🔴
⚫️
Yellowstone Labs
×
Yellowstone Labs Contact Us

Privacy Policy for Yellowstone Labs

Effective Date: March 21, 2026
Last Updated: March 21, 2026

1. Introduction

Yellowstone Labs ("we," "our," "us") is a technology company headquartered in Signal Hill, California. We respect your privacy and are committed to protecting any personal information you may share with us. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our primary website ( yellowstonelabs.io ), use our Cloud Repatriation Analyzer ( cra.yellowstonelabs.io ), use any other digital products or tools we develop and list on our website, or engage us for our custom software development, IT staff augmentation, IT infrastructure services, or any other services we provide.

We proudly serve businesses of all sizes. Regardless of your company's scale, we understand that protecting your infrastructure data, cloud credentials, and proprietary information is paramount.

2. Information We Collect

We collect information that you voluntarily provide to us, as well as data required to analyze your infrastructure.

A. General Business Services & Website Inquiries

  • Contact Information: When you fill out our "Contact Us" form, we collect your name, email address, phone number, company name, and any other details you choose to share with us regarding your project inquiries.

B. Cloud Repatriation Analyzer (CRA) Data

To provide our infrastructure analysis, we collect the strictly necessary information required to generate your reports:

  • Account Details: We collect your email address and a password hash to create and secure your account.
  • Cloud Credentials: We collect API keys and access tokens (e.g., AWS Access Keys, Azure Service Principals, GCP Service Account JSONs, DigitalOcean API Tokens). These are stored securely using AES-256-GCM encryption at rest.
  • Infrastructure Data: We read resource configurations, costs, and usage metrics from your cloud providers to generate your cost savings recommendations. Note: We can only read infrastructure metadata; we cannot access, read, or modify your proprietary application data or customer databases.
  • Billing Metadata: We collect customer identifiers, payment details, and invoices via our payment processor, Stripe.

3. How We Use Your Information

We process your data exclusively to provide, secure, and improve our services. Specifically, we use the information we collect to:

  • Authenticate users and maintain secure session management.
  • Analyze your cloud infrastructure to generate highly accurate cost savings recommendations and migration plans.
  • Send account notifications, report analysis completion alerts, and password reset codes.
  • Process payments and manage subscriptions with Stripe.
  • Respond to inquiries, provide customer support, and personalize your experience.
  • Improve our website, analytical tools, and consulting services.

4. Data Sharing & Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except as required by law or with your explicit consent.

  • Cloud Credentials: Your encrypted cloud credentials are encrypted at rest and never shared with third parties.
  • Internal Access: Access to your data is strictly limited to authorized team members on a need-to-know basis.
  • Service Providers: Payment data is handled directly by Stripe; we store only references to Stripe Customer IDs.
  • Affiliate Partners (Bare Metal Providers): Our CRA reports include recommendations for bare metal providers (e.g., Hetzner, OVH). Whether you hire us for hands-on migration consulting or you simply purchase the CRA report/blueprint to implement yourself, we may seek to register your business with these providers to earn a referral commission. We will always ask for your explicit permission before sharing your business contact information with any bare metal provider for this purpose.

5. Data Security & Retention

We take reasonable, industry-standard steps to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

  • Encryption: All cloud credentials are secured using AES-256-GCM encryption at rest.
  • Retention: Customer data is retained while your account remains active. Upon account cancellation or deletion, we archive your data for 90 days, after which it is permanently deleted.

6. Cookies and Tracking

Our website uses cookies to enhance your browsing experience. Cookies are small data files stored on your device that help us understand how visitors interact with our site.

  • Essential Cookies: These cookies are necessary for the website to function properly and maintain your secure login sessions.
  • Analytics Cookies: We may use third-party services to help us understand how our site is used and to optimize our marketing efforts.

You can disable cookies through your browser settings; however, doing so may affect the functionality of our website, including the ability to sign into the CRA dashboard.

7. Your Rights and Choices

We give you control over how your information is collected, stored, and used. You have the right to:

  • Request a copy of your data or ask us to update incorrect information. This may include information you provide directly and information collected from connected accounts at your direction. We may withhold or redact information where necessary to protect security, the rights of others, or confidential and proprietary information. For data maintained solely by third-party platforms, please contact those platforms directly.
  • Export your analysis reports (via PDF) and view your billing history at any time.
  • Deactivate your account and permanently delete your data (subject to legal retention requirements).

Notice to California Residents (CCPA/CPRA) As a company based in Signal Hill, California, we comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the updated 2026 regulations. California residents have the right to request access to the specific pieces of personal information we have collected, request the deletion of their personal data, and opt-out of the "sharing" or "sale" of their personal information. We do not sell your personal data for monetary value. To exercise these rights, please contact us using the information below. We will not discriminate against you for exercising your privacy rights.

8. Updates to this Policy

We may update this Privacy Policy periodically. When we make changes, we will update the effective date and notify active users via email. Material changes may also appear as in-app notifications within the CRA dashboard. We encourage you to review this page regularly for any changes.

9. Contact Us

If you have a concern or any questions about this Privacy Policy, please contact us using this form. We will respond within one business day.

Yellowstone Labs
Signal Hill, California, United States

We use cookies to enhance your experience. By continuing to use this site, you agree to our use of cookies. More info
Got it!