Privacy Policy

Last updated: June 17, 2025

        Your Privacy Matters: This Privacy Policy explains how CloudExplain collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and German data protection laws.
    

1. Controller and Contact Information

Data Controller: CloudExplain
Address: Lothringerstraße 7, 81667 Munich
Email: info@cloudexplain.eu
Data Protection Officer: info@cloudexplain.eu

2. Data We Collect

2.1 Personal Data

We collect the following categories of personal data:

Data Category	Examples	Legal Basis
Account Information	Name, email address, profile picture	Contract performance (Art. 6(1)(b) GDPR)
Authentication Data	OAuth tokens, login credentials	Contract performance (Art. 6(1)(b) GDPR)
Usage Data	IP address, browser type, access times	Legitimate interests (Art. 6(1)(f) GDPR)
Model Data	Uploaded models, datasets, analysis results	Contract performance (Art. 6(1)(b) GDPR)
Communication Data	Support tickets, feedback, correspondence	Contract performance (Art. 6(1)(b) GDPR)

2.2 Automatically Collected Data

We automatically collect certain information when you use our service:

Log Data: IP addresses, browser type, operating system, referring URLs, access times
Essential Cookies: Session cookies required for authentication and core functionality only
Device Information: Device type, browser version, screen resolution
Usage Analytics: Feature usage, performance metrics, error logs

3. How We Use Your Data

3.1 Primary Purposes

We process your personal data for the following purposes:

Service Provision: To provide, maintain, and improve CloudExplain services
Account Management: To create and manage your user account
Communication: To respond to inquiries and provide customer support
Security: To protect against fraud, abuse, and security threats
Legal Compliance: To comply with applicable laws and regulations

3.2 Analytics and Improvement

With your consent or based on legitimate interests, we may use data for:

Analyzing usage patterns to improve our service
Developing new features and functionality
Conducting research and development
Monitoring service performance and reliability

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance (Art. 6(1)(b)): Processing necessary to provide our services
Legitimate Interests (Art. 6(1)(f)): For service improvement, security, and business operations
Consent (Art. 6(1)(a)): For optional features like analytics and marketing
Legal Obligation (Art. 6(1)(c)): To comply with applicable laws

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We may share your data with trusted third-party service providers who assist us in operating our service:

Cloud Infrastructure: Microsoft Azure (data hosting and processing)
Authentication: Google, GitHub (OAuth authentication)
Analytics: Service usage and performance monitoring tools
Payment Processing: Secure payment processors for billing
Customer Support: Support ticket management systems

5.2 Data Processing Agreements

All third-party processors are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance and appropriate data protection measures.

5.3 Legal Disclosure

We may disclose your data when required by law or to protect our rights, property, or safety, or that of our users or others.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions for specific countries
Appropriate technical and organizational measures

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Until account deletion plus 30 days for technical cleanup
Usage Logs: Up to 12 months for security and analytics purposes
Support Data: Up to 3 years for quality assurance and legal compliance
Legal Data: As required by applicable laws and regulations

8. Data Security

8.1 Technical Measures

We implement robust security measures to protect your data:

Encryption in transit and at rest using industry-standard protocols
Multi-factor authentication for administrative access
Regular security audits and vulnerability assessments
Secure coding practices and regular security updates
Network security controls and monitoring

8.2 Organizational Measures

Staff training on data protection and security
Access controls and need-to-know principles
Incident response and breach notification procedures
Regular review and update of security policies

10. Cookies and Tracking Technologies

10.1 Current Cookie Usage

We currently only use essential cookies necessary for the basic functioning of our service. These include:

Cookie Type	Purpose	Duration	Status
Essential Cookies	Authentication, security, core functionality	Session/1 year	Currently Used
Preference Cookies	User settings, language preferences	1 year	Not currently implemented
Analytics Cookies	Usage statistics, performance monitoring	2 years	Not currently implemented

10.2 Cookie Management

Currently, we only use essential cookies that are necessary for the service to function properly. These cannot be disabled as they are required for authentication and security. Should we implement optional cookies in the future, you will be able to manage your preferences through a cookie banner or your browser settings.

11. Children's Privacy

CloudExplain is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover that we have collected such data, we will delete it promptly.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours
Inform affected users without undue delay
Provide details about the nature of the breach and remedial actions
Offer appropriate support and guidance

13. Automated Decision Making

We may use automated decision-making for:

Fraud detection and security monitoring
Service optimization and recommendations
Technical troubleshooting and error resolution

You have the right to request human intervention, express your point of view, and contest automated decisions that significantly affect you.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will:

Notify users of material changes via email or prominent platform notice
Provide a clear summary of changes
Allow reasonable time for review before changes take effect
Maintain previous versions for reference

15. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us:

Privacy Team: info@cloudexplain.eu
Data Protection Officer: info@cloudexplain.eu
Address: Lothringerstraße 7, 81667 Munich
Phone: +49 172 951 8758

16. Supervisory Authority

If you have concerns about how we handle your personal data, you can contact the relevant supervisory authority:

German Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn, Germany
Phone: +49 228 997799-0
Email: poststelle@bfdi.bund.de

        Effective Date: This Privacy Policy is effective as of June 17, 2025, and applies to all personal data processing activities from this date forward.
    