Privacy Policy

Effective date: February 2026

1. Introduction

This Privacy Policy describes how Temujin Labs ("we", "us", "our") collects, uses, and protects your personal data when you use Alexandria ("the Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Temujin Labs is based in Barcelona, Spain, and acts as the data controller for your personal information.

2. Data We Collect

We collect the following categories of data:

  • Account information: Email address, password (hashed), and optional company name, collected during registration
  • Cloud cost data: Cost records, cloud account identifiers, and service usage data that you upload to the Service
  • Usage analytics: Pages visited, features used, and interaction patterns within the Service, collected to improve the product
  • Technical data: IP address, browser type, and device information, collected automatically for security and service delivery

3. How We Use Your Data

We use your data for the following purposes:

  • Providing the Service: Processing your cloud cost data, generating analysis reports, and delivering alerts
  • Account management: Authenticating your identity, managing your subscription, and communicating with you about your account
  • Improving the product: Analyzing usage patterns to identify bugs, improve features, and enhance performance
  • Security: Detecting and preventing fraud, abuse, and unauthorized access

We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Legal Basis for Processing

Under the GDPR, we process your data on the following legal bases:

  • Contract: Processing necessary to provide the Service you signed up for
  • Legitimate interest: Product improvement, security, and fraud prevention
  • Consent: Where explicitly obtained, such as for optional analytics or marketing communications

5. Third-Party Services

We use the following third-party services to deliver the Service:

  • Google Gemini AI: We send anonymized cost data to Google's Gemini API for AI-powered analysis. We do not send your email address or account credentials to this service. Google's privacy policy applies to data processed by their API.
  • Hetzner: Our servers are hosted with Hetzner Online GmbH in their European data centers. Hetzner is GDPR-compliant.

We do not share your personal data with any other third parties unless required by law.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently removed within 30 days. This includes:

  • Account information (email, credentials)
  • Cloud cost data and analysis results
  • Alert configurations
  • Usage history

Data submitted through the free grader tool (without an account) is processed in real time and not stored on our servers.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Hashed passwords using industry-standard algorithms
  • Rate limiting and brute-force protection on authentication endpoints
  • Security headers (HSTS, X-Frame-Options, Content-Type-Options)
  • Regular security reviews and updates

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of all personal data we hold about you
  • Right to rectification: You can update or correct your personal information through your account settings
  • Right to erasure: You can delete your account and all associated data at any time
  • Right to data portability: You can export your data in a machine-readable format
  • Right to restrict processing: You can request that we limit how we process your data
  • Right to object: You can object to processing based on legitimate interest
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at hello@temujinlabs.com. We will respond within 30 days.

9. Cookies

Alexandria uses only essential cookies and local storage for authentication (JWT tokens). We do not use tracking cookies or third-party analytics cookies. No cookie consent banner is required because we only use strictly necessary cookies.

10. International Data Transfers

Your data is processed and stored within the European Economic Area (EEA). When data is sent to Google's Gemini API for analysis, it may be processed outside the EEA. Google provides adequate safeguards for such transfers under standard contractual clauses.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or through the Service. The effective date at the top of this page indicates when the policy was last revised.

13. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with a supervisory authority. For users in Spain, this is the Agencia Espanola de Proteccion de Datos (AEPD).

14. Contact

For any questions about this Privacy Policy or your personal data, please contact us:

Temujin Labs
Email: hello@temujinlabs.com
Location: Barcelona, Spain