Privacy Policy
Last updated: April 2026
Introduction
Welcome to Radar, a hosted Kubernetes visibility platform that gives engineering teams a multi-cluster dashboard, event history, and alert routing (the "Platform"). The Platform is available at app.radarhq.io. It is owned and operated by KoalaOps, Inc., doing business as Skyhook ("Skyhook", or "we", "us", "our"), the team that also maintains the open-source project Radar.
This Privacy Policy ("Policy") explains how we process personal information on the Platform. It is an integral part of our Terms of Use.
The Platform is not intended for users under the age of 18. We do not knowingly collect or process information of children under the age of 18 or knowingly allow minors under the age of 18 to use the Platform.
This Policy may be amended from time to time. We will post any change to this Policy on our Platform at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes, if we have your email address.
Contact us
If you have any questions, comments, or concerns regarding this Policy or the processing of your personal information on the Platform, please contact us by email at radar@skyhook.io.
What personal information is collected and why
| Scenario | Purposes | Categories of information processed |
|---|---|---|
| Registering to the Platform | Creating your account on the Platform; our business development | Your name, email address, and the profile details provided by your single-sign-on identity provider (Google Workspace, GitHub, Okta, Microsoft Entra ID, or another SAML/OIDC provider you elect to use). |
| Connecting a Kubernetes cluster | Providing the Platform's core functionality (multi-cluster visibility, event timeline, alerts) | Cluster metadata transmitted by the Radar agent running in your cluster: Kubernetes resource state (pods, deployments, services, configmaps, and other first-class and custom resources), Kubernetes events, Helm release information, and coarse per-resource metrics. The agent does not transmit application log contents, environment variable values, Kubernetes Secret values, or the contents of exec/port-forward sessions to persistent Platform storage; such content streams only on explicit user request and is not retained at rest. |
| Payment for subscription | Providing you with the Platform and its features, if you chose a paid subscription tier | Your name, email address, billing address, and the details of your payment method (processed by our payment processor; we do not store full card numbers). |
| Optional MCP / AI integration | Providing AI-assisted features, if you explicitly enable them | If you opt in to AI-assisted features, we process the cluster metadata and events relevant to your query through a third-party model provider. Please use discretion when deciding which information to share with AI-assisted features. YOU ARE SOLELY LIABLE FOR PROTECTING THIRD PARTIES' AND YOUR OWN PRIVACY, AND FOR OBTAINING THE PRIOR CONSENT OF INDIVIDUALS WHOSE PERSONAL INFORMATION YOU INCLUDE IN YOUR INPUT. WE WILL NOT BEAR LIABILITY FOR ANY DAMAGES THAT YOU OR OTHERS MIGHT INCUR AS A RESULT OF THE INCLUSION OF PERSONAL INFORMATION IN YOUR INPUT. |
| Contacting us with inquiries | Handling your inquiries; maintaining our customer relations with you; our business development | Your name, email address, and the subject and content of your inquiry. |
| Analytics and use of cookies | Operating and enhancing the Platform; our business development | Information concerning your use of the Platform: IP address from which you access the Platform, time and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Platform. When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR by visiting https://www.rb2b.com/rb2b-gdpr-opt-out. |
You do not have a legal obligation to provide the above information; however, if you choose not to share this information with us, we may not be able to provide you with the Platform and its features or handle your inquiries.
Methods and sources for collecting your personal information
We collect the personal information from several sources:
- Directly from you, when you register to the Platform, connect a cluster, configure integrations, or contact us with inquiries.
- Through the device you use to access our Platform.
- Through the Radar agent installed in your Kubernetes cluster, which transmits cluster metadata to the Platform over an outbound mutually-authenticated TLS connection.
- From your single-sign-on identity provider (such as Google Workspace, GitHub, Okta, or Microsoft Entra ID) when you use it to authenticate.
