Privacy Policy

Last Updated: January 7, 2026

Introduction

This Privacy Notice describes how cloudidr ("we," "us," or "our") collects, uses, discloses, and protects your information when you use our cloud optimization services, disaster recovery services, AI cost tracking services, website (www.cloudidr.com), and related services (collectively, the "Services").

1. Services Covered

This Privacy Notice applies to all cloudidr services including:

• Disaster Recovery Compute Service (DRCS)

• Schedule Compute Service (SCS) / FlexCompute

• GPU Service

• Hosted Models

• LLM Ops

• Website and customer portal

2. Information We Collect

2.1 Information You Provide

Account Information:

• Name, email address, phone number

• Company name, size, industry

• Job title and role

Billing Information:

• Credit card details (processed by third-party payment processors)

• Billing address

• Tax identification numbers (if applicable)

Service Configuration:

• AWS account information and IAM roles (for FlexCompute, DRCS, SCS)

• SSH public keys (for GPU Service)

• API endpoint configurations (for LLM Ops, Hosted Models)

• Custom tags and labels for cost tracking

Communications:

• Support requests and correspondence

• Feedback and surveys

• Service inquiries

2.2 Information Automatically Collected

Service Usage Data:

• Cloud resource usage metrics

• Performance metrics and logs

• API call metadata (timing, volume, errors)

• Service interaction patterns

Technical Information:

• IP addresses

• Browser type and version

• Operating system

• Device information

• Access times and dates

Cookies and Tracking:

• Session cookies

• Analytics cookies

• Performance monitoring data

2.3 LLM Ops Specific Data Collection

What We Collect:

• Metadata Only - We collect only non-content information:

  • Token counts (input and output tokens)

  • Model identifiers (e.g., "gpt-4", "claude-3-opus")

  • Timestamps of API calls

  • Request and response IDs

  • Calculated costs based on provider pricing

  • Custom tags provided by you (team, agent, department names)

  • API endpoint used

  • HTTP response codes and error types

What We DO NOT Collect:

• ❌ Your prompts or queries sent to AI providers

• ❌ Responses or completions from AI providers

• ❌ Any message content whatsoever

• ❌ Your API keys or authentication credentials

• ❌ User personal information contained in prompts

• ❌ Proprietary information in your AI interactions

API Key Handling:

• Your API keys pass through our proxy via HTTPS

• API keys are used in real-time to authenticate with providers

• API keys are never logged, stored, or retained in any system

• API keys exist in memory only during request processing

• All keys are immediately discarded after request completion

Data Flow:

1. Your application sends request to LLM Ops proxy with your API key

2. LLM Ops extracts metadata (tokens, model, timestamp)

3. Request is immediately forwarded to provider (OpenAI/Anthropic/Google) with your API key

4. Provider processes request and returns response

5. Response passes through LLM Ops unmodified to your application

6. Only metadata is retained; all content and keys are discarded

2.4 FlexCompute and Compute Services Data

Infrastructure Data:

• Instance types and quantities requested

• Instance uptime and usage duration

• Region and availability zone selections

• Start/stop times

AWS Integration Data:

• IAM role ARNs (Amazon Resource Names)

• AWS account IDs

• VPC and subnet configurations

• Security group associations

We Do NOT Collect:

• Data stored on your instances

• Application code or configurations

• Customer data processed by your instances

• SSH session contents or commands

2.5 Customer Content

Definition: Customer Content means data you store, process, or transmit through our Services.

Our Access:

• We access Customer Content only as necessary to:

  • Provide and maintain Services

  • Troubleshoot technical issues (with your permission)

  • Comply with legal obligations

Our Commitment:

• We do not use Customer Content for marketing or analytics

• We do not share Customer Content with third parties except as required by law

• We do not scan or analyze Customer Content for our own purposes

3. How We Use Your Information

3.1 Service Provision

Core Service Operations:

• Provisioning and managing compute resources

• Processing billing and payments

• Providing customer support

• Sending service notifications and alerts

• Authenticating and securing accounts

LLM Ops Specific Uses:

• Calculating and displaying cost analytics

• Generating usage reports and dashboards

• Providing cost optimization recommendations

• Sending cost alerts when thresholds exceeded

• Aggregating anonymous usage statistics

3.2 Service Improvement

Product Development:

• Analyzing service performance and reliability

• Developing new features and capabilities

• Optimizing user experience

• Troubleshooting technical issues

• Conducting security and performance testing

Anonymous Analytics:

• Aggregated usage patterns (no individual identification)

