CloudDock Header
CloudDock Logo CloudDock
Home Dashboard Document

CloudDock Privacy Policy

Effective date: January 2026
Scope: All CloudDock users
Entity & location: CloudDock Computing US Inc. (based in California, USA)


This Privacy Policy explains how CloudDock Computing US Inc. (“CloudDock”, “we”, “us”) collects, uses, and protects personal information when you use our services (the “Service”).

This document is for transparency and product design; it is not legal advice. In case of conflict with mandatory law, the law prevails. Where terms are capitalized but not defined here, they have the meaning given in the CloudDock Terms of Service (“Terms”).


1. Information We Collect

1.1 Account & Profile Data (you provide)

We collect the information you provide when you create or manage an account:

  • Username
  • Password hash (password is never stored in plain text)
  • First and last name
  • Security question (plaintext) – shown to you in the account interface
  • Security answer (hashed) – not stored in plaintext
  • Contact methods, where provided (for example: email, phone, or your primary contact identity used for support / top-ups)
  • Basic profile preferences (for example: UI language)

For education discounts (see Terms, Education / Discount section), we may also collect:

  • Legal name
  • School name and country/region
  • Student ID or teacher/staff ID number (plaintext)
  • Degree / role (student, teacher, TA, or recognized organization representative)
  • Qualification start and expiry dates
  • Images of your student ID or teacher ID card (see retention rules in Section 4.3)

1.2 Anti-Abuse & Security Data (automatic)

To protect the Service and users, we collect security-related information, especially during sensitive flows:

  • IP address and coarse geolocation derived from IP
  • Device / session metadata (such as browser user-agent, OS type, and basic device fingerprint)
  • Authentication tokens and session identifiers
  • Login attempts, failed logins, and account lock state

Scope limitation: we collect IP + limited device/browser fingerprint primarily during:

  1. Account registration
  2. Login
  3. Password / account recovery

We do not continuously fingerprint you on every page for tracking or advertising purposes.

1.3 Container Security Monitoring — CloudDock Intelligent Dog™

To enforce the Terms and protect the platform, CloudDock Intelligent Dog™ (“watchdog”) performs security monitoring inside running containers. Depending on configuration, it may record:

  • Runtime process listings (similar to ps)
  • Shell command metadata (for example: command line, timestamp, user; not full terminal screen recordings)
  • Signals of potential privilege escalation or suspicious behavior (for example: invoking sudo, attempting to gain root, known exploit patterns)
  • Technical indicators related to GPU/CPU use, memory, and other telemetry where needed to detect abuse or attacks

The watchdog is focused on security behavior. It is not intended to:

  • inspect or log your web browsing history in the browser
  • inspect external cloud-storage contents
  • systematically collect environment variables, model weights, or your training datasets, except where directly involved in a flagged security event
  • monitor personal communications for advertising or profiling

1.4 Telemetry & Usage Data

We collect technical telemetry to operate and improve the Service, such as:

  • GPU/CPU, RAM, VRAM, disk, and I/O usage statistics
  • Queue positions and scheduling events (for example: Start / Extend / Stop)
  • Session duration, instance type (GPU group, image type), and high-level feature usage (for example: App Store installs / updates)
  • Non-sensitive performance and error logs (for example: internal error codes, stack traces without user content)

Where possible, this telemetry is stored in aggregated or pseudonymous form.

1.5 Payment & Support Data (including Zelle)

Because CloudDock may use Zelle / manual transfer (see Terms, Payments section), you may provide:

  • Screenshots of transfers showing sender name, amount, date, and transaction reference
  • Transaction ID or bank reference number as shown in your banking app
  • Your CloudDock username and primary contact identity (for example: messaging account) to match the payment
  • Support tickets and chat messages, including timestamps and any information you voluntarily provide

We use these data to reconcile top-ups, resolve disputes about ownership of a transfer, and comply with accounting and anti-fraud obligations.

1.6 Communication Data

When you contact us via in-product chat or other official channels, we may collect:

  • The content of your messages and attachments
  • Related metadata (timestamps, contact method, internal ticket ID)

We use this to respond to your request, improve support quality, and maintain security / audit trails.


