Privacy Policy

Introduction

We at Kuboide SRLS ("Kuboide", "we" or "us") are strongly committed to respecting your privacy and keeping secure any information you share with us. This privacy policy ("Privacy Policy") explains how we collect, use, disclose, and process your personal data when you use Kuboide's software, platform, APIs, and related tools, including the website at www.kuboide.com, and all related services made available by Kuboide to deploy, manage, and monitor Linux cloud servers ("Service").

This Privacy Policy also tells you how you can access and update your personal information and describes the data protection rights that may be available under your country's or state's laws, including the General Data Protection Regulation (GDPR) for European users.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge you have been informed of and consent to our practices with regard to your personal information and data.

1. Personal data we collect

We collect the following categories of personal data:

A. Personal data you provide to us directly

We collect personal data if you create an account to use our Service or communicate with us. This includes:

• Account Information: We collect identifiers such as your name and email address when you sign up for a Kuboide account or to receive information about our Service.
• Payment Information: We collect your payment information if you access any paid Kuboide products and services. Payment processing is handled by Stripe, and we do not store your full credit card details on our servers.
• Server Information: When you connect servers to Kuboide, we collect server IP addresses, hostnames, and configuration data necessary to manage your infrastructure.
• Cloud Provider Credentials: If you choose to integrate with cloud providers (AWS, Hetzner, DigitalOcean, etc.), we securely store API keys or access tokens you provide to enable server provisioning and management.
• SSH Keys: We store SSH public keys that you provide or that we generate to establish secure connections to your servers.
• Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send.

B. Personal data we receive from your use of the Service

When you use the Service, we also receive certain technical data automatically. This includes:

• Device Information: Your device or browser automatically sends us information about when and how you access or use our Service. This includes device type, browser information, operating system information, and mobile network or ISP.
• Log Information: We collect information about how our Service is performing, including your IP address, browser type and settings, error logs, and other ways you interact with the Service.
• Usage Data: We collect information about your use of the Service, such as dates and times of access, actions performed in the dashboard, deployments, server configurations, and other information about how you use the Service.
• Cookies & Similar Technologies: We utilize cookies and similar technologies to operate and manage the Service and improve your experience. For more details, please visit our Cookie Policy.
• Location Information: For security and performance reasons, we may determine the geographic location from which your device accesses our Service using information such as your IP address.

C. Information we do NOT collect

Kuboide is designed to manage server infrastructure only. We explicitly do NOT collect or access:

• Application Data: Your code, databases, user data, files, and any content stored on your servers is never read, copied, or accessed by Kuboide.
• Server Passwords: We use SSH key-based authentication only. We never ask for or store server root passwords.
• Sensitive Personal Data: We do not knowingly collect sensitive or special category personal information, such as genetic data, biometric data, health information, or religious information.
• Children's Data: We do not knowingly collect information from or direct any of our Service to children under the age of 18. If we learn that a user is under 18, we will delete the account.

2. How we use personal data

We may use personal data for the following purposes:

• To provide and maintain the Service, including server provisioning, configuration management, deployments, and monitoring.
• To create, manage, and administer your account, including facilitating payments and responding to inquiries.
• To connect to your cloud providers on your behalf and manage server infrastructure as instructed by you.
• To improve and develop the Service and conduct research, including debugging and identifying issues that impair functionality.
• To communicate with you, including sending service updates, security alerts, and support messages.
• To prevent, detect, and investigate fraud, abuse, security incidents, and violations of our Terms of Service.
• To comply with legal obligations and protect the rights, safety, privacy, and property of users, Kuboide, or third parties.
• To enforce our Terms of Service and other applicable agreements.

We may aggregate or de-identify personal data so that it no longer identifies you, and use that information for purposes such as analyzing how the Service is used, improving features, and conducting research.

