Privacy Policy
Effective: January 1, 2025 · Last updated: April 10, 2026
summary: InfraCaptain monitors your server's infrastructure signals — CPU, RAM, disk, processes, cron jobs, and security events. We never collect, read, or transmit your application data, database contents, credentials, passwords, source code, or any personal information belonging to your users. Our monitoring agent is designed to see your server's health — nothing else.
1. Who We Are
InfraCaptain ("InfraCaptain", "we", "us", or "our") is a product owned and operated by Coreway Solution, an IT firm headquartered in Ahmedabad, Gujarat, India. Our service, available at infracaptain.com, provides a server monitoring platform designed to help customers maintain the health and security of their Linux infrastructure.
This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to all users of the InfraCaptain platform, including the monitoring agent installed on customer servers.
2. What the Monitoring Agent Collects
The InfraCaptain monitoring agent runs on your server and collects infrastructure signals only. Below is a complete, specific list of every category of data the agent collects and transmits to our servers:
✓ What the agent DOES collect
| Data type | What exactly is collected | Purpose |
|---|---|---|
| CPU metrics | Usage percentage, load average, core count, frequency | Performance monitoring and alerting |
| Memory metrics | Total RAM, used RAM, free RAM, swap usage. Per-process RSS memory (not content) | Memory leak detection, performance monitoring |
| Disk metrics | Total size, used space, free space per mount point. Read/write byte counts | Disk fill prediction, performance monitoring |
| Network metrics | Inbound and outbound byte counts. Interface names and status | Traffic monitoring and anomaly detection |
| Process list | Process name, PID, user, CPU%, memory%, status, start time. No command arguments containing sensitive data are collected | Runaway process detection, performance analysis |
| Service status | Whether named services (Apache, Nginx, MySQL, etc.) are running or stopped | Service health monitoring and alerting |
| Cron job records | Cron schedule entries (timing and script name), last execution time, exit code, and duration. Not script contents or output | Silent failure detection |
| SSL certificate data | Domain name, certificate issuer, expiry date, hostname validation status | Expiry and mismatch alerting |
| Open ports | List of listening ports and associated service names | Security monitoring — unauthorized port detection |
| Login events | SSH login attempts — timestamp, username, source IP, success/failure status | Brute force detection |
| File integrity hashes | SHA-256 hashes of specific critical system files (/etc/passwd, /etc/hosts, /etc/crontab, SSH authorized_keys, and others). Not file contents | Unauthorized change detection |
| System information | OS name, kernel version, system uptime, hostname | Dashboard display and compatibility |
| Firewall rules | UFW rule summary — allowed/denied ports and protocols. Not traffic content | Security monitoring |
✗ What the agent NEVER collects
- Database contents, queries, schemas, or any stored data
- Application source code, configuration files, or environment variables
- Passwords, API keys, tokens, or any authentication credentials
- Cloud provider access keys or secrets
- File contents of any kind (only SHA-256 hashes of specific system files)
- Application logs in their raw form (only structured infrastructure signals derived from them)
- Personal information belonging to your end users — emails, names, user IDs, payment data
- HTTP request bodies or response content
- Private SSH keys or SSL private keys
- Backup file contents
AI Data Masking
When your server data is processed by Captain AI, additional masking is applied. Any values in application log patterns that match common sensitive formats — IP addresses in application context, email addresses, user IDs, domain-specific identifiers — are replaced with placeholder tokens before the data is sent to the AI processing layer. The AI receives structured infrastructure signals, not raw application data.
3. Account Information We Collect
When you create an InfraCaptain account, we collect:
- Email address — for account authentication and service communications
- Password — stored as a cryptographic hash; we never store your plaintext password
- Payment information — processed and stored by our payment processor (Stripe or equivalent); we do not store full card numbers on our servers
- Billing address — if provided, for invoice generation
- Company name — optional, for invoice purposes
4. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and maintain the InfraCaptain monitoring service
- To generate alerts, reports, and AI-powered diagnostics based on your server data
- To send service notifications — alert emails, billing summaries, and account communications
- To improve the accuracy of our monitoring algorithms and alert thresholds
- To respond to support requests and technical inquiries
- To process payments and generate invoices
- To comply with legal obligations where required
We do not sell your data to third parties. We do not use your server monitoring data for advertising purposes. We do not share your data with third parties except as described in this policy.
5. Data Retention
| Data type | Retention period |
|---|---|
| Free plan monitoring data | 24 hours |
| Basic plan monitoring data | 30 days from collection |
| Pro plan monitoring data | 90 days from collection |
| Data after server disconnection | 30 days, then permanently deleted |
| Account data after account deletion | 30 days, then permanently deleted |
| Billing records | 7 years (tax and legal compliance) |
| Support correspondence | 3 years |
6. Data Security
All data transmitted between the monitoring agent and InfraCaptain servers is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. The monitoring agent authenticates using a unique server-specific token — your deployment token is used only during installation, after which the agent uses a rotating session key.
The agent makes outbound-only connections to InfraCaptain servers on port 443. No inbound connections are made to your server. We do not require or request SSH access, root passwords, or cloud provider credentials at any point.
7. Third-Party Services
InfraCaptain uses the following third-party services in the delivery of the platform:
- Payment processing — handled by a PCI-DSS compliant payment processor. Card data is never stored on our servers
- Email delivery — for alert notifications and account communications
- Cloud infrastructure — our servers run on reputable cloud providers with SOC 2 compliance
- AI processing — for Captain AI features; data is masked before transmission as described in Section 2
8. Your Rights
You have the following rights regarding your data:
- Access — request a copy of all data we hold about you and your servers
- Deletion — request deletion of your account and all associated monitoring data
- Correction — update incorrect account information
- Portability — export your monitoring history in JSON format
- Objection — object to specific uses of your data
- Withdraw consent — disconnect any server at any time; uninstall the agent with one command
To exercise any of these rights, contact us at privacy@infracaptain.com. We respond within 30 days.
9. Cookies
The InfraCaptain web application uses cookies for:
- Authentication — to keep you logged in to your dashboard
- Preferences — to remember your display settings and preferences
- Analytics — aggregate, anonymized usage data to improve the product
We do not use third-party advertising cookies. You can disable cookies in your browser, but this will prevent you from logging in to the dashboard.
10. Children's Privacy
InfraCaptain is a professional infrastructure monitoring service. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected information from a minor, contact us immediately at privacy@infracaptain.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and send an email notification to all active account holders for material changes. Continued use of InfraCaptain after notification constitutes acceptance of the updated policy.
12. Contact
For privacy-related questions or to exercise your rights:
Email: privacy@infracaptain.com
General contact: support@infracaptain.com