Legal

Privacy Policy

Last updated: March 2026

The short version

CloudLens collects no personal data whatsoever
Your AWS credentials are stored only in your browser — never on our servers
Your cost data is sent only to AWS and Anthropic — never to CloudLens
We have no analytics, no tracking, no cookies
We cannot see your AWS account, costs, or resources

1. Who we are

CloudLens is a Chrome browser extension that displays AWS cost data inline in the AWS Management Console. It is built and maintained by AB, an independent developer based in Northern Virginia.

You can contact us at: [email protected]

2. What data we collect

We collect no personal data.

CloudLens does not operate any servers that receive, store, or process your personal information, AWS account data, cost data, or resource information. There is no CloudLens backend database. There is no analytics system. There are no usage logs.

3. How your AWS credentials are handled

When you enter your AWS IAM Access Key ID and Secret Access Key during setup, those credentials are stored exclusively in Chrome's built-in chrome.storage.local API, which is encrypted at rest by Chrome on your local device.

Your credentials are transmitted to exactly one destination:

AWS Cost Explorer API (ce.us-east-1.amazonaws.com) — to retrieve your billing data. This is a direct connection from your browser to AWS. CloudLens never acts as an intermediary for this data.

Your credentials are never sent to CloudLens servers, third-party analytics services, or any other destination.

4. How your cost data is handled

Your AWS cost data (dollar amounts, service names, resource identifiers) is retrieved from AWS and stored temporarily in Chrome's chrome.storage.session API as a local cache. This cache lives only in your browser's memory and is cleared when you close Chrome.

When you use AI-powered tooltip summaries (Pro feature), anonymised cost numbers are sent to the Anthropic Claude API to generate a plain-English summary. Specifically: dollar amounts and service names only. No account identifiers, resource names, ARNs, or personally identifiable information are included in these requests.

Anthropic's privacy policy governs how they handle API requests. You can review it at anthropic.com/privacy.

5. Claude API key handling

If you provide a Claude API key for AI summaries, it is stored in chrome.storage.local on your device. It is transmitted only to the CloudLens proxy server (hosted on AWS Lambda in us-east-1) which forwards it to the Anthropic API. The proxy does not log or store your API key.

6. What IAM permissions CloudLens requires

CloudLens requests a read-only IAM policy with the following permissions only:

ce:GetCostAndUsage
ce:GetCostAndUsageWithResources
ce:GetDimensionValues
ce:GetCostForecast

These permissions allow CloudLens to read billing data only. CloudLens cannot create, modify, or delete any AWS resources. It cannot access S3 bucket contents, EC2 instance data, RDS databases, or any service data — only billing records.

7. Cookies and tracking

CloudLens uses no cookies, no web beacons, no fingerprinting, no analytics SDKs, and no third-party tracking of any kind. The getcloudlens.com website uses no analytics tools and sets no cookies.

8. Children's privacy

CloudLens is a professional tool intended for AWS users. It is not directed at children under the age of 13 and we do not knowingly collect any information from children.

9. Changes to this policy

If we make material changes to this privacy policy, we will update the "Last updated" date at the top of this page and post a note in the CloudLens blog. Continued use of the extension after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email us at