Privacy protections for product use

Cloud Network Observer is designed as a read-only, local-first product for understanding AWS network topology without modifying AWS resources.

This page explains the privacy behavior that is implemented in the product and focuses on what the product does in practice.

Product analytics are disabled by default until you make an explicit choice. Before consent is granted, analytics capture is not sent to the external analytics service.

If you grant consent, product analytics and error tracking may send product-usage events, exception reports, and user-initiated support events such as bug-report or community-open actions.

The product uses the existing in-app consent banner for this decision and does not enable analytics before that banner is accepted.

When consent is granted, the product may collect anonymous or product-improvement-oriented telemetry about feature usage, application errors, and support interaction flows.

The purpose of this data is product improvement, debugging, and understanding whether core workflows are functioning as expected.

Daily active use measurement is based on an anonymous device-scoped identifier for the local installation rather than an AWS profile name, login account, or IP address.

The product is not designed to send raw AWS resource data to analytics as part of normal telemetry.

Sensitive infrastructure identifiers such as AWS resource payloads, resource IDs, Name Tags, and IP addresses are excluded from analytics payloads or protected by masking policies.

IP-based tracking is disabled in the analytics configuration.

The implemented analytics configuration enables full text masking, full element-attribute masking, and input masking.

These protections are intended to reduce exposure of sensitive on-screen infrastructure information during analytics and session replay workflows.

For graph-heavy product surfaces, the policy goal is to minimize sensitive screen disclosure rather than rely on unprotected replay data.

Your analytics consent choice may be stored locally on your device so the product can remember your preference.

If consent is granted, the product may also store an anonymous device-based identifier locally so repeat launches from the same installation can be measured as the same daily active user.

This local identifier is used for product analytics continuity and is not intended to store AWS resource payloads, account credentials, or raw infrastructure exports.

Cloud Network Observer is built around a read-only workflow. It does not perform AWS resource modification operations as part of the product behavior.

AWS topology and related working data are handled with a local-first approach so the product can support review and inspection workflows without turning the analytics pipeline into a source of raw infrastructure export.

If you want to share feedback, ask a question, or report an issue related to privacy expectations, use the public discussion channel linked below.

Discussion-based feedback is the main public path for product questions and suggestions from the landing page.