CloudDock Privacy Policy

Effective date: September 2025
Scope: All CloudDock users
Entity & location: CloudDock (based in California, USA)

This notice explains how we handle personal information when you use CloudDock (“we”, “us”, the “Services”). We aim for clarity and data-minimization. This is not legal advice.

1. Information We Collect

Account data (you provide):

Username and hashed password (never stored in plain text)

First and last name

Account recovery: by default we use a security question + encrypted answer.

You may enter any meaningless answer. Do not use sensitive, guessable facts (birthdate, address, pet names, etc.).

Answers are not publicly displayed.

Anti-abuse & security data (automatic):

IP address (with coarse geolocation derived from IP)

Device/session metadata (user agent; limited device fingerprint to prevent abuse, DDoS, and evasion)

Authentication tokens/session identifiers

Container security monitoring — CloudDock Intelligent Dog™:

Runtime process listings (similar to ps)

Shell command hooks (command metadata)

Signals of privilege escalation or suspicious behavior

We do not inspect: your web browsing activity, download history, cloud-storage contents, or environment variables inside the container.

2. How We Use Information (Purposes)

Provide and operate the Services (auth, session, queue, runtime allocation)

Secure the platform (detect/prevent abuse and violations)

Service operations (stability, capacity planning, basic analytics)

Legal compliance and enforcement of our Terms

We do not sell or “share” personal information for cross-context behavioral advertising.

3. Legal Bases / Geographic Scope

We are based in California and primarily follow US laws. We are not currently targeting users in the EU/EEA or UK. If you reside there and submit a rights request, contact us via /chat and we will assess feasibility under applicable law.

4. Watchdog & Retention

Normal shutdown: CloudDock Intelligent Dog™ logs are destroyed when the container ends.

Crash / forced termination / flagged violations: watchdog logs and the container image may be retained for audit.

Retention schedule

Retained container images (crash/forced/flagged): kept up to 1 year, then deleted or anonymized.

Violation-related logs/artifacts: kept up to 1 year (unless a valid legal process requires longer).

IP, device fingerprint, session metadata:

standard retention up to 1 month for anti-abuse;

if an account is banned, related anti-abuse records may be retained indefinitely to prevent evasion.

Account data: kept while the account is active and as required by law.

We periodically review retention to avoid keeping data longer than necessary.

5. Tokens, Cookies, and Sessions

We currently store session tokens in localStorage. We may migrate to HttpOnly, SameSite cookies with token rotation and session expiration for improved security. Sensitive operations may require re-authentication.

6. Service Providers (Subprocessors)

Provider Purpose Data involved (typical)
AWS / Lightsail Hosting/infrastructure IP, network traffic, service telemetry
Cloudflare (CDN/FW) CDN, DDoS protection, firewall IP, request headers, basic telemetry
Payments (current) Zelle proof of payment User-provided screenshot and/or transaction ID only; we do not process or store card numbers.
Payments (planned) Payment processor (to be added) Will be updated here when enabled

CloudDock Privacy Policy

1. Information We Collect

Account data (you provide):

Username and hashed password (never stored in plain text)

First and last name

Account recovery: by default we use a security question + encrypted answer.

You may enter any meaningless answer. Do not use sensitive, guessable facts (birthdate, address, pet names, etc.).

Answers are not publicly displayed.

Anti-abuse & security data (automatic):

IP address (with coarse geolocation derived from IP)

Device/session metadata (user agent; limited device fingerprint to prevent abuse, DDoS, and evasion)

Authentication tokens/session identifiers

Container security monitoring — CloudDock Intelligent Dog™:

Runtime process listings (similar to ps)

Shell command hooks (command metadata)

Signals of privilege escalation or suspicious behavior

We do not inspect: your web browsing activity, download history, cloud-storage contents, or environment variables inside the container.

2. How We Use Information (Purposes)

Provide and operate the Services (auth, session, queue, runtime allocation)

Secure the platform (detect/prevent abuse and violations)

Service operations (stability, capacity planning, basic analytics)

Legal compliance and enforcement of our Terms

We do not sell or “share” personal information for cross-context behavioral advertising.

3. Legal Bases / Geographic Scope

We are based in California and primarily follow US laws. We are not currently targeting users in the EU/EEA or UK. If you reside there and submit a rights request, contact us via /chat and we will assess feasibility under applicable law.

4. Watchdog & Retention

Normal shutdown: CloudDock Intelligent Dog™ logs are destroyed when the container ends.

Crash / forced termination / flagged violations: watchdog logs and the container image may be retained for audit.

Retention schedule

Retained container images (crash/forced/flagged): kept up to 1 year, then deleted or anonymized.

Violation-related logs/artifacts: kept up to 1 year (unless a valid legal process requires longer).

IP, device fingerprint, session metadata:

standard retention up to 1 month for anti-abuse;

if an account is banned, related anti-abuse records may be retained indefinitely to prevent evasion.

Account data: kept while the account is active and as required by law.

We periodically review retention to avoid keeping data longer than necessary.

5. Tokens, Cookies, and Sessions

We currently store session tokens in localStorage. We may migrate to HttpOnly, SameSite cookies with token rotation and session expiration for improved security. Sensitive operations may require re-authentication.

6. Service Providers (Subprocessors)

We use third-party providers under written terms. We disclose only what is technically necessary.

We will update this list on this page when our providers materially change.

7. Sharing & Law Enforcement

We do not sell, rent, or trade personal information. We may disclose information:

To our service providers (bound by confidentiality and data-processing terms)

To comply with a valid and lawful request (e.g., subpoena, court order, warrant) after verification

To address imminent risk of harm as permitted by law

To protect our rights, users, or the Services

Any disclosure is minimized to what is legally required.

8. International Transfers

Data may be processed in the United States and other locations where our providers operate. Where specific transfer safeguards are legally required, we will assess and implement appropriate measures.

9. Your Privacy Choices & Requests

At this time, we support requests through /chat. Depending on your location, you may be able to:

Access and correct certain account information

Request deletion/closure of your account (see §13)

Ask questions about our use of IP/fingerprint data and retention

Note: if information is needed for security, anti-abuse, legal compliance, or dispute resolution, we may retain the minimal necessary records as permitted by law.

10. Children’s Privacy & Age Limits

Our Services are intended for users 16+. We do not knowingly collect personal information from children under 13. In jurisdictions requiring a higher minimum age (e.g., 18), we apply the higher standard.

11. Security

We implement administrative, technical, and organizational safeguards proportionate to the risks (network isolation, least privilege, encryption in transit, hardened base images, CloudDock Intelligent Dog™ abuse detection, audit trails). No system is perfectly secure; we continuously improve.

12. Data Incidents

If a data incident affects your personal information, we will notify you without undue delay, consistent with applicable law and our incident-response procedures.

13. Account Recovery, Closure & Deletion

Recovery: Contact /chat. We verify ownership using the contact channel used for your first successful top-up/payment (e.g., Zelle sender display name, phone/email as shown in the payment, and/or transaction ID screenshot).

Closure/Deletion: Request via /chat. Certain minimal records (e.g., anti-abuse or compliance logs) may be retained as permitted by law to protect platform integrity.

We do not provide copies of watchdog audit logs.

14. Changes to This Policy

We may update this notice. Material changes will be announced in-dashboard and by updating the “Effective date” above. Continued use after changes indicates acceptance.

Contact

Questions or requests: please contact us via /chat in the product. A dedicated privacy email may be added later and reflected here.