Sharing your personal information
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
| Scenario | Purposes | Examples of third parties involved |
|---|---|---|
| We will share your information with our service providers who assist us with the internal operations of the Platform. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes | Operating the Platform and managing our business | Amazon Web Services (primary cloud hosting), Google Cloud Platform, ClickHouse Cloud (event timeline storage), Stripe (payment processing), Postmark (transactional email), your configured SSO identity provider, RB2B (website visitor identification) |
| Optional AI-assisted features | If you opt in, providing AI-assisted features by routing prompts and relevant cluster metadata through a third-party model provider | Anthropic, OpenAI (the specific provider used is documented in the Platform settings and may change; we will update this Policy accordingly) |
| If you abused your rights to use the Platform or violated any applicable law while engaging with us | Responding to, handling, and mitigating suspected violations of law in connection with our business | Competent authorities, legal counsels, and advisors |
| If a judicial, governmental, or regulatory authority requires us to disclose your information | Complying with a binding request from a competent authority | Competent authorities |
| If the operation of the Platform or our business is organized within a different framework, or through another legal structure or entity | Enabling a structural change in the operation of the Platform and our business | The target entity of the merger or acquisition, legal counsels, and advisors |
Data retention and security
We retain your information for as long as you are an active user of the Platform, and thereafter as needed for record-keeping matters, but no longer than 7 years.
We will retain your account information for as long as you are an active user of the Platform. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish and defend legal claims, and enforce our agreements. However, we will not retain your data for more than 7 years.
Cluster metadata and event-timeline data are retained for the duration specified by your subscription tier (24 hours on the Free tier, 30 days on Team, 1 year or more on Enterprise). When you disconnect a cluster or cancel your subscription, we begin a deletion process for the associated timeline data within 30 days, subject to the backup retention windows described in our Terms.
We implement measures to secure your information.
We implement organizational and technical measures to reduce the risks of damage, loss of information, and unauthorized access to or use of information. The Platform holds a SOC 2 Type 2 attestation; the report is available on request from trust.skyhook.io. All network communication between the Radar agent and the Platform is encrypted in transit using mutually-authenticated TLS. Data at rest is encrypted using AES-256 managed by our cloud providers. Access to production systems is limited to a small number of authorized Skyhook personnel and is logged and audited. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.
Your rights
As a user of our Platform, you have the following rights in relation to your personal information:
Right to review your information. You have the right to review, either by yourself or through an authorized representative or a guardian, any information we have stored about you in our databases.
Right to request to rectify your information. If, upon reviewing your information, you find your information to be incorrect, incomplete, or outdated, you have the right to ask us to rectify your information or delete it. We will inform you within 30 days whether we can comply with your request.
Right to have your personal data deleted, under certain circumstances, such as when the information is no longer necessary for the purposes the information was collected.
Right to export your information. You may export most of your Platform data (dashboards, saved filters, alert rules, and historical events within your retention window) at any time using the Platform's documented APIs.
Additional Information for Individuals in The United States
KoalaOps, Inc. (d/b/a Skyhook) is providing the following additional information to its clients residing in the United States, pursuant to applicable state privacy laws in the U.S.
We do not sell your information to any third party, or share it for cross-context behavioral advertising. Furthermore, we do not collect, use, or share sensitive information.
We keep the personal information specified below as long as necessary to operate the Platform. Following that period, we shall see to it that the information is not accessed, other than in extraordinary events such as legal claims.
Categories of personal information we collect and process and their sources
Below are the categories of personal information we have collected and/or processed over the past 12 months, and the source of that information.
| Categories of personal information | Details of the personal information that was collected | Sources of information |
|---|---|---|
| Identifiers | Name, email address, SSO profile details | Directly from you. From your SSO identity provider (Google Workspace, GitHub, Okta, Microsoft Entra ID, or other configured provider). Through the device you use to access our Platform. |
| Information that identifies, relates to, describes, or is capable of being associated with, a particular individual | Contents of your inquiries; contents of your prompts to optional AI-assisted features (if enabled) | Directly from you. |
| Commercial information | Your subscription tier, billing address, and payment method details (processed by our payment processor) | Directly from you. |
| Internet or other electronic network activity information | Information collected through cookies and analytics tools; in-Platform activity logs | Through the device you use to access our Platform. |
Business purposes for the collection of personal information
| Categories of personal information | Business purposes |
|---|---|
| Identifiers; Information that identifies, relates to, describes, or is capable of being associated with, a particular individual; Commercial information; Internet or other electronic network activity information | Performing services through the Platform. Debugging to identify and repair errors that impair existing intended functionality. Detecting and preventing security incidents. Undertaking activities to verify or maintain the quality or safety of the Platform and to improve, upgrade, or enhance the Platform. |
Disclosures to third parties
Below are the categories of personal information we shared with third parties over the past 12 months, and the categories of third-party entities we share them with.
