Privacy Policy

Account information: When you create an account, we collect your name, email address, and password (stored as a hashed value). If you sign up via GitHub OAuth, we receive your GitHub username, email, and public profile information.

Project and deployment data: We store configuration data you provide — project names, environment variables, build settings, domain names, and deployment logs — to provide the service.

Payment information: Billing details (card number, expiry, CVV) are handled entirely by our payment processor, Stripe. We store only a non-sensitive payment method token and your subscription status.

Usage and technical data: We collect logs, IP addresses, browser type, operating system, and usage patterns to operate and improve the service. This data is pseudonymised where possible.

GitHub repository data: With your permission, we read repository metadata (branches, commit history) to power CI/CD deployments. We do not store your source code beyond the build process.

We use the information we collect to:

• Create and manage your account and projects
• Process deployments, build container images, and serve your applications
• Send transactional emails (deployment notifications, billing receipts, password resets)
• Provide customer support and respond to your requests
• Monitor platform health, prevent abuse, and enforce our Terms of Service
• Improve the platform through aggregated, anonymised analytics
• Comply with legal obligations

We do not sell your personal data to third parties.

We share your information only in the following circumstances:

Service providers: We work with trusted vendors — including cloud infrastructure providers, payment processors, and email delivery services — who process data on our behalf under strict data processing agreements.

Team members: If you invite members to your organisation, those members can see the projects, deployments, and logs within that organisation.

Legal requirements: We may disclose information if required by law, subpoena, or to protect the rights, property, or safety of Cloudoku, our users, or the public.

Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with notice provided to you.

We retain your personal data for as long as your account is active or as needed to provide the service. When you delete your account:

• Your account data is deleted within 30 days
• Deployment logs are deleted within 90 days
• Billing records are retained for 7 years as required by financial regulations
• Anonymised usage data may be retained indefinitely for analytics

We implement industry-standard technical and organisational measures to protect your information, including:

• Encryption in transit using TLS 1.2+
• Secrets and environment variables encrypted at rest
• Role-based access controls for internal systems
• Regular security reviews and dependency audits

No method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication where available.

We use cookies and similar tracking technologies to operate and improve the service. For full details, see our Cookie Policy.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated personal data
• Portability: Request your data in a machine-readable format
• Restriction: Request that we restrict processing of your data in certain circumstances
• Objection: Object to processing based on our legitimate interests

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

Our platform integrates with the following third-party services. Their own privacy policies govern how they handle your data:

• GitHub — repository integration and OAuth authentication
• Stripe — payment processing and billing
• Resend / SendGrid — transactional email delivery

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice on the platform at least 14 days before the change takes effect. Your continued use of the service after that date constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out: