Argus

Privacy policy

Last updated:

This policy explains what data Argus ("we", "us") collects when you use the dashboard at argus-profiler.com, why we collect it, who we share it with, and the rights you have over it.

1. Who we are

Argus is operated by [Your Company], a company registered at [postal address]. For privacy questions, contact support@argus-profiler.com.

2. What we collect

The dashboard has three data flows.

2.1 Account data

When you sign up: your email, your chosen display name, and a salted hash of your password (we never store the password itself). When you log in: an HttpOnly cookie containing a refresh-token reference and a short-lived access token.

2.2 Profiling sessions (your project data)

Profiling captures sent from your Unity builds via the API: per-frame timings, memory usage, draw-call counts, device fingerprint (model, OS, GPU, Unity version), and any custom tags or environment names you set on the capture. This is the data you actively send to Argus to power your own dashboards. We do not use it to profile you; it's your product's telemetry, held on your behalf.

2.3 Operational telemetry

Per-request server logs (HTTP method + URL + status code + request id + millisecond duration), audit-log entries for state-changing actions (signup, login, project changes, billing changes — see Security), and aggregate usage meters (sessions ingested per month, storage bytes per month) for plan-tier enforcement.

IP addresses and user-agent strings are stored in audit-log entries to help you investigate suspicious activity on your account. Pino's log redaction rules strip authentication tokens and password hashes from logs before they leave the process.

3. Why we collect it (GDPR lawful basis)

  • Performance of contract (Article 6(1)(b)) — account data and profiling sessions are needed to run the service you've subscribed to.
  • Legitimate interest (Article 6(1)(f)) — operational telemetry (request logs, audit log) is necessary to keep the service secure and reliable. You can object to specific processing under Article 21.
  • Legal obligation (Article 6(1)(c)) — billing records are retained as long as tax law in your jurisdiction requires (typically 7-10 years).

4. Who we share it with

We use a small number of sub-processors to operate Argus. The current list, what each one does, and where data physically lives are published at /legal/sub-processors and updated whenever we add or remove a vendor.

We do not sell your data. We do not share it with advertisers. See Do Not Sell My Personal Information if you're a California resident.

5. Where it lives

Argus is hosted in the Frankfurt (eu-central) region of our cloud provider. EU customer data does not leave the EU under normal operation. Sub-processors with US legal entities (Stripe, Resend) receive only the data listed against them on the sub-processors page, and the cross-border transfer is covered by Standard Contractual Clauses.

6. How long we keep it

  • Account data: until you delete the account. Soft-deleted accounts (Phase 6.5 follow-up) are hard-deleted 30 days after the deletion request to give you a recovery window.
  • Profiling sessions: per the retention setting on each project, capped by your plan tier (Free 7 days · Pro 90 · Team 365 · Enterprise custom). Deleted nightly by an automated worker.
  • Audit log: per plan tier (Free off · Pro 30 days · Team 1 year · Enterprise custom).
  • Server logs: 14 days for the request access log; longer for security-incident investigation.
  • Billing records: as required by tax law in your jurisdiction.

7. Your rights

Whether you're in the EU (GDPR), California (CCPA), Brazil (LGPD), Canada (PIPEDA), or the UK (UK GDPR), you have substantially the same rights:

  • Access — get a copy of your data. Request via support@argus-profiler.com; self-serve export coming in a follow-up release.
  • Rectification — fix wrong data. Most fields editable in /account; ask us for anything not exposed there.
  • Erasure ("right to be forgotten") — delete your account and associated data. 30-day grace period before hard delete.
  • Portability — receive your data in a structured, machine-readable format. The export we provide is JSON + zipped session captures.
  • Object — object to processing based on legitimate interest.
  • Lodge a complaint — with your country's data-protection authority. EU customers can complain to the supervisory authority of their residence even though we're based elsewhere.

We respond to verified rights requests within 30 days. Verification is ownership of the email on the account.

8. Cookies

Detailed in our cookie policy. The short version: an argus_* auth cookie is essential and always set; analytics + marketing cookies are off by default and only set if you opt in.

9. Children

Argus is a developer tool and isn't directed at children under 16. We don't knowingly collect data from children. If you believe a child has signed up, contact us and we'll delete the account.

10. Security incidents

Our incident response process aims to notify affected customers within 72 hours of confirming a personal-data breach (GDPR Article 33). For your own org's audit trail, see /legal/security.

11. Changes

Material changes are announced by email to each org's billing address and dated at the top of this page. Continuing to use the dashboard after a change indicates acceptance; if you disagree you can opt out or close your account.

12. Contact

Privacy questions: support@argus-profiler.com. Data Protection Officer (where required): [DPO email].