This privacy policy (“Privacy Policy”) governs how we, C MONKEY CLOUD SOLUTIONS LTD’S (together, “Company”, “We”, “Our” or “Us”) use, collect and store Personal Data we collect or receive from or about you (“User”, “You”) such as in the following use cases:

  1. When you use Our proprietary solution known as “Control Monkey” and the content, features and services therein  (collectively, the “Services“), including:
    1. setting up an account,
    2. logging-in to the Services,
    3. make any use of the Services such as review, mapping or changes to any of your resources using Control Monkey and any other information or data which is provided to Us or which we learn from Your use of the Services
    4. any data and information we acquire from third-party sources through your permissions or shared credentials

(collectively “Control Monkey Data”) 

  1. When you make use of, or interact with, our services such as request a demo, subscribe to an email list, newsletters or blog or when you other contact or connect with Us.
  2. When we acquire any information from third-party sources. 

In addition to the Control Monkey Data, some of the information we obtain or collect may be PII.  We define “PII” to mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, phone number or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

There is nothing in this Privacy Policy which requires you to provide us with Control Monkey Data or with PII, however if you do not provide with such information some or all of the Services which are offered by Us may not be available or operate in its optimal way.

Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement. 


We greatly respect Your privacy, which is the reason We make every effort to provide the Services  in manner which will ensure they meet the highest standards of privacy standards. Please read this Privacy Policy carefully, so you can fully understand our practices in relation to Control Monkey Data and PII.


Please also read Company’s Terms of Use which describes the terms under which you use our Services.




  1. What Control Monkey Data we collect, why we collect it, and how We use it
    • When you make use of Control Monkey we will need to obtain the credential to third party services which you use, we will obtain data on the cloud resources used by You, the architecture of the cloud resources and their interaction, the cloud management profile and the manner in which resources are deployed, “Infrastructure as code” code repositories provided by you for your Version Control System provider (e.g Github, Gitlab)  We will not collect or obtain any Control Monkey Data which you do not expressly grant Us access to or provide to Us directly. We will use any and all Control Monkey solely in order to provide the Services to you and improve the technical and functional abilities of our Services.
    • When you create an account and when you log in to Control Monkey we will obtain Full name, Email address, phone number, Password and any other information you decide to provide Us with. Use of such information is necessary for the ability to provide the Services and in order to take steps at Your request (e.g., to allow you create an account and log in)
  2. How we protect and store Control Monkey Data.
    • We have implemented appropriate technical, organizational and security measures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Control Monkey Data appropriate to the nature of the data concerned. However, please note that We cannot guarantee that the Control Monkey Data will not be exposed as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with Us and the security you use to protect your cloud services as well ad your Git resources storing your code, please make sure to take appropriate measures to protect this data.
    • Retention of your Control Monkey Data. Your Control Monkey Data will be stored so long as we provide the Services. We do not retain and will delete the Your Control Monkey Data upon your request or upon the termination of your use of the Services. Please note that in some circumstances we may store your Control Monkey Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, (ii) per your request in order to be able to roll back any action conducted through the Services; or (iii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iv) if we reasonably believe there is a prospect of litigation relating to Control Monkey Data or dealings.
    • Your Code. We will need the ability to access your Code based on your permission for the purpose of initial set up and configuration as well as continuous performance of our services. You will have full control on the code We will be provided with or have access to based on your Version Control System’s permission policy and set-up. Following completion of any process which requires access to your Code, within not more than 48 hours thereafter, your code will be permanently and completely deleted from our server or resources. For the avoidance of any doubt we will not obtain, ask or receive any of your application source code – the only source code we will have access to if you grant us permission is to your Infrastructure as Code.
  3. How we share Control Monkey Data. We Do not share your Control Monkey Data with anyone without Your express permission.




