Privacy Policy

Definitions In this policy:

  • User is a natural or legal person using CloudCapital website and services
  • GDPR means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Personal data, Processor and Controller will each have the meaning given to them in Article 4 of the GDPR.

Our Privacy Policy in short

Any information we receive from you will never leave our private and secure servers. We will not use it for any purposes other than those which you have given your permission for. All passwords you use with our Service are stored encrypted and cannot be read by anyone, not even by us. We use the most advanced data protection techniques to keep your data private and secure. Please read below for detailed information about our Privacy Policy.

Privacy Policy details

We are committed to protecting your privacy. For CloudCapital, the protection not only of personal but of all data that flows through our platform is the top priority. As part of this effort, we process personal data in accordance with the EU’s General Data Protection Regulation (“GDPR”), and in accordance with the data protection regulations applicable to CloudCapital.

Information we collect

We collect information in two ways:

  • Information you provide to us directly
    • Registration information: In order to register for a basic account, you must provide your email address and a password. If you choose to upgrade to one of our paid subscriptions, you will be asked to provide additional information such as your name and physical address. We also collect your IP address. CloudCapital is the data controller in respect of this data.
    • Login credentials to services: If you want to connect your CloudCapital account to any other third party service, you will be asked to provide us your login credentials for those third-party applications. For each third-party service that you’ve connected to your CloudCapital account, we will create a connected account to that service and securely save your personal login information. We will not use this personal information for any purposes other than those which you provided it for. If you remove a connected account, we will automatically delete associated personal information.
  • Information we get from your use of our services
    • Scenario execution data and data in CloudCapital internal data stores: CloudCapital stores logs about the execution of your scenarios so that you have the option to view details about a specific scenario run or find out what data was transferred from where to where. In respect of this data, CloudCapital is the data processor and the user is the data controller. The following list shows what data we store and for how long:
      • Logs in Gateway (webhooks, Android): 30 days
      • Incomplete runs (DLQ): 30 days
      • Notifications: 7 days
      • Activity stream (logged execution of a scenario): 30 days
      • Scenario execution details: 60 days
    • Usage information: When you visit our website or use our service, we automatically record information from your web browser which helps us improve the utility value of our site and manage the provision of our services. This may include your IP address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences or history of access to our website.
    • Cookies: For your convenience, we use cookies. A cookie is a data file that we transfer to your device. We are using two types of cookies, persistent and rolling cookies. Persistent cookies store your registration email address so you do not have to type it each time you login to our Service. Persistent cookies are optional, you can choose whether or not to store this information. We use rolling cookies to store your registration ID and authentication information so you can remain logged in to our Service. The rolling cookie will delete itself from your device after 20 minutes of your inactivity (and you will be automatically logged out from our Service).

How we store your personal data

We are committed to doing our very best to protect your data and keep it confidential. We employ advanced security practices to keep your data safe and secure:

  • The connection between CloudCapital and your browser is always encrypted (HTTPS).
  • Every connection between CloudCapital and a third party service is established in the most secure way that is supported by the given service. In some cases (e.g. FTP, databases, etc.) you have the option to set the security level manually.
  • We use AES to save your credentials securely.
  • To protect our secure HTTPS website from downgrade attacks, we have implemented and use HTTP Strict Transport Security (HSTS), the web security policy mechanism.
  • We have protection against CSRF/XSRF attacks.
  • We use CSP protection to prevent XSS.
  • All passwords that you provide us with are stored in an encrypted format (PBKDF2-SHA512 with 200k iterations), so that they cannot be read and/or reproduced. No one is able to read them, not even us.
  • We use persistent IP addresses so that you can limit access or make tunnels.
  • For your protection, we do not support outdated browsers. The latest browsers are more secure and ensure the highest security standards.
  • Our servers are housed in one of the most modern data centers in Europe, equipped with the latest security technologies.

Where we secure your personal data

Your data is stored in secure web hosting centers in the Netherlands and the Czech Republic (EU member state since 2004) certified to internationally recognized ISO 9001 and ISO 27001 standards that define the requirements for the quality management system and the information security management system.

