CloudDock Privacy Policy

Effective date: September 2025
Scope: All CloudDock users
Entity & location: CloudDock (based in California, USA)

This Privacy Policy explains how CloudDock (“CloudDock”, “we”, “us”) collects, uses, and protects personal information when you use our services (the “Service”).
This document is for transparency and product design; it is not legal advice. In case of conflict with mandatory law, the law prevails.

Where terms are capitalized but not defined here, they have the meaning given in the CloudDock Terms of Service (“Terms”).

1. Information We Collect

1.1 Account & Profile Data (you provide)

We collect the information you provide when you create or manage an account:

• Username
• Password hash (password is never stored in plain text)
• First and last name
• Security question (plaintext) – shown to you in the account interface
• Security answer (hashed) – not stored in plaintext
• Contact methods, where provided (for example email, phone, or your primary contact identity used for support / top-ups)
• Basic profile preferences (for example UI language)

For education discounts (see ToS Section 6), we may also collect:

• Legal name
• School name and country/region
• Student ID or teacher/staff ID number (plaintext)
• Degree / role (student, teacher, TA, or recognized organization representative)
• Qualification start and expiry dates
• Images of your student ID or teacher ID card (see retention rules in Section 4.3)

1.2 Anti-Abuse & Security Data (automatic)

To protect the Service and users, we collect security-related information, especially during sensitive flows:

• IP address and coarse geolocation derived from IP
• Device / session metadata, such as browser user-agent, OS type, and basic device fingerprint
• Authentication tokens and session identifiers
• Login attempts, failed logins, and account lock state

Important scope limitation:
We collect IP + hardware / browser fingerprint only during:

1. Account registration
2. Login
3. Password / account recovery

We do not continuously fingerprint you on every page for tracking or advertising purposes.

1.3 Container Security Monitoring — CloudDock Intelligent Dog™

To enforce the Terms and protect the platform, CloudDock Intelligent Dog™ (“watchdog”) performs security monitoring inside running containers. Depending on configuration, it may record:

• Runtime process listings (similar to ps)
• Shell command metadata (for example, command line, timestamp, user; not full terminal screen recordings)
• Signals of potential privilege escalation or suspicious behavior (for example, invoking sudo, attempting to gain root, known exploit patterns)
• Technical indicators related to GPU/CPU use, memory, and other telemetry where needed to detect abuse or attacks

The watchdog is focused on security behavior. It is not intended to:

• inspect or log your web browsing history in the browser
• inspect external cloud-storage contents
• systematically collect environment variables, model weights, or your training datasets, except where they are directly involved in a flagged security event
• monitor your personal communications for advertising or profiling

When a container shuts down normally, watchdog command and process logs are handled as described in Section 4 (retention).

1.4 Telemetry & Usage Data

We also collect technical telemetry to operate and improve the Service, such as:

• GPU/CPU, RAM, VRAM, disk, and I/O usage statistics
• Queue positions and scheduling events (for example, Start / Extend / Stop)
• Session duration, instance type (GPU group, image type), and high-level feature usage (for example, App Store installs / updates)
• Non-sensitive performance and error logs (for example, internal error codes, stack traces without user content)

Where possible, this telemetry is stored in an aggregated or pseudonymous form.

1.5 Payment & Support Data (including Zelle)

Because CloudDock currently uses Zelle / manual transfer as the primary payment channel (see ToS Section 5), you may provide:

• Screenshots of transfers showing sender name, amount, date, and transaction reference
• The transaction ID or bank reference number as shown in your banking app
• Your CloudDock username and primary contact identity (for example, messaging account) to match the payment
• Support tickets and chat messages, including timestamps and any information you voluntarily provide

These data are used to reconcile top-ups, resolve disputes about ownership of a transfer, and comply with accounting and anti-fraud obligations.

1.6 Communication Data

When you contact us via in-product /chat or other official channels, we may collect:

• The content of your messages and attachments
• Related metadata (timestamps, contact method, internal ticket ID)

We use this to respond to your request, improve support quality, and maintain security / audit trails.

Anti-abuse & security data (automatic):

IP address (with coarse geolocation derived from IP)

Device/session metadata (user agent; limited device fingerprint to prevent abuse, DDoS, and evasion)

Authentication tokens/session identifiers

Container security monitoring — CloudDock Intelligent Dog™:

Runtime process listings (similar to ps)

Shell command hooks (command metadata)

Signals of privilege escalation or suspicious behavior

We do not inspect: your web browsing activity, download history, cloud-storage contents, or environment variables inside the container.

2. How We Use Information (Purposes)

We use the information described above for the following purposes:

1. Provide and operate the Service

• Account creation, login, and session management
• Queue management and GPU scheduling
• Starting, extending, and stopping containers
• Billing, top-ups, and account balance management

2. Security and abuse prevention

• Detecting and preventing account takeover, fraud, and payment abuse
• Enforcing the Acceptable Use Policy (ToS Section 4)
• Operating CloudDock Intelligent Dog™ to identify suspicious or prohibited behavior
• Implementing IP-level or device-level blocks where necessary

3. Service operations & improvement

• Capacity planning, performance tuning, and error diagnosis
• Understanding which features are used so we can prioritize fixes and enhancements
• Improving stability and user experience (for example, reducing scheduling failures)

4. Legal compliance & dispute handling

• Fulfilling obligations under applicable law (for example, accounting, tax, or data-retention rules)
• Responding to valid legal requests (see ToS Section 16 and Section 7 of this Policy)
• Investigating and resolving disputes about account ownership, payments, or abuse

5. Education programs

• Verifying teacher / student eligibility for educational discounts
• Preventing misuse of student or teacher credentials across multiple accounts
• Enforcing blacklists where IDs or photos were abused (see ToS Section 6)

We do not sell or “share” personal information for cross-context behavioral advertising.
We also do not buy external data about you for profiling.

3. Legal Bases / Geographic Scope

CloudDock is based in California, United States, and primarily follows U.S. law.
We do not currently target users in the EU/EEA or UK with localized offerings. If you live in a jurisdiction that provides specific privacy rights (for example, certain access or deletion rights under data-protection law) and you submit a request:

• please contact us via /chat in the product;
• we will assess feasibility on a case-by-case basis, taking into account applicable law and our technical constraints.

Nothing in this Policy is intended to limit rights that cannot legally be limited in your jurisdiction.

4. Watchdog, Containers & Retention

4.1 Normal Shutdown

When a container ends normally (for example, countdown expires or a normal stop mechanism under the Terms):

• watchdog shell / process logs associated with that container are destroyed in line with our operational procedures;
• we may keep minimal technical telemetry (for example, aggregate GPU usage per group, anonymized error codes) that does not contain your shell history or user content.

In other words, normal use does not result in long-term storage of your in-container command history.

4.2 Crash / Forced Termination / Flagged Violation

If a container:

• crashes unexpectedly,
• is terminated by CloudDock Intelligent Dog™ or other control-plane mechanisms, or
• is flagged for suspected violation of the Terms (for example, attacks, privilege-escalation attempts, prohibited mining, or illegal content),

CloudDock may:

1. Seize a snapshot of the container and its disk image in read-only mode;
2. Retain related watchdog logs and audit artifacts (runtime parameters, process lists, shell command metadata, error traces);
3. Restrict or suspend the associated account pending review (see ToS Section 3 and 4).

CloudDock staff with appropriate authorization may later access these seized materials in read-only, fully audited environments for:

• security analysis and rule improvement (including training CloudDock Intelligent Dog™ or other AI-based detectors);
• enforcing the Terms and AUP;
• complying with valid legal requests.

When using seized data to improve detection logic, we attempt to remove or anonymize user-identifying elements where practical, focusing instead on technical patterns (for example, command sequences, binary fingerprints) needed for security.

4.3 Retention Schedule (General)

Unless a longer period is required by law or for an ongoing legal matter:

• Retained container snapshots & watchdog logs (crash / forced / flagged): kept up to 1 year, then deleted or anonymized.
• Severe violations (for example, minor-related content, confirmed attacks, or law-enforcement referrals): may be retained longer or permanently, with archived copies.

IP, device fingerprint, login security data:

• For ordinary accounts: up to 180 days from the event for anti-abuse and security.
• For banned or high-risk accounts: may be retained longer, as needed to prevent evasion and protect the platform.

Education verification:

• Student / teacher ID photos are deleted within 30 days of approval.
• Metadata (name, school, ID number, qualification status & expiry) are kept until the educational discount expires and for a reasonable period afterward to prevent re-abuse or re-application with the same ID.

• Records of abused IDs (for example, sharing one card across multiple accounts) may be kept longer on a blacklist.
• Payment & accounting records (including Zelle screenshots and transaction IDs):

• kept for as long as reasonably necessary for accounting, tax, anti-fraud and dispute resolution, typically several years, consistent with legal obligations.
• General account data: kept while the account is active and for a further period required for legal, accounting, or security purposes.
• We periodically review our retention rules to avoid keeping personal information longer than necessary.

5. Tokens, Cookies & Sessions

CloudDock uses a combination of:

• JWTs stored in browser storage; and
• Cookies, including HttpOnly, SameSite cookies,
• to authenticate and protect sessions.

5.1 How Tokens and Cookies Are Used

• JWTs and cookies are used to:
• keep you logged into the web dashboard;
• authenticate access to your remote desktop / container;
• protect against CSRF and other session-related attacks;
• store minimal state (for example, selected language).
• Certain cookies may be set by Cloudflare or other infrastructure providers for:
• security (for example, DDoS protection, bot mitigation);
• routing and load balancing.

We do not use cookies or JWTs for personalized advertising or cross-site behavioral tracking.

5.2 Duration & Expiry

• Session cookies for remote desktop access are generally short-lived and expire when the browser session ends or shortly thereafter.
• Longer-lived tokens (where used) are protected via secure flags and may be rotated or invalidated after password changes, account recovery, or security events.

If you clear cookies or browser storage, you may need to sign in again.

