deepcloud ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service at deepcloud.io.

1. Information We Collect

We collect information you provide directly: email address, full name, and account preferences. We also automatically collect usage data including IP address, browser type, device identifiers, pages visited, and actions taken within the platform. We do not collect the content of your encrypted files — this is mathematically impossible due to our zero-knowledge architecture.

2. How We Use Your Information

Your information is used to: provide and improve the deepcloud service, authenticate your identity, send security alerts and product updates (with your consent), process payments via Stripe, enforce our Terms of Service, and comply with legal obligations. We never sell your personal data to third parties.

3. Zero-Knowledge Architecture

deepcloud uses client-side encryption. Your files are encrypted on your device before being uploaded. We hold only encrypted ciphertext — we cannot decrypt or read your files even if compelled by law. Your encryption keys are derived from your credentials and never transmitted to our servers.

4. Data Sharing

We share data only with: (a) Stripe for payment processing, (b) Twilio for SMS authentication, (c) infrastructure providers (AWS, Appwrite) bound by strict data processing agreements, and (d) law enforcement when legally required. All third parties are GDPR-compliant.

5. Data Retention

Active account data is retained as long as your account exists. After account deletion, personal data is removed within 30 days. Encrypted file data is removed immediately upon deletion. Audit logs are retained for 12 months for security purposes, then permanently deleted.

6. Your Rights (GDPR / CCPA)

You have the right to: access your personal data, correct inaccurate data, delete your account and all associated data, export your data in a portable format, opt out of marketing communications, and restrict or object to processing. Exercise these rights at any time from your Profile settings or by emailing privacy@deepcloud.io.

7. Cookies

We use essential cookies for authentication (session tokens) and preference storage. We do not use tracking cookies or third-party advertising cookies. You can manage cookie preferences in your browser settings. See our Cookie Policy for full details.

8. Security Measures

We implement: AES-256 file encryption, TLS 1.3 for data in transit, bcrypt password hashing, rate limiting, anomaly detection, SOC 2 Type II certified infrastructure, regular penetration testing, and bug bounty programs. Despite these measures, no system is 100% secure.

9. Children's Privacy

deepcloud is not directed to children under 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal information, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification at least 30 days before changes take effect. Continued use of deepcloud after changes constitutes acceptance.

11. Contact Us

For privacy-related questions: email privacy@deepcloud.io, or write to deepcloud Privacy Team, 123 Cloud Street, San Francisco, CA 94105, USA.