2. How We Use Information (Purposes)

We use the information described above for the following purposes:

2.1 Provide and operate the Service

  • Account creation, login, and session management
  • Queue management and GPU scheduling
  • Starting, extending, and stopping containers
  • Billing, top-ups, and account balance management

2.2 Security and abuse prevention

  • Detecting and preventing account takeover, fraud, and payment abuse
  • Enforcing the Acceptable Use Policy / Terms
  • Operating CloudDock Intelligent Dog™ to identify suspicious or prohibited behavior
  • Implementing IP-level or device-level blocks where necessary

2.3 Service operations & improvement

  • Capacity planning, performance tuning, and error diagnosis
  • Prioritizing fixes and enhancements based on feature usage
  • Improving stability and user experience (for example: reducing scheduling failures)

2.4 Legal compliance & dispute handling

  • Accounting, tax, and compliance obligations where applicable
  • Responding to valid legal requests
  • Investigating and resolving disputes about account ownership, payments, or abuse

2.5 Education programs

  • Verifying teacher / student eligibility for educational discounts
  • Preventing misuse of student or teacher credentials across multiple accounts
  • Enforcing blacklists where IDs or photos were abused

We do not sell or “share” personal information for cross-context behavioral advertising. We also do not buy external data about you for profiling.


3. Legal Bases / Geographic Scope

CloudDock is based in California, United States, and primarily follows U.S. law. If you live in a jurisdiction that provides specific privacy rights and you submit a request, please contact us via in-product chat. We will assess feasibility case-by-case, taking into account applicable law and technical constraints.

Nothing in this Policy is intended to limit rights that cannot legally be limited in your jurisdiction.


4. Watchdog, Containers & Retention

4.1 Normal Shutdown

When a container ends normally (for example: countdown expires or a normal stop mechanism under the Terms):

  • watchdog shell / process logs associated with that container are destroyed in line with operational procedures;
  • we may keep minimal technical telemetry (for example: aggregate GPU usage per group, anonymized error codes) that does not contain shell history or user content.

In other words, normal use does not result in long-term storage of your in-container command history.

4.2 Crash / Forced Termination / Flagged Violation

If a container crashes, is terminated by watchdog/control-plane mechanisms, or is flagged for suspected violation:

  1. We may seize a snapshot of the container and its disk image in read-only mode;
  2. Retain related watchdog logs and audit artifacts;
  3. Restrict or suspend the associated account pending review.

Authorized staff may access seized materials in audited, read-only environments for:

  • security analysis and rule improvement;
  • enforcing the Terms and AUP;
  • complying with valid legal requests.

When using seized data to improve detection logic, we attempt to remove or anonymize user-identifying elements where practical, focusing on technical patterns needed for security.

4.3 Retention Schedule (General)

Unless a longer period is required by law or for an ongoing legal matter:

  • Retained container snapshots & watchdog logs (crash / forced / flagged): kept up to 1 year, then deleted or anonymized.
  • Severe violations (for example: minor-related content, confirmed attacks, or law-enforcement referrals): may be retained longer or permanently.

IP/device fingerprint/login security data:

  • Ordinary accounts: up to 180 days from the event for anti-abuse and security.
  • Banned or high-risk accounts: may be retained longer as needed to prevent evasion and protect the platform.

Education verification:

  • ID photos: deleted within 30 days of approval.
  • Eligibility metadata: kept until the discount expires and for a reasonable period afterward to prevent re-abuse.
  • Abused IDs (for example: one card shared across multiple accounts): may be kept longer on a blacklist.

Payment & accounting records (including Zelle screenshots and transaction IDs):

  • kept as long as reasonably necessary for accounting, tax, anti-fraud, and dispute resolution, typically several years.

General account data: kept while the account is active and for a further period required for legal, accounting, or security purposes.


5. Tokens, Cookies & Sessions

CloudDock may use authentication tokens (for example, JWTs stored in browser storage) and may also use cookies (including HttpOnly, SameSite cookies) to authenticate and protect sessions.

We do not use tokens or cookies for personalized advertising or cross-site behavioral tracking.