6. Service Providers (Sub-Processors)

We rely on third-party providers to operate the Service. Typical categories include:

Infrastructure / hosting (for example, AWS / Lightsail or similar):

store and process network traffic, logs, telemetry, and some container-level metadata.

CDN / network security (for example, Cloudflare, including cloudflared tunnels):

process IP addresses, request headers, TLS metadata, and basic telemetry for DDoS protection, firewall rules, and routing.

Logging & monitoring (where used):

receive and store technical logs, error reports, and security alerts.

Payment and accounting support:

we do not process card numbers directly; instead, we may hold Zelle screenshots, transaction IDs, or reconciled accounting records;

if additional processors are added (for example, a card processor), we will update this section.

All such providers are bound by contracts requiring them to use data only for the specified purposes and to implement reasonable security measures. We only share what is technically necessary.

7. Sharing, Law Enforcement & Disputes

We do not sell, rent, or trade your personal information for marketing. We may disclose information:

1. To our service providers, as described in Section 6.
2. To comply with law, when we receive a valid and binding legal request (for example, subpoena, court order, warrant), in line with ToS Section 16.
3. To address imminent risk of harm, as permitted by law (for example, credible threats to life or serious bodily injury).
4. To protect CloudDock’s rights and users, including investigating abuse, enforcing Terms, resolving payment disputes, and defending legal claims.

Where legally permitted and safe to do so, we will endeavor to notify affected users of law-enforcement or legal requests, as described in ToS Section 16 and the Terms’ notice provisions.

We do not provide private individuals with access to watchdog forensic logs or container snapshots outside of valid legal processes or limited statutory rights.

8. International Transfers

Data may be processed in the United States and in other locations where our service providers operate. Where specific transfer safeguards are legally required (for example, for EU data), we will assess and implement appropriate measures.

By using the Service, you understand that your information may be transferred to jurisdictions that may have different data-protection laws than your own.

9. Your Privacy Choices & Requests

At this time, we support privacy and account-related requests through in-product /chat or other official support channels.

Depending on your jurisdiction, you may have rights to:

• access certain account information;
• request correction of inaccurate information;
• request closure or deletion of your account;
• ask for more detail about how we use IP, fingerprints, and watchdog data.

Important limitations:

• We may retain minimal records where necessary for security, anti-abuse, accounting, or legal compliance, even after account closure.
• We generally do not provide copies of watchdog forensic logs or seized container images, even upon request, to prevent disclosure of internal detection logic and third-party data.

We will verify your identity using available signals (for example, your primary contact identity, security question + hashed answer, and past top-up records) before acting on a sensitive request.

10. Children’s Privacy & Age Limits

CloudDock is intended for users 16 years and older.

• We do not knowingly collect personal information from children under 13.
• In jurisdictions that require a higher minimum age (for example, 18) for certain services or contracts, we apply the higher standard and provide the Service only to users who meet that requirement.

If we learn that we have collected personal data from a child under the minimum applicable age without proper consents, we will delete that information and may close the account.

11. Security

We implement technical, organizational, and administrative safeguards that are appropriate to the nature of the data and risks, including:

• network isolation between internal services and user containers;
• least-privilege access controls and credential management;
• encryption in transit for control-plane communications;
• hardened base images and regular updates to host systems;
• CloudDock Intelligent Dog™ security monitoring and automated enforcement;
• audit trails for access to seized containers and logs.

No system is perfectly secure. We continuously refine our security design, but we cannot guarantee absolute security.

12. Data Incidents & Notifications

If we become aware of a data incident that materially affects your personal information, we will:

• investigate and mitigate the incident; and
• notify affected users without undue delay, consistent with applicable law and our incident-response procedures.

The form and content of such notices may vary depending on the nature of the incident and legal requirements.

13. Account Recovery, Closure & Deletion

13.1 Account Recovery

To recover access, contact us via /chat or other official support channel. We may verify your identity using:

• the primary contact identity that first completed a successful top-up or major support interaction;
• Zelle or other transfer records (sender display name, transaction ID, etc.);
• your security question and hashed answer;
• other internal logs as necessary.

13.2 Closure & Deletion

You may request account closure via /chat. When we process a closure:

• we may anonymize or delete profile data that is no longer needed;
• we will retain minimal necessary records for security, anti-abuse, accounting, and legal compliance (for example, records of bans, blacklisted IDs, payment history required by law);
• abnormal watchdog logs and seized containers follow the retention rules in Section 4.

We do not offer direct user access to watchdog logs or seized images before or after deletion.

14. Changes to This Policy & Contact

We may update this Privacy Policy from time to time. When we make material changes, we will provide notice through one or more of the following official channels (consistent with the Terms):

1. Email sent to the address associated with your account (if any);
2. In-dashboard notices or banners within the CloudDock interface;
3. Messages via your primary contact identity (see ToS Section 7.4).

The “Effective date” at the top will be updated.
Your continued use of the Service after the new Effective date constitutes your acceptance of the updated Policy.

Contact:If you have questions or requests about this Policy or our data practices, please contact us via /chat in the product. A dedicated privacy email may be added later and reflected here.