GDPR Policy

Effective Date: 15 October, 2024

1. Introduction

Cloudbrand Technologies, Inc. (“Cloudbrand”, “we”, “us”, or “our”) is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This policy outlines how we collect, use, store, and protect personal data of individuals within the European Economic Area (EEA).

2. Data Controller and Data Protection Officer

Cloudbrand acts as the data controller for personal data collected through our services. For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: privacy@cloudbrand.io Address: Cloudbrand Technologies, Inc., 1309 Coffeen Avenue, Suite 15023, Sheridan, WY 82801, United States

3. Personal Data We Collect

We may collect and process the following types of personal data:

• Account information (e.g., name, email address)
• Usage data (e.g., login times, features used)
• Content data (e.g., files and folders stored in your account)
• Communication data (e.g., support inquiries)
• Payment information (processed by our payment providers)

4. Legal Basis for Processing

We process personal data on the following legal bases:

• Performance of a contract (to provide our services)
• Legitimate interests (to improve our services and for security purposes)
• Consent (for marketing communications, where applicable)
• Legal obligation (to comply with applicable laws)

5. Data Subject Rights

Under the GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

To exercise these rights, please contact our Data Protection Officer using the contact information provided above.

6. Data Retention

We retain personal data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. When personal data is no longer needed, we securely delete or anonymize it.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

8. International Data Transfers

As Cloudbrand is based in the United States, personal data may be transferred outside the EEA. We ensure that such transfers comply with GDPR requirements by using standard contractual clauses or other appropriate safeguards.

9. Third-Party Processors

We may use third-party service providers to process personal data on our behalf. These providers are carefully selected and required to adhere to our data protection standards and the GDPR.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Affected individuals will be notified without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

11. Children’s Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete the information as soon as possible.

12. Changes to This Policy

We may update this GDPR Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the effective date.

13. Contact Us

If you have any questions about this GDPR Policy or our data practices, please contact our Data Protection Officer using the contact information provided above.

By using Cloudbrand’s services, you acknowledge that you have read and understood this GDPR Policy and consent to the collection, use, and processing of your personal data as described herein.