Privacy Policy

1. Introduction

CloudForge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our visual cloud infrastructure design service, including both our web application and desktop application.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

• Name (first and last name)
• Email address
• Company name (optional)
• Password (encrypted and hashed)
• Subscription and billing information

2.2 Usage Data

We automatically collect information about how you use our service:

• Log data (IP address, browser type, operating system)
• Feature usage and interaction patterns
• Performance metrics and error reports
• Session duration and frequency of use
• Device information (for desktop app)

2.3 Content Data

We store the content you create using our service:

• Infrastructure diagrams and templates
• Generated code (Terraform)
• Project settings and configurations
• Saved templates and exports

3. How We Use Your Information

We use the collected information for:

• Service Provision: To provide, maintain, and improve our service
• Account Management: To manage your account and subscription
• Communication: To send service updates, security alerts, and support messages
• Analytics: To understand usage patterns and improve user experience
• Security: To detect and prevent fraud, abuse, and security incidents
• Legal Compliance: To comply with legal obligations and enforce our terms

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties.

4.2 Service Providers

We may share information with trusted service providers who assist us in:

• Cloud Hosting: Microsoft Azure for secure data storage and processing
• Analytics: Anonymized usage analytics for service improvement
• Email Services: For transactional emails and notifications

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

5. Data Security

We implement industry-standard security measures:

• Encryption: Data is encrypted in transit (TLS) and at rest (AES-256)
• Access Controls: Limited access on a need-to-know basis
• Authentication: Secure password hashing and optional 2FA
• Infrastructure: Hosted on Microsoft Azure with enterprise-grade security
• Monitoring: Continuous security monitoring and incident response
• Backups: Regular encrypted backups with secure storage

6. Data Retention

We retain your information for as long as:

• Your account is active
• Needed to provide you services
• Required for legal, tax, or accounting purposes
• Necessary to resolve disputes or enforce agreements

When you delete your account, we will delete your personal information within 30 days, except where retention is required by law.

7. Your Privacy Rights

7.1 Access and Portability

You can access and export your data through your account settings or by contacting us.

7.2 Correction and Updates

You can update your personal information through your account settings.

7.3 Deletion

You can delete your account and associated data through account settings or by contacting us.

7.4 Marketing Communications

You can opt out of marketing emails by clicking unsubscribe or updating your preferences.

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for service functionality and security
• Preference Cookies: To remember your settings and preferences
• Analytics Cookies: To understand usage patterns (anonymized)

You can control cookie settings through your browser preferences.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

10. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

11. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will:

• Notify you of material changes via email or service notification
• Update the "Last updated" date at the top of this policy
• Provide 30 days notice for significant changes

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: privacy@cloudforge.cloud
• Contact Form: Contact Us
• Mail: CloudForge Privacy Team, [Your Address]

14. Regional Privacy Rights

14.1 European Union (GDPR)

If you are in the EU, you have additional rights under GDPR:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with supervisory authorities

14.2 California (CCPA)

If you are a California resident, you have rights under CCPA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell your data)
• Right to non-discrimination for exercising your rights