Home Legal Privacy Policy

Our Privacy Policy

At CloudNexus, we take your privacy seriously. This policy explains how we collect, use, share, and protect your personal information when you use our services.

📅 Last Updated: January 15, 2025
📄 Effective: January 15, 2025
🔒 GDPR & CCPA Compliant
ℹ️

What's New

This policy was updated on January 15, 2025. We've clarified our data processing practices, added information about AI-powered features, and expanded our section on data subject rights under GDPR.

📋 Overview

CloudNexus Technologies, Inc. ("CloudNexus," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes our policies and procedures on the collection, use, disclosure, and protection of your information when you use our cloud hosting, infrastructure, and related services (collectively, the "Services").

By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

Key Commitments

We never sell your personal data to third parties. We implement enterprise-grade encryption and security measures to protect your infrastructure and data. We provide transparent controls so you can manage how your information is collected and used at all times.

The terms "personal data" and "personally identifiable information" used in this policy have the same meaning as defined under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

📊 Information We Collect

We collect several types of information from and about users of our Services, categorized as follows:

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, company name, billing address, and payment details when you create an account or subscribe to our Services.
  • Profile Data: Profile picture, job title, team role, and communication preferences you choose to provide.
  • Support Communications: Messages, tickets, and correspondence you send to our support team.
  • Survey Responses: Feedback and responses you voluntarily provide in surveys or research studies.

2.2 Information Collected Automatically

  • Usage Data: Information about how you interact with our Services, including resource utilization, API calls, deployment patterns, and feature usage metrics.
  • Infrastructure Telemetry: Server performance metrics, network data, error logs, and system health data from your hosted environments.
  • Device Information: IP address, browser type, operating system, device identifiers, and screen resolution.
  • Log Data: Server logs including access times, referrer URLs, pages viewed, and clickstream data across our platform.

2.3 Information from Third Parties

  • Identity Verification: Information from third-party identity verification and fraud prevention services.
  • Payment Processors: Billing information and transaction history from our payment service providers.
  • Analytics Providers: Aggregated and anonymized usage data from analytics platforms we use.
  • Security Feeds: Threat intelligence data from cybersecurity partners and information sharing organizations.

⚙️ How We Use Your Information

We use the information we collect for the following business purposes, based on our legitimate interests and your consent where required:

  1. Service Delivery: To provision, operate, maintain, and deliver our cloud hosting and infrastructure services to you.
  2. Infrastructure Management: To monitor, optimize, and manage the performance and reliability of our data centers, networks, and server infrastructure on your behalf.
  3. Security & Fraud Prevention: To detect, investigate, and prevent security incidents, fraud, abuse, and other malicious activities across our platform.
  4. Account Management: To create and manage your account, process transactions, send technical notices, and provide support.
  5. AI-Powered Optimization: To train and improve our AI-powered auto-scaling algorithms, anomaly detection systems, and automated threat mitigation — using anonymized and aggregated data only.
  6. Communication: To send you service updates, security advisories, billing notifications, and (with your consent) marketing communications.
  7. Analytics & Improvement: To analyze usage patterns, conduct research, and improve our Services, user experience, and security posture.
  8. Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
Important

We do not use the contents of your data stored on our infrastructure (your files, databases, or application code) for any purpose other than what is necessary to provide the hosting service. Your data remains yours, and we never scan, read, or share your stored content without your explicit consent or a legal obligation.

🤝 Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Category Description Legal Basis
Service Providers Cloud providers, payment processors, CDN providers, and monitoring services that help us operate our platform. Contractual Necessity
Infrastructure Partners Data center operators, network providers, and hardware suppliers involved in delivering our infrastructure services. Contractual Necessity
Legal Requirements When required by law, court order, or governmental request, or to protect the rights, property, or safety of CloudNexus or others. Legal Obligation
Business Transfers In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. Legitimate Interest
With Your Consent Any other sharing not described above, only with your explicit, informed consent. Consent

4.1 Subprocessors

We maintain a publicly available list of subprocessors on our Subprocessors Page. We notify customers of any changes to subprocessors through our service status page and provide an opportunity to object to such changes.

4.2 Data Protection Agreements

We require all third parties that process your information to adhere to this Privacy Policy and to process data only on our documented instructions. We enter into Standard Contractual Clauses (SCCs) or Data Protection Addendums (DPAs) with all relevant subprocessors.

🛡️ Data Security

We implement industry-leading security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

  • Encryption in Transit: All data transmitted between your systems and our infrastructure is encrypted using TLS 1.3. We enforce TLS 1.2 minimum for all API endpoints.
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption. Customers on Enterprise plans can provide their own encryption keys (BYOK).
  • Network Security: Multi-layer DDoS mitigation, Web Application Firewall (WAF), network segmentation, and intrusion detection/prevention systems.
  • Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA) enforcement, and least-privilege access principles for all systems.
  • Physical Security: Our data centers feature biometric access controls, 24/7 surveillance, man-trap entry systems, and environmental monitoring.
  • Vulnerability Management: Continuous automated scanning, regular third-party penetration testing, and a responsible disclosure program.
  • Incident Response: A dedicated security operations center (SOC) monitors for threats 24/7, with a documented incident response plan tested quarterly.
  • Compliance Certifications: SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, PCI DSS Level 1, and HIPAA BAA availability.

Despite our efforts, no security measure is perfect. If you become aware of any security vulnerability or data breach, please contact our security team immediately at security@cloudnexus.com.

