We take appropriate technical and organizational measures to protect your personal data against loss or other forms of unlawful processing. Cloud9 Technologies is ISO 27001:2013 certified.
We NEVER collect or store your files, encryption keys and passwords in an unencrypted or invertible form. The Encrypted Content and corresponding encryption keys can only be decrypted by you and persons with whom you explicitly share them. If you have an account that is part of a Business Subscription with recovery master key, Your Encrypted Content also may be accessed by your Recovery Administrator as set out in our Terms.
According to the best of Cloud9 Technologies knowledge, the current state of the art and the public knowledge of the human race, Cloud9 Technologies is unable to decrypt the Encrypted Content and accordingly, Cloud9 Technologies cannot access it. As a result, we cannot use Your Encrypted Content to identify any individual.
How long will we retain your information?
A) Your Personal Data
We will retain your personal data as long as it is needed to fulfill the purposes specified above, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it as soon as it is technically possible.
If your personal data is held by us on behalf of your company, we will retain such personal data in accordance with the terms and conditions of our data processing agreement with them, subject to applicable law.
B) Your Encrypted Content
As a registered user, you can access, edit or delete Your Encrypted Content. Once you delete a Cloud9 Tech Folder for any reason, Your Encrypted Content will also be automatically deleted within 90 days. For technical and support reasons, we may keep your data for 60 days from the date when you delete a Cloud9 Tech Folder. Please note that after this date, Your Encrypted Content will be destroyed in a way that those cannot be restored and will not be available again to anyone, including you.
You understand that once you shared all or a part of Your Encrypted Content by using Our Service with any person who accepted your invitation, such content goes out of your Control and remains accessible by such person to the extent you granted such person access, even if you select to delete or remove Your Encrypted Content. Therefore we ask you to pay special attention to whom you share Your Encrypted Content with.
Your privacy rights
You may ask us to:
- provide information to you about the personal data that we or our processors maintain about you,
- correct inaccuracies or amend your personal data,
- delete your personal data.
You can request this by send an email to email@example.com. We will respond to your request within thirty days. Please note that, we may ask you to verify your identity before complying with the request.
If you are from a country where the GDPR applies, you may have additional rights such as:
- In certain circumstances, you may have a broader right to erasure of your personal data. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
- You may have the right to request us to stop processing your personal data and/or to stop sending you marketing communications.
- You may have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is inaccurate or unlawfully held).
- In certain circumstances, you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal data to another data controller without hindrance.
If you would like to exercise such rights, please contact us at firstname.lastname@example.org. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may ask you to verify your identity before complying with the request.
Please note that if your account is part of a Business Subscription, we will not independently respond to your request without your organisations’s prior written consent, except where required by applicable law.
You also have the right to complain to a data protection authority or claim damages before the court. For more information, please contact your local data protection authority.