Data Protection & Privacy Policy

CloudNexus is committed to protecting your personal data and respecting your privacy rights. This policy outlines how we collect, use, store, and safeguard your information in compliance with GDPR, CCPA, and applicable international data protection laws.

📅 Last Updated: December 15, 2025

1. Introduction & Scope

At CloudNexus, we recognize that data protection is foundational to trust in cloud infrastructure. This Privacy Policy applies to all individuals who interact with our services, including customers, account administrators, end-users of deployed applications, and website visitors.

By using CloudNexus services, you acknowledge that you have read, understood, and agree to the collection and processing of your personal data as described in this document. This policy works in conjunction with our Terms of Service and Service Level Agreement.

2. Information We Collect

We collect data only when necessary to deliver, secure, and improve our cloud infrastructure services. The categories of data we process include:

2.1 Personal Identification Information

  • Full name, email address, and phone number for account registration
  • Billing information (processed securely by PCI-DSS compliant payment partners)
  • Company name and job title (for enterprise accounts)

2.2 Technical & Usage Data

  • IP addresses, device identifiers, and browser/OS information
  • API usage logs, authentication attempts, and session metadata
  • Server resource metrics (CPU, memory, storage, network I/O) for your deployed instances
  • Application performance data and error traces (if monitoring services are enabled)

2.3 Communication Data

Records of support tickets, email correspondence, chat logs, and phone call recordings (where consent is obtained) to assist with technical issues and service requests.

3. How We Use Your Data

We process your data for the following lawful purposes:

  • Service Delivery: Provisioning, managing, and billing for your cloud infrastructure
  • Security & Compliance: Fraud prevention, threat detection, access control, and regulatory reporting
  • Customer Support: Troubleshooting, incident response, and account assistance
  • Product Improvement: Analyzing aggregate usage patterns to optimize performance and develop new features
  • Legal Obligations: Complying with lawful requests, tax requirements, and contractual duties
⚠️ Important Note We never sell your personal data or customer workload data to third parties. Your application data remains strictly under your control and is encrypted at rest and in transit.

4. Data Sharing & Third Parties

We may share your data with carefully vetted third-party providers who act as data processors on our behalf. These partners assist with:

  • Payment processing and fraud detection
  • Cloud infrastructure operations and CDN edge delivery
  • Customer support ticketing and communication platforms
  • Security monitoring and threat intelligence services

All processors are bound by strict data processing agreements (DPAs) that limit usage to specified purposes, mandate security controls, and prohibit unauthorized onward transfers. We may also disclose data when required by law, court order, or to protect the rights, property, or safety of CloudNexus, our users, or the public.

5. Security & Infrastructure Protections

CloudNexus implements industry-leading technical and organizational measures to safeguard your data:

  • Encryption: AES-256 at rest, TLS 1.3 in transit, and customer-managed keys (CMK) available for enterprise tiers
  • Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege for internal staff
  • Network Security: DDoS mitigation, Web Application Firewalls (WAF), private networking options, and zero-trust architecture
  • Compliance: Regular third-party audits, SOC 2 Type II certification, ISO 27001 alignment, and GDPR/CCPA adherence
  • Incident Response: 24/7 security operations center (SOC), automated threat detection, and documented breach notification procedures

6. Data Retention & Deletion

We retain your data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Retention periods vary by data type:

  • Account & Billing Data: Retained while your account is active, plus 7 years for tax/legal compliance
  • Technical Logs & Security Records: Stored for up to 365 days, then anonymized or securely deleted
  • Customer Workload Data: Retained indefinitely until you delete it or close your account. Snapshots and backups are deleted per your configured lifecycle policies
  • Support Communications: Kept for 3 years after resolution

Upon account termination, we securely erase all customer data using industry-standard cryptographic shredding, except where retention is legally mandated. You may request accelerated deletion at any time.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Update or correct inaccurate information
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction/Opposition: Limit or object to certain processing activities
  • Automated Decision-Making: Opt out of profiling or algorithmic processing where applicable

To exercise these rights, submit a request through our Data Protection Contact. We will respond within 30 days. Identity verification may be required to protect your account security.

8. Cookies & Telemetry

Our website and dashboard use essential cookies to maintain authentication sessions, remember your preferences, and ensure platform functionality. We do not use third-party advertising or behavioral tracking cookies.

If you enable CloudNexus Monitoring, lightweight telemetry agents may collect performance metrics from your instances. This data is aggregated, never contains customer payload content, and is used solely for infrastructure health and your own analytics dashboards. You can disable monitoring at any time via the control panel.

9. International Data Transfers

CloudNexus operates data centers across multiple jurisdictions. Your data may be processed in countries outside your region, including the United States, European Economic Area, and Asia-Pacific. When transfers occur, we ensure adequate protection through:

  • European Commission Standard Contractual Clauses (SCCs)
  • Regional data residency options (available on Professional and Enterprise plans)
  • Technical encryption that remains under your key management

You can select specific geographic regions for your resources during deployment. We recommend configuring region locks for compliance with local data sovereignty requirements.

10. Contact & Data Protection Officer

📧 Data Protection Inquiries

Privacy Team: privacy@cloudnexus.com
Data Protection Officer: dpo@cloudnexus.com
Security Reports: security@cloudnexus.com
Postal Address: CloudNexus Inc., 100 Cloud Avenue, Suite 400, San Francisco, CA 94107, USA

If you are unsatisfied with our response to a privacy request, you have the right to lodge a complaint with your local supervisory authority or data protection regulator.

11. Policy Updates

We periodically review and update this Privacy Policy to reflect changes in our services, technology, legal obligations, or industry best practices. Material changes will be communicated via email, dashboard notifications, or prominent website banners at least 30 days before they take effect. The "Last Updated" date at the top of this page will be revised accordingly. Continued use of CloudNexus services after updates constitutes acceptance of the modified policy.

Thank you for trusting CloudNexus with your infrastructure. Your privacy and security are central to everything we build.