What we process. CostCanvas reads billing exports you upload (CSV or Excel) only to generate the dashboards you see in this app. We do not require an account for the free tier.
Where it runs (costcanvas.io). Our production deployment is hosted in the European Union — EU West (Amsterdam, Netherlands) on Railway infrastructure. Uploads are written to ephemeral server storage for processing only; we do not operate a long-term customer data warehouse for your billing files inside CostCanvas.
Self-hosted deployments. If you run CostCanvas yourself (for example with Docker), your data stays entirely on infrastructure you control; this section describes our hosted service.
GDPR & EU users. We process personal data that may appear in billing exports (for example account or resource names) to provide the service you requested. Typical bases under the GDPR include performance of a contract or steps prior to entering one, and, where applicable, legitimate interests in operating a secure FinOps tool (balanced against your rights). You may have rights to access, rectify, erase, restrict, or object to certain processing, and in some cases data portability. You may also lodge a complaint with your local supervisory authority. For requests about data processed on our EU-hosted service, contact us at the email below; we will respond within a reasonable time.
International transfers. For traffic to costcanvas.io, we host in the EEA to align with common EU residency expectations. If we introduce paid plans, any billing partner you interact with may process data under their own terms; we will update this page when that is available.
What we do not do. We do not sell your billing data to third parties, use it for advertising, or use it to train public machine-learning models.
Contact. support@costcanvas.io
This page is a plain-language summary. It is not legal advice. Enterprises may need a Data Processing Agreement or vendor questionnaires — reach out and involve qualified counsel where required.