Last updated: April 1, 2026
KubeFusion ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Kubernetes management platform.
We collect information you provide directly: account details (name, email, username), organization information, and kubeconfig files for cluster connectivity. We also collect usage data including IP addresses, browser type, pages visited, and actions performed within the platform. Kubeconfig files are encrypted with AES-256-GCM and processed server-side only.
We use your information to: provide and maintain the KubeFusion platform, authenticate your identity and manage access control, connect to and manage your Kubernetes clusters, provide AI-powered diagnostics (when configured), send important service notifications, and improve our platform based on usage patterns.
All sensitive data is encrypted at rest. Kubeconfig files use AES-256-GCM encryption with scrypt key derivation. Passwords are hashed with bcrypt (12 rounds). API tokens are stored as SHA-256 hashes — we never store the original token. AI API keys are encrypted and never returned in API responses.
We use session cookies for authentication (JWT-based). We also store your theme preference (light/dark/system) and language preference (English/Thai) locally. We do not use tracking cookies or third-party analytics cookies.
When you configure AI diagnostics, your cluster data (excluding Secret values, which are automatically redacted) may be sent to OpenAI or Anthropic based on your configuration. We do not sell or share your personal information with third parties for marketing purposes.
We implement comprehensive security measures: rate limiting on all endpoints, brute force protection on authentication, CSRF protection, Content Security Policy headers, HSTS with 2-year duration, and strict referrer policies. All Kubernetes operations are performed server-side — sensitive data never reaches the browser.
You have the right to: access your personal data, correct inaccurate data, delete your account and associated data, export your data, and withdraw consent for optional data processing. Contact us to exercise any of these rights.
Account data is retained while your account is active. Audit logs are retained for 90 days. AI chat sessions are automatically deleted after 30 days. Upon account deletion, all personal data is permanently removed within 30 days.
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our platform. Your continued use of KubeFusion after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].