Privacy Policy

Last updated: April 2026

1. Who we are

CostMind is a BigQuery cost intelligence platform operated by CostMind (“we”, “us”, “our”). We help data teams understand and reduce their Google BigQuery spend. Questions about this policy can be sent to hello@costmind.io.

2. What data we collect

Account data

When you sign up we collect your email address, full name, and organization name. This is used to authenticate you and identify your account.

BigQuery metadata

When you connect a GCP project, we read job history and table metadata from BigQuery’s INFORMATION_SCHEMA views. This includes: query text, bytes processed, job execution timestamps, user emails that ran queries, table names and sizes, and partition/clustering configuration.

What we never access

We never read the contents of your BigQuery tables, your actual data rows, query results, or any data outside of INFORMATION_SCHEMA metadata views.

3. How we use your data

  • To provide cost attribution, anomaly detection, and optimization recommendations
  • To generate cost reports and insights for your team
  • To send product and billing-related emails
  • To improve the accuracy of our recommendation engine

We do not sell your data to third parties. We do not use your BigQuery metadata to train AI models or benchmark against other customers.

4. Data retention

We retain BigQuery job metadata for the duration of your subscription plus 30 days after cancellation, after which it is deleted. Account data is retained for 90 days after cancellation to allow account recovery, then permanently deleted. You can request immediate deletion by emailing hello@costmind.io.

5. Third-party services

  • Stripe — processes payments. We do not store card details. Stripe’s privacy policy applies to payment data.
  • Railway — hosts our application and database infrastructure in the US.
  • PostHog — collects anonymized product analytics (page views, feature usage). No BigQuery metadata is sent to PostHog.
  • Anthropic — powers AI-generated cost recommendations. Query metadata may be sent to Anthropic to generate insights. No personally identifiable information beyond query text is included.

6. Security

GCP service account credentials are encrypted at rest using AES-256. We optionally support Google Secret Manager for credential storage. All data is transmitted over TLS. Access to production systems is restricted to authorized personnel. See our Security page for full details.

7. Your rights

You have the right to access, correct, or delete your personal data at any time. To exercise these rights, email hello@costmind.io. We will respond within 30 days.

8. Changes to this policy

We will notify you by email at least 14 days before any material changes to this policy take effect.

9. Contact

For privacy questions or data requests: hello@costmind.io

← Back to home