3. How we share personal data

We may disclose your personal data in the following circumstances:

• Service Providers and Business Partners: We may disclose personal data to third-party vendors and service providers who support our business operations, including payment processing (Stripe), cloud infrastructure, analytics, customer support, and IT providers. These parties process personal data only as necessary to perform services on our behalf.
• Cloud Providers: When you authorize Kuboide to manage servers on cloud providers (AWS, Hetzner, DigitalOcean, etc.), we transmit necessary credentials and instructions to those providers to perform requested operations.
• Business Transfers: In the event of a merger, acquisition, restructuring, bankruptcy, or other corporate transaction, personal data may be disclosed or transferred as part of the transaction.
• Legal Compliance and Protection of Rights: We may disclose personal data to government authorities or other third parties if required to comply with applicable laws, respond to lawful requests, protect safety and rights, prevent fraud, or enforce our Terms of Service.
• With Your Consent: We may disclose personal data when you give us permission to do so.

4. Subprocessors

We engage the following third-party subprocessors to help us provide the Service:

Cloud providers listed above are only engaged when you choose to provision or manage servers on those platforms.

5. Retention

Kuboide retains your personal data only for as long as necessary to operate the Service effectively and to support legitimate business needs:

• Account Data: Retained while your account is active and for a reasonable period afterward to comply with legal obligations.
• Server Data: Retained until you remove the server from Kuboide or delete your account.
• Logs and Usage Data: Retained for up to 90 days for security, debugging, and service improvement purposes.
• Payment Records: Retained as required by applicable tax and accounting laws (typically 10 years in Italy).
• Communication Records: Retained for as long as necessary to resolve inquiries and for legal compliance.

When personal data is no longer needed, we will delete, erase, de-identify, or anonymize it in compliance with applicable laws.

6. Security

We implement commercially reasonable technical and organizational measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption in Transit: All communications between your browser and our servers, and between our systems and your servers, are encrypted using TLS.
• Encryption at Rest: Sensitive data such as cloud provider credentials and SSH keys are encrypted at rest.
• SSH Key Authentication: We use secure SSH key-based authentication for all server connections. No passwords are stored or transmitted.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
• Security Monitoring: We monitor our systems for suspicious activity and potential security threats.

However, no method of transmission over the Internet or method of electronic storage is completely secure. You should use caution when deciding what information to share with the Service.

7. Your rights and choices

Depending on where you live and the laws that apply, you may have certain rights in relation to your personal data. These may include:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request correction of inaccurate personal data.
• Right to Erasure: You can request deletion of your personal data, subject to certain exceptions.
• Right to Data Portability: You can request your data in a portable format.
• Right to Object: You can object to certain types of processing.
• Right to Restriction: You can request restriction of processing in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at info@kuboide.com. We may request information to verify your identity before processing your request. We will not discriminate against you for exercising any privacy rights.

No Sale of Personal Data: We do not sell or share personal data for cross-contextual behavioral advertising or targeted advertising purposes.

8. GDPR - European users

This section provides additional information for users in the European Economic Area (EEA), United Kingdom, and Switzerland.

Data Controller

The data controller responsible for your personal data is:

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Performance of Contract: Processing necessary to provide the Service you have requested (account management, server provisioning, deployments, etc.).
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, where these interests are not overridden by your rights.
• Legal Obligation: Processing necessary to comply with legal obligations, such as tax and accounting requirements.
• Consent: Where required, we will obtain your consent for specific processing activities, such as marketing communications.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally valid transfer mechanisms

Your EU Rights

In addition to the rights listed in Section 7, European users have the right to lodge a complaint with a supervisory authority. In Italy, you can contact:

9. Privacy policy changes

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Publish an updated version with a new effective date at the top of this page
• Notify you by email if the changes are significant

Your continued use of the Service after any change in this Privacy Policy will constitute your acceptance of such change. We encourage you to review this Privacy Policy periodically.

10. Contacting us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

We will respond to your inquiry as soon as reasonably possible.