Draft — under legal review
This document is an unreviewed draft with placeholders. It is not legal advice and does not yet reflect a finalized, lawyer-approved policy.
Legal
Privacy policy
Last updated: [EFFECTIVE DATE] · Draft — under legal review
This policy explains what personal data CloudCompanion collects, why, the lawful bases we rely on, where the data lives, and the rights you have under the EU General Data Protection Regulation (GDPR).
1. Who we are
The data controller responsible for your personal data is [COMPANY LEGAL NAME], registered at [ADDRESS](“CloudCompanion”, “we”, “us”). You can reach us for any privacy matter at [PRIVACY CONTACT EMAIL].
If we are required to appoint one, our Data Protection Officer can be contacted at [DPO CONTACT EMAIL].
2. Data we collect
We collect the following categories of personal data:
- Lead & contact data — when you submit our contact form: your name, work email, company name (optional), and the message you send us, plus the page the form was submitted from.
- Account & session data — for users of the CloudCompanion application: authentication identifiers and session data used to sign you in and keep you signed in.
- Server logs — technical data our infrastructure records automatically, such as IP address, timestamps, and request metadata, used to operate and secure the service.
- Cookie choices — your cookie-consent preference is stored locally in your browser. See section 8.
3. Purposes & lawful bases
We process your personal data for the following purposes, relying on these lawful bases under Article 6 GDPR:
- Responding to your enquiry — to answer contact requests and follow up on sales conversations (legitimate interests, or steps taken at your request prior to entering a contract).
- Providing the service — to authenticate users and operate the application for our customers (performance of a contract).
- Security & operations — to keep the service available, secure, and free of abuse (legitimate interests).
- Optional analytics — only if you consent via the cookie banner (consent). No analytics run without it.
4. Where your data is stored
Your data is hosted in the European Union. All infrastructure runs in German data centers on AWS eu-central-1 (Frankfurt), and application data is stored in an EU-region managed PostgreSQL database. Data stays under EU jurisdiction end to end and does not leave the EU. For more detail, see our security & data residency page.
5. How long we keep it
We keep personal data only as long as necessary for the purposes above or as required by law. Lead and contact data is retained for [RETENTION PERIOD]; account and session data for the life of the account and a reasonable period afterwards; server logs for [LOG RETENTION PERIOD]. Exact periods are subject to legal review.
6. Processors we use
We rely on the following infrastructure providers to process personal data on our behalf, under data-processing agreements. This register is a placeholder, current as of July 2026:
| Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting & compute | eu-central-1 (Frankfurt, Germany) |
| Neon | Managed PostgreSQL database | EU region |
7. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. Where processing is based on consent, you may withdraw it at any time. You also have the right to lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at [PRIVACY CONTACT EMAIL] or via our contact page. Because data in the application is persistent, queryable, and exportable, we can honor access and erasure requests on the records held in your environment.
8. Cookies
We use only essential cookies required to run the site and, for application users, to keep you signed in. Optional analytics cookies run only if you accept them in the cookie banner; you can change your choice at any time via the “Cookie settings” link in the footer. No analytics scripts load without your consent.
9. Changes to this policy
We may update this policy from time to time. Material changes will be reflected in the “Last updated” date above. This is a draft and will be replaced by a finalized, lawyer-reviewed version.