• Service reliability metrics

• Performance benchmarking

• Feature adoption rates

3.3 Communication

Service Communications (Required):

• Critical service updates and alerts

• Security notifications

• Billing statements and receipts

• Policy changes and updates

• Technical support responses

Marketing Communications (Optional):

• Product announcements

• Educational content and best practices

• Webinars and events

• Promotional offers

• Newsletter subscriptions

Opt-Out: You can opt out of marketing communications at any time via:

• Email unsubscribe links

• Account settings in customer portal

• Contacting hello@cloudidr.com

4. Information Sharing and Disclosure

4.1 We Share Information With

Service Providers (Data Processors):

• Payment processors (Stripe, credit card processors)

• Cloud infrastructure providers (AWS for hosting)

• Analytics services (aggregate data only)

• Customer support tools

• Email delivery services

Third-Party AI Providers (LLM Ops):

• OpenAI, Anthropic, Google (your content passes through but is not shared with cloudidr)

• We act as a pass-through proxy only

• Your API keys and content go directly to these providers

• We do not share metadata with AI providers

Professional Advisers:

• Legal counsel

• Accountants and auditors

• Business consultants

• Only shared when necessary and under confidentiality obligations

Legal Obligations:

• Law enforcement when required by valid legal process

• Regulatory authorities as required by law

• To protect rights, property, or safety

• In connection with legal proceedings

Business Transfers:

• In connection with merger, acquisition, or sale of assets

• Successor entities bound by this Privacy Notice

4.2 We Do NOT

• ❌ Sell your personal information to third parties

• ❌ Share data with unauthorized parties

• ❌ Use your data beyond specified purposes

• ❌ Share data across different customers

• ❌ Use your API keys for any purpose

• ❌ Store or access your prompts/responses (LLM Ops)

• ❌ Share your LLM Ops metadata with AI providers

4.3 Anonymous Aggregate Data

We may share anonymized, aggregated statistics that cannot identify you:

• Industry benchmarking reports

• Service performance metrics

• Market research and analysis

• Public reporting on service usage trends

Example: "LLM Ops users reduced AI costs by average of 23%" (no individual identification)

5. Data Security

5.1 Security Measures

Technical Safeguards:

• End-to-end encryption (TLS 1.3) for data in transit

• Encryption at rest for stored data (AES-256)

• Secure key management systems

• Regular security audits and penetration testing

• Intrusion detection and prevention systems

• DDoS protection and mitigation

Access Controls:

• Role-based access control (RBAC)

• Multi-factor authentication (MFA) for employee access

• Principle of least privilege

• Regular access reviews and revocation

• Audit logging of all administrative access

Organizational Safeguards:

• Employee security training

• Background checks for employees with data access

• Confidentiality agreements

• Incident response procedures

• Regular security assessments

• Third-party security audits

LLM Ops Specific Security:

• API keys never logged or stored

• In-memory only processing of keys

• Immediate disposal after request completion

• Metadata stored separately from any identifiable information

• No retention of prompts or responses

5.2 Data Storage

Infrastructure:

• Industry-standard AWS data centers

• Redundant storage systems across multiple availability zones

• Regular automated backups

• Disaster recovery capabilities

Data Locations:

• Primary: United States (AWS US regions)

• Customers may specify regions for certain services

• Metadata for LLM Ops stored in US data centers only

5.3 Data Retention

Account Data:

• Retained while account is active

• Retained for 90 days after account closure (for billing/legal purposes)

• Permanently deleted after retention period

Billing Records:

• Retained for 7 years (legal and tax requirements)

• Includes invoices, payment records, transaction history

Service Usage Logs:

• Retained for 90 days (operational purposes)

• Older logs aggregated and anonymized for analytics

LLM Ops Metadata:

• Retained while account is active

• Permanently deleted within 30 days of account deletion

• No recovery possible after deletion

Customer Content:

• Deleted within 30 days of account closure or service termination

• Backup retention: 90 days maximum

• Customer may request earlier deletion

6. Your Rights and Choices

6.1 Access and Portability Rights

Access Your Data:

• View account information via customer portal

• Request copy of your personal data

• Request copy of service usage data

• Download LLM Ops metadata via export feature

Data Portability:

• Export data in machine-readable formats (JSON, CSV)

• API access for programmatic data retrieval

• No fees for standard export requests

How to Request:

• Email: privacy@cloudidr.com

• Response time: 30 days maximum

• Identity verification required

6.2 Correction and Update Rights

Update Account Information:

• Self-service via customer portal for most data

• Contact support for sensitive information updates

• Update billing information anytime

Data Accuracy:

• Your responsibility to maintain accurate information

• We may verify updated information

• Updates applied immediately to active systems

6.3 Deletion Rights ("Right to be Forgotten")

Delete Account:

• Self-service account deletion via portal

• Email request: privacy@cloudidr.com

• All personal data deleted within 30 days

Exceptions to Deletion:

• Billing records (7-year retention required by law)

• Aggregated anonymous analytics

• Legal hold requirements

• Fraud prevention records

What Gets Deleted:

• All account information

• Service configuration data

• Usage history and logs

• LLM Ops metadata

• Customer Content (on applicable services)

6.4 Communication Preferences

Marketing Opt-Out:

• Unsubscribe links in all marketing emails

• Account settings in customer portal

• Email: hello@cloudidr.com

• Effective within 10 business days

Service Communications:

• Cannot opt out of critical service notifications

• Cannot opt out of billing communications

• Cannot opt out of legal/policy updates

Alert Preferences:

• Configure alert thresholds in service dashboard

• Choose notification channels (email, SMS, webhook)

• Disable non-critical alerts

6.5 Object to Processing

Right to Object:

• Object to processing for marketing purposes (honored immediately)

• Object to automated decision-making (we don't do this for consequential decisions)

• Object to profiling (we don't profile for non-service purposes)

How to Object:

• Email: privacy@cloudidr.com

• Specify the processing you object to

• We will respond within 30 days

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

Essential Cookies (Required):

• Session management and authentication

• Security and fraud prevention

• Service functionality

• Cannot be disabled

Performance Cookies (Optional):

• Service performance monitoring

• Error tracking and debugging

• Usage analytics

• Can be disabled in browser

Functionality Cookies (Optional):

• Remember user preferences

• Personalization settings

• Language selection

• Can be disabled in browser

Analytics Cookies (Optional):

• Aggregate usage statistics

• Feature adoption tracking

• A/B testing

• Can be disabled in browser

7.2 Third-Party Cookies

We use the following third-party services that may set cookies:

• Google Analytics (analytics)

• Stripe (payment processing)

• Intercom (customer support)

7.3 Cookie Controls

Browser Controls:

• Configure cookie preferences in browser settings

• Block third-party cookies

• Clear cookies anytime

Our Cookie Settings:

• Cookie preference center on website

• Granular controls for optional cookies

• Choices respected across sessions

Do Not Track:

• We honor "Do Not Track" (DNT) browser signals

• DNT disables optional tracking cookies

8. International Data Transfers

8.1 Data Transfer Mechanisms

Primary Location:

• Data primarily stored and processed in United States (AWS data centers)

International Transfers:

• We may transfer data internationally as necessary to provide Services

• All data transfers use appropriate security measures including encryption in transit and at rest

For International Customers:

• Data processing primarily occurs in US-based AWS data centers

• Customer data subject to US data protection laws

• For jurisdiction-specific questions, contact: privacy@cloudidr.com

8.2 Country-Specific Rights

California Residents: See Section 10 for CCPA/CPRA rights
EU/EEA Residents: See Section 11 for GDPR rights

 All Others: Contact privacy@cloudidr.com for jurisdiction-specific information

9. Children's Privacy

Age Restriction:

• Services not intended for individuals under 18

• We do not knowingly collect data from minors

• If we discover minor's data, we delete it promptly

Parent/Guardian Notice:

• If you believe we've collected minor's data, contact: privacy@cloudidr.com

• We will investigate and delete if confirmed

10. California Privacy Rights (CCPA/CPRA)

10.1 Information We Collect (California Categories)

• Identifiers (name, email, IP address)

• Commercial information (purchase history, service usage)

• Internet activity (website interactions, service usage)

• Professional information (job title, company)

• Inferences (usage patterns, preferences)

10.2 Your California Rights

Right to Know:

• Categories of personal information collected

• Sources of information

• Business purposes for collection

• Third parties with whom we share

Right to Delete:

• Request deletion of your personal information

• Subject to legal exceptions

Right to Opt-Out:

• We do not sell personal information

• Opt-out not applicable

Right to Non-Discrimination:

• We won't discriminate for exercising CCPA rights

• Same service quality for all users

Right to Correction:

• Request correction of inaccurate information

10.3 Exercising California Rights

• Email: privacy@cloudidr.com

• Phone: Provided upon written request

• Response Time: 45 days (may extend 45 days if needed)