🗃️ Data Retention

We retain your personal information and data for as long as your account is active or as needed to provide our Services, subject to the following retention schedules:

Data Type Retention Period Notes
Account & Profile Data Duration of account + 30 days after closure Anonymized after deletion period
Billing & Transaction Records 7 years As required by tax & accounting laws
Infrastructure Logs 90 days (standard) / 1 year (Enterprise) Archived for compliance if required
Support Tickets 24 months Auto-closed after resolution
Marketing & Communication Data Until opt-out is received Immediate processing of opt-out requests
Security & Audit Logs 12 months Extended for active investigations

Upon account termination, we will securely delete or anonymize your personal data within the applicable retention period. You may request early deletion of your data at any time through your account dashboard or by contacting our support team. Please note that certain data may need to be retained for legal, regulatory, or legitimate business purposes even after account closure.

⚖️ Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data. We will not discriminate against you for exercising any of these rights:

7.1 GDPR Rights (EEA & UK Residents)

  1. Right of Access: Request a copy of the personal data we hold about you.
  2. Right to Rectification: Request correction of inaccurate or incomplete personal data.
  3. Right to Erasure: Request deletion of your personal data where there is no compelling reason for us to retain it.
  4. Right to Restrict Processing: Request that we limit the processing of your personal data.
  5. Right to Data Portability: Receive your personal data in a structured, machine-readable format and transfer it to another controller.
  6. Right to Object: Object to processing based on legitimate interests or direct marketing.
  7. Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  8. Right to Lodge a Complaint: File a complaint with your local data protection authority.

7.2 CCPA/CPRA Rights (California Residents)

  1. Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  2. Right to Delete: Request deletion of personal information we have collected from you.
  3. Right to Opt-Out of Sale/Sharing: Our Services do not constitute a "sale" of personal data. You may opt out of targeted advertising.
  4. Right to Limit Use of Sensitive PII: Limit the use of sensitive personal information to the purposes disclosed.
  5. Right to Non-Discrimination: We will not deny services or charge different prices for exercising your CCPA rights.

7.3 How to Exercise Your Rights

You can exercise your rights by:

We will respond to verifiable requests within 30 days (45 days for complex requests under GDPR). We may need to verify your identity before processing your request.

🍪 Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our Services. These technologies help us operate, maintain, and improve our platform.

8.1 Types of Cookies We Use

Category Purpose Duration
Essential Cookies Required for the operation of our Services (authentication, security, load balancing). Session / Persistent
Analytics Cookies Help us understand how visitors interact with our website and Services. Up to 24 months
Functionality Cookies Remember your preferences and settings (language, region, UI customization). Up to 12 months
Security Cookies Authenticate users, prevent fraud, and enhance security. Session
Marketing Cookies Deliver relevant advertisements and measure campaign effectiveness (with consent). Up to 6 months

8.2 Managing Cookies

You can control and manage cookies through your browser settings, our cookie consent tool, and the following opt-out links:

Please note that disabling essential cookies may prevent certain Services from functioning properly.

👶 Children's Privacy

Our Services are not directed to individuals under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If we learn we have collected or received personal information from a child without parental consent, we will delete that information immediately.

If you believe we have collected information from a child, please contact us at privacy@cloudnexus.com and we will take appropriate steps.

Parents and guardians who believe we have inadvertently collected data from their child should contact us, and we will promptly remove the data from our systems.

🌐 International Data Transfers

CloudNexus operates data centers and infrastructure in multiple jurisdictions worldwide. Your data may be transferred to, stored, and processed in countries other than your country of residence, including the United States and other countries that may have different data protection laws.

10.1 Legal Mechanisms for Transfers

We ensure your personal data is protected when transferred internationally by implementing the following safeguards:

  • EU-US Data Privacy Framework: CloudNexus participates in the EU-U.S. Data Privacy Framework and has certified compliance with its principles.
  • Standard Contractual Clauses (SCCs): We use the European Commission's approved SCCs for all personal data exports from the EEA and UK.
  • adequacy Decisions: We rely on EU Commission adequacy decisions for transfers to countries with recognized adequacy status.
  • Binding Corporate Rules: Where applicable, we use our adopted Binding Corporate Rules as a transfer mechanism.

If you are located in the EEA or UK, you may request a copy of the specific safeguard measures we employ by contacting privacy@cloudnexus.com.

📝 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you through:

  • A prominent notice on our website and within the CloudNexus dashboard
  • An email notification to the address associated with your account
  • A dedicated update notice on our Legal Updates Page

We encourage you to review this Privacy Policy periodically. The "Last Updated" date at the top of this page indicates when this policy was most recently revised. Continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.

📞 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the following channels:

Data Privacy Inquiries privacy@cloudnexus.com
Security Reports security@cloudnexus.com
Data Protection Officer dpo@cloudnexus.com
Mailing Address CloudNexus Technologies, Inc.
100 Innovation Drive, Suite 400
San Francisco, CA 94105
United States
EU Representative CloudNexus EU Ltd.
One Dockland Central
Dublin 1, D01 F2X2
Ireland
UK Representative CloudNexus UK Ltd.
1 Fresh Street
London EC4M 9EJ
United Kingdom
Response Commitment

We are committed to responding to all privacy-related inquiries within 30 days of receipt. For GDPR-covered requests, we will respond within the statutory 30-day period (extendable by 60 days for complex requests). You also have the right to lodge a complaint with your local supervisory authority at any time.

Ready to Build with Confidence?

Infrastructure that's secure, compliant, and built to scale. Start your free trial today with $200 in credits.

Start Free Trial →