Privacy Policy

Last updated: 1 May 2026

1. Who We Are

Infrajet is operated by Nexgen Tech Labs, registered in England and Wales. We are the data controller for personal data collected through this platform. Contact: privacy@ngtl.tech.

2. Data We Collect

We collect and process the following personal data:

Category	Examples	Purpose
Account data	Name, email address	Account creation, login, support
Authentication	Hashed password, JWT tokens	Secure access to your account
Organisation data	Organisation name	Workspace setup and billing
Usage data	Pages visited, features used, credit consumption	Product improvement, abuse prevention
Generated content	IaC prompts, generated Terraform/Bicep/ARM code	Delivering the service; passed to AI provider
Integration tokens	GitHub App installation ID, Azure credentials	Connecting your repositories and Azure tenant

3. How We Use Your Data

Providing, operating, and improving the Infrajet platform.
Authenticating your sessions and protecting your account.
Sending transactional emails (account creation, password reset, billing).
Enforcing our Terms & Conditions and preventing abuse.
Complying with legal obligations.

4. Third-Party Processors

We share data with the following sub-processors as necessary to operate the service:

Anthropic — AI generation. Your IaC prompts and configuration are sent to Anthropic's Claude API to produce infrastructure code. Anthropic does not train on API data by default. See Anthropic's Privacy Policy.
GitHub — Repository integration. Generated code is pushed to GitHub repositories you authorise via GitHub Apps. See GitHub's Privacy Statement.
Microsoft Azure — Deployment. GitHub Actions workflows deploy to Azure tenants you configure. Infrajet does not store your Azure credentials beyond the session.
PostgreSQL (self-hosted) — All application data is stored in a PostgreSQL database hosted within our infrastructure.

5. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion:

Account and organisation data is deleted within 30 days.
Generated IaC code and project history is deleted within 30 days.
Anonymised usage analytics may be retained indefinitely.
Data required for legal or compliance purposes may be retained for up to 7 years.

6. Your Rights

Under applicable law you have the right to:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — request deletion of your personal data (“right to be forgotten”).
Portability — receive your data in a machine-readable format.
Objection — object to processing based on legitimate interests.
Restriction — request that we restrict processing in certain circumstances.

To exercise any of these rights, email privacy@ngtl.tech. We will respond within 30 days.

7. Cookies

Infrajet uses a single session cookie (infrajet_token) to maintain your authenticated session. No advertising or tracking cookies are used.

8. Security

Passwords are stored as bcrypt hashes. API traffic is encrypted in transit using TLS. Access to production systems is restricted to authorised Nexgen Tech Labs personnel.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated by email. Continued use of Infrajet after changes are posted constitutes acceptance of the revised policy.

10. Contact & Complaints

For privacy questions contact privacy@ngtl.tech. If you are in the UK or EU and believe we have mishandled your data, you have the right to lodge a complaint with your supervisory authority (in the UK: the ICO).