| Categories of personal information | Categories of entities we give the information to, and why |
|---|---|
| Identifiers; Information that identifies, relates to, describes, or is capable of being associated with, a particular individual; Commercial information; Internet or other electronic network activity information | Our service providers, who will use it only as necessary to assist us in the internal operations of our business and the Platform, and not for their own promotional purposes. Competent authorities, legal counsels, and advisors, if you abused your right to use the Platform or violated any applicable law in the course of doing business with us. Judicial, governmental, or regulatory authorities, if they require us to disclose your information. The target entity of a merger or acquisition, legal counsels, and advisors, if the operation of the Platform or our business is organized within a different framework, or through another legal structure or entity. |
Your rights
The right to know. You have the right to know whether we are processing your personal information. If we do, you have the right to know the following information, which we will provide to you after we receive your request and verify your identity:
- The categories of personal information we collected about you.
- The categories of sources from which the personal information was collected.
- The purposes for which we collect personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personal information we collected about you.
The right to obtain a copy of your personal information. If your data is available in a digital format, you have the right to obtain a copy of the personal information that you previously provided to us, in a portable and readable format (to the extent this is technically feasible).
The right to delete your personal information. In some cases, state privacy laws provide for the right to request the deletion of your personal information.
The right to correct inaccurate personal information. Once we receive a request from you to correct your data, and verify your identity, we will examine the veracity of the corrected information provided by you, consider your request to correct, and inform you of our decision.
To establish the veracity of the personal information as per your request, we will consider all the circumstances pertaining to the personal information the correction of which is requested. We may also require you to provide documentation in support of your request to correct the personal information.
The right to opt-out of processing for solely-automated profiling. You have the right to opt-out of solely-automated processing of your personal information to evaluate, analyze, or predict your personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, where that processing is done in furtherance of a decision that produces a legal or similarly significant effect on you.
The right to non-discrimination as a result of exercising your rights. You have the right to not be discriminated by us for exercising the rights granted to you under applicable law. If you exercise your rights, we cannot:
- deny you services.
- charge different prices or fees for services, also through discounts, benefits, or fines.
- provide you with a different level or quality of services.
- propose that you receive different prices or tariffs for services.
Please note that we may charge a different fee or provide a different level or quality of services, if the difference is reasonably related to the value we gain from your personal information.
Filing requests
Should you wish to exercise your rights under applicable laws as specified above, please contact us by email at radar@skyhook.io.
To verify your identity, we will ask you to provide additional information, through a verification process in which you will be asked to provide us with two items of information known to you and to us.
Note you may appoint an authorized agent to file requests to exercise your rights on your behalf. To this end, you must provide your authorized agent with written approval to do so. The authorized agent will have to present us with proof, attesting that you authorized them to act on your behalf. Furthermore, we will require verification of your identity, as explained above.
Our response to your requests
We will respond to your requests within 45 days (or within 90 days, where the law permits and we determine it necessary considering the complexity and number of the requests you have filed). If we take longer than 45 days, we will inform you of the extension within the initial forty-five-day response period, together with the reason for the extension.
We may deny your request in the following cases:
- If we believe in good faith, based on reasons which are documented in writing, that your request is fraudulent or is an abuse of your rights under applicable law.
- If we conclude that the request is irrelevant, based on all the circumstances at issue (e.g., if you requested to correct your personal information, and we find that it is likely to be accurate).
- If it is contrary to federal or state law.
- Due to discrepancy in the required documentation.
- If the fulfillment of your request turns out to be impossible or involves disproportionate effort.
We will provide you with a detailed explanation including sufficient facts to enable you to meaningfully understand why we cannot fulfill your request.
You may appeal our decision to deny your request by submitting a written appeal to radar@skyhook.io.