• Verification: Required to confirm identity

10.4 Do Not Sell Notice

We Do Not Sell Personal Information

• We have not sold personal information in past 12 months

• We will not sell personal information in future

• "Sell" includes exchange for monetary value

11. European Privacy Rights (GDPR)

11.1 Legal Basis for Processing

We process your data based on:

Contract Performance:

• Necessary to provide Services you've requested

• Billing and account management

Legitimate Interests:

• Service improvement and optimization

• Security and fraud prevention

• Business analytics (anonymized)

Legal Obligations:

• Compliance with laws and regulations

• Response to legal requests

Consent:

• Marketing communications

• Optional cookies

• Additional data processing beyond service provision

11.2 Your GDPR Rights

Right to Access:

• Confirm whether we process your data

• Obtain copy of your data

Right to Rectification:

• Correct inaccurate data

• Complete incomplete data

Right to Erasure ("Right to be Forgotten"):

• Request deletion of your data

• Subject to legal exceptions

Right to Restrict Processing:

• Limit how we use your data

• While investigating disputed accuracy

Right to Data Portability:

• Receive data in structured format

• Transmit data to another controller

Right to Object:

• Object to processing based on legitimate interests

• Object to direct marketing (always honored)

Right to Withdraw Consent:

• Withdraw consent anytime

• Does not affect prior processing

Right to Complain:

• Lodge complaint with supervisory authority

• Contact information for your jurisdiction available at ec.europa.eu

11.3 Data Protection Officer

EU Representative: For GDPR matters:

• Email: privacy@cloudidr.com

• Response time: 30 days

12. Changes to Privacy Notice

12.1 Modification Rights

• We may modify this Privacy Notice at any time

• Changes reflect:

  • New services or features

  • Legal requirements

  • Industry best practices

  • Security improvements

12.2 Notice of Changes

Material Changes:

• 30 days advance notice via email

• Prominent notice on website

• Dashboard notification

Non-Material Changes:

• Effective upon posting

• Update date changed at top

• No active notification

12.3 Review and Acceptance

• Review Privacy Notice regularly

• Continued use after changes constitutes acceptance

• Contact us with questions: privacy@cloudidr.com

12.4 Version History

• Current version: 2.0 (January 7, 2026)

• Previous version: 1.0 (December 19, 2024)

• Full version history available upon request

13. Contact Us

13.1 Privacy Inquiries

General Privacy Questions:

• Email: privacy@cloudidr.com

• Response time: 5-10 business days

Data Subject Rights Requests:

• Email: privacy@cloudidr.com

• Response time: 30 days maximum (45 days for California)

Data Protection Officer (GDPR):

• Email: privacy@cloudidr.com

California Privacy Rights:

• Email: privacy@cloudidr.com

13.2 Mailing Address

cloudidr
8 The Green, Suite A
Dover, DE 19901
United States

13.3 Regulatory Complaints

If you believe we've violated privacy laws:

United States (FTC):

• Federal Trade Commission

• www.ftc.gov/complaint

European Union:

• Your local Data Protection Authority

• List: ec.europa.eu/justice/data-protection

California (AG):

• California Attorney General

• oag.ca.gov/privacy

Summary of Changes from Previous Version

Major Additions:

1. Section 2.3: Complete LLM Ops data collection policies
   
   
   

   • Metadata-only collection detailed

   • API key handling explicitly described

   • What we do NOT collect emphasized

   • Data flow documentation

2. Section 2.4: FlexCompute and compute services data collection
   
   
   

3. Section 4: Enhanced information sharing section
   
   
   

   • Third-party AI providers clarified

   • Anonymous aggregate data usage added

4. Section 5: Enhanced security measures
   
   
   

   • LLM Ops specific security added

   • Data retention policies expanded

   • Storage locations specified

5. Sections 10-11: California (CCPA/CPRA) and EU (GDPR) compliance
   
   
   

   • Complete CCPA rights section

   • Complete GDPR rights section

   • DPO contact information

   • Regulatory authority contacts

6. Section 12: Version control and change management
   
   
   

Key Policy Updates:

• API keys never stored (LLM Ops specific)

• Metadata-only for LLM Ops (no content collection)

• 30-day deletion guarantee for LLM Ops data after account closure

• Enhanced data subject rights (CCPA/GDPR)

• Clarified international data transfers

• Expanded security measures documentation

• Added cookie management details

Services Covered:

• Updated to include all cloudidr services: DRCS, SCS / FlexCompute, GPU Service, Hosted Models, LLM Ops