requirements)
• Portability — request your data in a machine-readable format
• Objection / restriction — object to or request restriction of certain processing activities

To exercise any of these rights, contact us at support@jeffe.ai. We will respond within 30 days.

We do not discriminate against users who exercise their privacy rights.

9. Children

The Service is intended for use by businesses and professionals and is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us at support@jeffe.ai and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) or by posting a notice within the Service at least 14 days before the changes take effect. The updated policy will be available at this URL with a revised effective date.

11. Contact

For privacy questions, data requests, or concerns, contact us at:

Data2Cloud Solutions LLC (DBA Data2Cloud)
support@jeffe.ai

If you are in the European Economic Area and believe we have not addressed your privacy concern adequately, you have the right to lodge a complaint with your local supervisory authority.