Overview
Spore is an open-source tool for managing AWS EC2 instances. We prioritize your privacy and minimize data collection.
What We Collect
Authentication Information
When you sign in through Google, Globus Auth, or GitHub:
- Your email address or username (from OAuth provider)
- Temporary AWS credentials (expire in 1 hour)
- OAuth tokens (stored locally in your browser only)
What We Don't Collect
- ❌ No passwords (OAuth only)
- ❌ No browsing history
- ❌ No tracking cookies
- ❌ No analytics or telemetry
- ❌ No EC2 instance data (stays in your AWS account)
How We Use Your Information
Authentication Only: Your OAuth credentials are used solely to obtain temporary AWS credentials via AWS Cognito Identity Pool. These credentials allow the dashboard to query your AWS account for instances you've launched with Spawn.
Client-Side Only: All EC2 queries happen directly from your browser to AWS. No data passes through our servers.
Data Storage
- Browser LocalStorage: OAuth tokens and AWS credentials (temporary, expire in 1 hour)
- No Backend Database: We don't store any user data on servers
- AWS Cognito: Identity mappings managed by AWS (federated identity only)
Third-Party Services
Your Rights
- Access: All data is stored locally in your browser (inspect LocalStorage)
- Deletion: Click "Logout" or clear your browser's LocalStorage
- Portability: Data stays in your AWS account under your control
Security
- HTTPS encryption for all connections
- OAuth 2.0 / OpenID Connect standards
- Temporary credentials with automatic expiration
- Read-only AWS permissions (cannot modify instances)
Open Source
Spore is open source under the MIT License. You can audit the code on GitHub to verify these privacy claims.
Changes to This Policy
We may update this policy occasionally. Changes will be posted on this page with an updated date.
Contact
Questions about privacy? Open an issue on GitHub.