5.1 How Tokens and Cookies Are Used

  • Keep you logged into the web dashboard
  • Authenticate access to remote desktop / container
  • Protect against CSRF and other session-related attacks
  • Store minimal state (for example: selected language)
  • Infrastructure cookies (e.g., Cloudflare) for security, bot mitigation, routing, and load balancing

5.2 Duration & Expiry

  • Remote-desktop session tokens are generally short-lived.
  • Longer-lived tokens (where used) may be rotated/invalidated after password changes or security events.

If you clear cookies or browser storage, you may need to sign in again.


6. Service Providers (Sub-Processors)

We rely on third-party providers to operate the Service. Typical categories include:

  • Infrastructure / hosting (for example: AWS / Lightsail or similar): store and process traffic, logs, telemetry, and some container-level metadata.
  • CDN / network security (for example: Cloudflare, including tunnels): process IP addresses, request headers, TLS metadata, and basic telemetry for DDoS protection, firewall rules, and routing.
  • Logging & monitoring (where used): receive and store technical logs, error reports, and security alerts.
  • Payment & accounting support: we do not process card numbers directly; we may hold Zelle screenshots, transaction IDs, or reconciled accounting records.

Providers are contractually required to use data only for specified purposes and implement reasonable security measures. We share only what is technically necessary.


7. Sharing, Law Enforcement & Disputes

We do not sell, rent, or trade your personal information for marketing. We may disclose information:

  1. To service providers, as described in Section 6.
  2. To comply with law, when we receive a valid and binding legal request.
  3. To address imminent risk of harm, as permitted by law.
  4. To protect CloudDock’s rights and users (abuse investigation, enforcement, disputes, and legal defense).

Where legally permitted and safe, we will endeavor to notify affected users of legal requests in line with the Terms. We generally do not provide watchdog forensic logs or seized container snapshots to private individuals outside valid legal processes.


8. International Transfers

Data may be processed in the United States and in other locations where service providers operate. Where specific safeguards are legally required, we will assess and implement appropriate measures.


9. Your Privacy Choices & Requests

We support privacy and account-related requests through in-product chat or other official support channels.

Depending on your jurisdiction, you may have rights to:

  • access certain account information
  • request correction of inaccurate information
  • request closure or deletion of your account
  • ask for more detail about how we use IP, fingerprints, and watchdog data

Limitations:

  • We may retain minimal records necessary for security, anti-abuse, accounting, or legal compliance, even after closure.
  • We generally do not provide copies of watchdog forensic logs or seized images to prevent disclosure of internal detection logic and third-party data.

We will verify identity using available signals before acting on sensitive requests.


10. Children’s Privacy & Age Limits

CloudDock is intended for users 16 years and older.

  • We do not knowingly collect personal information from children under 13.
  • Where a jurisdiction requires a higher minimum age, we apply the higher standard.

If we learn we collected personal data from a child without required consents, we will delete the information and may close the account.


11. Security

We implement safeguards appropriate to the data and risks, including:

  • network isolation between internal services and user containers
  • least-privilege access controls and credential management
  • encryption in transit for control-plane communications
  • hardened base images and regular updates
  • watchdog monitoring and automated enforcement
  • audit trails for access to seized containers and logs

No system is perfectly secure. We refine security continuously, but cannot guarantee absolute security.


12. Data Incidents & Notifications

If we become aware of a data incident that materially affects personal information, we will investigate, mitigate, and notify affected users without undue delay, consistent with applicable law.


13. Account Recovery, Closure & Deletion

13.1 Account Recovery

To recover access, contact us via in-product chat or other official support channel. We may verify identity using:

  • primary contact identity used for prior top-ups or major support interactions
  • transfer records (sender display name, transaction ID, etc.)
  • security question and hashed answer
  • other internal logs as necessary

13.2 Closure & Deletion

You may request account closure via in-product chat. When we process closure:

  • we may anonymize or delete profile data no longer needed;
  • we retain minimal records for security, anti-abuse, accounting, and legal compliance;
  • abnormal watchdog logs and seized containers follow Section 4 retention rules.

14. Changes to This Policy & Contact

We may update this Policy from time to time. Material changes may be announced via:

  1. Email (if associated with your account)
  2. In-dashboard notices or banners
  3. Messages via your primary contact identity

The Effective date will be updated. Continued use after that date constitutes acceptance.

Contact: If you have questions or requests about this Policy or our data practices, please contact us via in-product chat. A dedicated privacy email may be added later.

Return to Document