How we use the information we collect

CloudCapital collects this personal data for the following purposes:

  • Login to CloudCapital
  • Possibility to reset passwords in the case of forgetting it
  • Informing users about executions of active scenarios
  • Informing users about business matters
  • Informing users and potential users about new features of CloudCapital

Right of deletion or change of user personal data

In the Profile section, you have the option to ask for deletion or to change your profile. In the event that it is our duty to keep a record of some of your personal information, for example, for accounting purposes, this information is retained. We will irrevocably remove all other information within 60 days of your request.

CloudCapital features that allow you to manage personal data in accordance with GDPR

CloudCapital deploys features, which empower its users to easily comply with the requirements of GDPR:

  • Scenario settings: Data is confidential This is a key feature that allows you to process data in CloudCapital without leaving any record about the data in CloudCapital after the scenario run completes. If you do not want to include transmitted data in the log files, you can enable this option. With this option enabled, no transmitted data will be stored in the log files and the logs will include only basic information about the run of your scenario. More info
  • Deleting data stored in CloudCapital data stores For deleting data, use the Delete a record function to delete a specific record, or the Delete all records function to delete all records from a specific data store. More info

Third-party payment processors

We do not collect or store your full credit card information on our servers. All payments are securely processed by the PayPal, Stripe and Global Payments Europe gateways. We only receive a confirmation about the result of the payment. Your credit card details are not disclosed to us.

Communication in CloudCapital forums

We offer discussion forums in which users can communicate with any other users. Our Services display information like your name or profile picture. Any information you share in a public forum is public information and may be seen or collected by another person (s).

With whom we share information

We do not sell, rent, or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent.

We may disclose:

Your information to third parties working for and with CloudCapital: We work with third-party service providers (for example hosting services) to help us provide, improve or advertise our services. CloudCapital may give relevant persons working for these third parties access to your information, but only to the extent necessary for them to perform their services for us. All such third parties must agree to observe the privacy of our users and to protect the confidentiality of their personal information.

ActiveCampaign and Mailerlite

CloudCapital uses ActiveCampaign/Mailerlite to send marketing emails to notify you about new features, changes to our terms, and other useful information about our services. AcitveCampaign and Mailerlite automatically manage our unsubscribe list, allowing you to easily unsubscribe from future communications at any time. ActiveCampaign and Mailerlite only use the information we share with them to send these emails. You can learn more about how Mailerlite protects your personal information in the Mailerlite Privacy Policy and the ActiveCampaign Privacy Policy

Zendesk

Zendesk is an industry-leading customer support management platform. When you submit a help request through our Support Form or connect with us over social media platforms like Facebook or Twitter, we share this information with Zendesk to create and track your request. Zendesk then facilitates the communication necessary to answer your question or resolve your issue. We only send the minimum information necessary to create these requests in Zendesk and Zendesk only uses this information to support the request resolution process. You can learn more about how Zendesk protects your personal information in the Zendesk Privacy Policy.

Google Analytics

CloudCapital uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how individuals use the websites they visit. Non-personal information generated by this cookie about your use of CloudCapital is transmitted to and stored by Google on servers in the United States. Google does not associate your IP address with any other data held by Google. Google uses this information to understand how you use CloudCapital and compiles reports on this activity to help us improve CloudCapital for our users. By using CloudCapital, you consent to the processing of data about you by Google for these purposes.

You may disable cookies within your browser to block this tracking by Google, understanding that doing so may affect your ability to use the full functionality of the CloudCapital. For certain browsers, you can also prevent Google from collecting information (including your IP address) via cookies and processing this information by downloading and installing this browser plug-in.

Changes to our Privacy Policy

This Privacy Policy may change from time to time. If we make a change that we believe substantially reduces your rights, we will provide you with notice by email. By continuing to use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy. Please feel free to contact us at [email protected] if you have any questions about our Privacy Policy, or you need more information then we have shown here.

End of the Privacy Policy. Last revision: Oct 16, 2019.