  1. PII We Obtain and How We Use It. In order to provide and improve our Services, we may collect PII, including the following types of information:
    • Information You Provide. In some of the features of the Services we ask you for PII, including: first and last name, company name and email address.
    • Third Parties. We might receive information and/or security settings from third parties who have access to your cloud resources for  various purposes (such as Google, Microsoft, Github or Bitbucket), such as names, email addresses, metadata or security settings.
    • User Communications.When you send email or other communication to the Company, we may retain those communications in order to process your inquiries, respond to your requests and improve our Services. We may send you push notifications to send you news, reminders and updates in respect of the Services. We may also send you newsletters and promotional communications. You may opt-out of this service at any time by sending an email to the following address:
    • User Information.When you use the Services, we automatically receive and record information from your browser, including without limitation information and statistics about your online/offline status, your  IP address, geolocation data (including country and city), browser identifiers, internet service provider, connection speed, search history, type of browser, your regional and language settings and software and hardware attributes. Our systems automatically record and store technical information regarding the method and nature of your use of the Services. An IP address is a numeric code that identifies your browser on a network, or in this case, the Internet. Your IP address is also used to gather broad demographic information. The Company uses all of the PII identified in this Section in order to understand the usage trends and preferences of our users, including recent visits to our Services and how you move around different sections of our Services for analytics purposes and in order to make our Services more intuitive.
    • Aggregate and Analytical Data. In an ongoing effort to better understand and serve the customers of the Services, we may conduct research customer demographics, interests and behavior based on the PII and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregate data with our affiliates, agents, suppliers and business partners. This aggregate information does not identify you personally. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
  2. Cookies.In order to collect the data described herein we use temporary cookies that remain on your browser for a limited period of time. We may also use persistent cookies that remain on your browser until the Company’s Services are removed, in order to manage and maintain the Services and record your use of the Services. Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to and stored on your browser. Cookies do not damage your browser. Most browsers allow you to block cookies but you may not be able to use some features on the Services if you block them. You may set most browsers to notify you if you receive a cookie (this enables you to decide if you want to accept it or not). We also use web beacons via the Services to collect information. Web beacons or “gifs”, are electronic images that are used in our Services or in our emails. We use Web beacons to deliver cookies, count visits and to tell if an email has been opened and acted upon.
  3. Links.Links to other services, sites and applications may be provided by the Company as a convenience to its users. The Company is not responsible for the privacy practices or the content of other sites and applications and you visit them at your own risk. This privacy statement applies solely to PII collected by us.
  4. PII Sharing. We will not share your PII with third parties without your explicit permission, except when required by law, regulation, subpoena or court order or as otherwise expressly set forth herein. The Company will share PII in the following circumstances: (a) as required for providing the Services; (b) for maintenance and improvement of the Services; (c) if we become involved in a reorganization, merger, consolidation, acquisition, or any form of sale of some or all of our assets, with any type of entity, whether public, private, foreign or local; and/or (d) to satisfy applicable law or prevention of fraud or harm or to enforce applicable agreements and/or their terms, including investigation of potential violations thereof.
  5. Data Security and Data Retention. We follow generally accepted industry standards to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of PII. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your PII, we cannot guarantee its absolute security. We keep your PII only for as long as we are in an engagement with you and will use the PII solely for the purposes for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements. We will delete any information provided to us by you upon the receipt of a written request and when our engagement is terminated or expired. We cannot restore information once it has been deleted.
  6. Data Integrity. The Company processes PII only for the purposes for which it was collected and in accordance with this Privacy Policy or any applicable service agreements. We review our data collection, storage and processing practices to ensure that we only collect, store and process the PII needed to provide or improve our Services. We take reasonable steps to ensure that the PII we process is accurate, complete, and current, but we depend on our users to update or correct their PII whenever necessary. Nothing in this Privacy Policy is interpreted as an obligation to store information, and we may, at our own discretion, delete or avoid from recording and storing any and all information.
  7. Your Rights.
    • Right of Access and Rectification. You have the right to know what PII we collect about you and to ensure that such data is accurate and relevant for the purposes for which we collected it. We allow our users the option to access and obtain a copy of their PII and to rectify such PII if it is not accurate, complete or updated. However, we may first ask you to provide us certain credentials to permit us to identify your PII.
    • Right to Delete PII or Restrict Processing. You have the right to delete your PII or restrict its processing. We may postpone or deny your request if your PII is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.
    • Right to Withdraw Consent. You have the right to withdraw your consent to the processing of your PII. Exercising this right will not affect the lawfulness of processing your PII based on your consent prior to its withdrawal.

You may exercise the above rights by sending a request to:

  • Right to Lodge Complaint. You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your PII.
  • California Privacy Rights. California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please send an email to Please note that we are only required to respond to one request per customer each year.
  1. Enforcement. The Company regularly reviews its compliance with this Privacy Please feel free to direct any questions or concerns regarding this Privacy Policy or our treatment of PII by contacting us as provided above. When we receive formal written complaints, it is the Company’s policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of PII that cannot be resolved between the Company and an individual.
  2. Changes to This Privacy Policy. The Company may update this Privacy We will notify you about significant changes in the way we treat PII by sending a notice to the primary email address specified in your account or by placing a prominent notice on the Services. We encourage you to periodically review this Privacy Policy for the latest information about our privacy practices.
  3. Consent to Processing. By providing any PII to us pursuant to this Privacy Policy, all users, including, without limitation, users in the United States, Israel and member states of the European Union, fully understand and unambiguously consent to this Privacy Policy and to the collection and processing of such PII abroad. The server on which the Services are hosted and/or through which the Services are processed may be outside the country from which you access the Services and may be outside your country of residence. Some of the uses and disclosures mentioned in this Privacy Policy may involve the transfer of your PII to various countries around the world that may have different levels of privacy protection than your country. By submitting your PII through the Services, you consent, acknowledge, and agree that we may collect, use, transfer, and disclose your PII as described in this Privacy Policy. If you do not consent to the terms of this Privacy Policy, please do not use the Services.
  4. Questions. If you have any questions about this Privacy Policy or concerns about the way we process your PII, please contact us at


Last Date Updated: September 14th, 2022


Compliant AWS environments in minutes, with Self-service Infrastructure
Learn how to enable other teams such as Dev and QA to launch pre-defined compliant AWS environments in minutes, by using Terraform.

Contact us

We look forward to hearing from you

AWS Governance & DevOps Productivity with Terraform

Learn how how to shift-left cloud governance with Terraform in this webinar brought to you by AWS and ControlMonkey.

We look forward to hearing from you!


Terraform Best Practices with ControlMonkey Webinar

Check out our latest webinar with DoIT International.

In this webinar we showcase together with DoIT how ControlMonkey is helping DevOps teams to make the transition from ClickOps to GitOps easily with Terraform.

This website uses cookies. We use cookies to ensure that we give you the best experience on our website. Privacy policy