Effective date: 25 March 2020
For Cloud9 Technologies, security and data privacy are of paramount importance. This Privacy Policy describes our commitment to protect the privacy of individuals in accordance with the GDPR.
The main content on the left contains the legally binding full-length version. To help you understand our Privacy Policy better, we collected some helpful notes on the right to sum up the key points of the main content.
Our mission is to make privacy and security available to people and businesses. That’s why we use end-to-end encryption to protect files and folders you share and store in the cloud.
We encrypt all and every transmission containing personal data using Secure Socket Layer technology (SSL) and apply additional, client-side encryption on the files and directories uploaded and stored in protected storage folders (the Encrypted Content).
We never collect or store your files, encryption keys and passwords in an unencrypted or invertible form. The Encrypted Content and corresponding encryption keys can only be decrypted by you and persons with whom you explicitly share them. However, if you have an account that is part of a Business Subscription with recovery master key, Your Encrypted Content may also be accessed by your Recovery Administrator.
According to the best of Cloud9 Technologies’ knowledge, the current state of the art and the public knowledge of the human race, Cloud9 Technologies is unable to decrypt the Encrypted Content and accordingly, Cloud9 Technologies cannot access it. As a result, we cannot use Your Encrypted Content to identify any individual.
However, when using the service, creating and using your user account, you also submit some non-encrypted data, which may include personal data as well.
Registration information. When you register for our services, you submit some non-encrypted identification and contact data (such as your e-mail address, name, job title or position, address, phone number). The data that we request at the time of registration is necessary for the provision of our services.
Billing information. At the time of registration, you also need to provide certain billing information. You might also provide payment information, such as payment card details, which we collect via secure payment processing services. This data is necessary to provide you with Cloud9 Technologies services.
Account information. When you use our services, you also give us access to certain information (such as the name and the permission history of your Cloud9 Folders) that is necessary for the provision and maintenance of your user account. For the avoidance of any doubt, Cloud9 Technologies cannot connect such metadata information to Your Encrypted Content or file names as Cloud9 Technologies has no access to the Encrypted Content or file names.
In order to send and deliver invitations upon your instructions, Cloud9 Technologies stores and accesses certain personal data (such as the email address, name, Cloud9 Technologies name and its unique URL, storage account and username of the inviter and the invited person). Please note that your email address, first and last name are visible to others when you send them an invitation to, or if you accept an invitation.
Access logs. Content owners may apply certain security settings to protect the content of share links. If you open a Cloud9 link where Detailed access logs are enabled, certain information (such as your IP address, approx. location, and the platforms that were used to download the contents of the link) will be logged for your open attempts.
Cloud9 Technologies users may also require an email verification before you can download the content they shared with you. If you are signed in to Web Access, the email address associated with your account will be used by default for such purposes. Otherwise, the email you use for verification will be logged.
Other information. You may decide to share further information, including personal data, with us when you contact our Support or Sales Teams, submit forms on our website or otherwise communicate with us. It is solely your decision to share any detailed, non-aggregated logs (which may contain e.g. non-encrypted filenames), your screen or any other data with us during such communications, so our processing of such data will be based on your consent.
Website statistics. You can visit the Cloud9 Technologies website, which is separate from the Cloud9 Technologies app and service, without providing any direct information about yourself.
We store access data without direct personal references, namely the visitor’s browser types, the name of your internet service provider, the website from which you have visited us, the name of the requested file, the Cloud9 Technologies client version you download, and internet protocol addresses.
Unless you choose to identify yourself, either by responding to a promotional offer, opening an account or filling out a web form, this data does not allow us to draw any conclusions regarding your identity. By storing and analyzing such information, we are able to create in-depth analysis about our service, which is essential for improvement, security and debugging purposes.
Logs. As most websites and services provided through the Internet, we gather certain information and store it in log files when you interact with our website or service.
This information includes internet protocol (IP) addresses as well as browser type, operating system, identification numbers associated with your devices, time of access, and error logs.
Analytics. When you download and use our services, we automatically collect information such as the type of device you use, operating system version, your Cloud9 Technologies client version and the IP addresses associated with you.
Please remember that if you use our Service to share Your Encrypted Content with someone, your personal data might be shared with such third party. For example, your email address, first and last name are visible by the people you send an invitation to, or from whom you accept an invitation. To learn more about our sharing features. We are not responsible for your use of any otherwise personal data, which you make available to others via invitations, or the activities of other users or other third parties to whom you give or make available your information.
We will share your personal data with third parties only in accordance with this policy. We will never sell your personal data to third parties. However, we may need to share some information, including personal data, we obtain from your use of our service in the following circumstances.
We take appropriate technical and organizational measures to protect your personal data against loss or other forms of unlawful processing. Cloud9 Technologies is ISO 27001:2013 certified.
We NEVER collect or store your files, encryption keys and passwords in an unencrypted or invertible form. The Encrypted Content and corresponding encryption keys can only be decrypted by you and persons with whom you explicitly share them. If you have an account that is part of a Business Subscription with recovery master key, Your Encrypted Content also may be accessed by your Recovery Administrator as set out in our Terms.
According to the best of Cloud9 Technologies knowledge, the current state of the art and the public knowledge of the human race, Cloud9 Technologies is unable to decrypt the Encrypted Content and accordingly, Cloud9 Technologies cannot access it. As a result, we cannot use Your Encrypted Content to identify any individual.
We will retain your personal data as long as it is needed to fulfill the purposes specified above, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it as soon as it is technically possible.
If your personal data is held by us on behalf of your company, we will retain such personal data in accordance with the terms and conditions of our data processing agreement with them, subject to applicable law.
As a registered user, you can access, edit or delete Your Encrypted Content. Once you delete a Cloud9 Tech Folder for any reason, Your Encrypted Content will also be automatically deleted within 90 days. For technical and support reasons, we may keep your data for 60 days from the date when you delete a Cloud9 Tech Folder. Please note that after this date, Your Encrypted Content will be destroyed in a way that those cannot be restored and will not be available again to anyone, including you.
You understand that once you shared all or a part of Your Encrypted Content by using Our Service with any person who accepted your invitation, such content goes out of your Control and remains accessible by such person to the extent you granted such person access, even if you select to delete or remove Your Encrypted Content. Therefore we ask you to pay special attention to whom you share Your Encrypted Content with.
You may ask us to:
You can request this by send an email to info@cloud9-tech.com. We will respond to your request within thirty days. Please note that, we may ask you to verify your identity before complying with the request.
If you are from a country where the GDPR applies, you may have additional rights such as:
If you would like to exercise such rights, please contact us at info@cloud9-tech.com. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may ask you to verify your identity before complying with the request.
Please note that if your account is part of a Business Subscription, we will not independently respond to your request without your organisations’s prior written consent, except where required by applicable law.
You also have the right to complain to a data protection authority or claim damages before the court. For more information, please contact your local data protection authority.