Policies

Version 1.2, Revision 2

Terms of Service


1. Your Agreement with CloudStrap

1.1Your use of the CloudStrap services is governed by this agreement (the "Terms"). with CloudStrap AD, company number 204018250, VAT No: BG204018250, located at 3, Angel Kanchev str. ,1000 Sofia, Bulgaria, and its subsidiaries or affiliates involved in providing the Services. The "Services" means the services CloudStrap makes available through this website, including this website, the CloudStrap cloud computing platform, the CloudStrap API, the CloudStrap Add-ons, and any other software or services offered by CloudStrap.

1.2In order to use the CloudStrap Services, you must first agree to the Terms. You can agree to the Terms by actually using the CloudStrap Services. You understand and agree that CloudStrap will treat your use of the CloudStrap Services as acceptance of the Terms from that point onwards. By accepting the Terms, a contractual relation between you as a client and CloudStrap is established in accordance with the terms and conditions set herein.

1.3You may not use the CloudStrap Services if you are a person barred from receiving the CloudStrap Services under the laws of the Republic of Bulgaria or other countries, including the country in which you are resident or from which you use the CloudStrap Services. You affirm that you are over the age of 13, as the CloudStrap Services may not be used by children under 13.

1.4You agree your purchases of CloudStrap Services are not contingent on the delivery of any future functionality or features or dependent on any oral or written public comments made by CloudStrap or any of its affiliates regarding future functionality or features.

2. Your Account and Use of the CloudStrap Services

2.1You must provide accurate and complete registration information any time you register to use the CloudStrap Services. You are responsible for the security of your passwords and for any use of your account. If you become aware of any unauthorized use of your password or of your account, you agree to notify CloudStrap immediately.

2.2Your use of the CloudStrap Services must comply with all applicable laws, regulations and ordinances, including any laws regarding the export of data or software

2.3You agree not to (a) access (or attempt to access) the administrative interface of the CloudStrap Services by any means other than through the interface that is provided by CloudStrap in connection with the CloudStrap Services, unless you have been specifically allowed to do so in a separate agreement with CloudStrap, or (b) engage in any activity that interferes with or disrupts the CloudStrap Services (or the servers and networks which are connected to the Service)

2.4You may use the CloudStrap Services only to develop and run applications on the CloudStrap infrastructure. You may not access the CloudStrap Services for the purpose of bringing an intellectual property infringement claim against CloudStrap or for the purpose of creating a product or service competitive with the CloudStrap Services.

3. Service Policies and Privacy

3.1You agree to comply with the CloudStrap Acceptable Use Policy available at acceptable use policy (the "Acceptable Use Policy") which is incorporated herein by this reference and which may be updated from time to time.

3.2The CloudStrap Services shall be subject to the privacy policy available at www.cloudstrap.io/policies#privacy-policy and the Privacy notice available at www.cloudstrap.io/policies#gdpr-privacy-notice. You agree to the use of your data in accordance with CloudStrap's privacy policies.

3.3You agree that you will protect the privacy and legal rights of the End Users of your application. You must obtain any consents required by applicable data protection laws and provide legally adequate privacy notice, access, and protection for End Users. If End Users provide you with user names, passwords, or other login information or personal information, you must make the End Users aware that the information will be available to your application and to CloudStrap.

3.4CloudStrap takes all necessary measures to protect your personal data and to the best of its ability - the personal data of the End Users in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 regarding the privacy protection of individuals, the processing of personal data, the free movement of such data and the repeal of Directive 95/46 / EC (GDPR) and the Personal Data Protection Act. CloudStrap shall process the personal data in accordance with Art. 6, para. 1, b. "b" of the GDPR – the processing is necessary in order to fulfill a contract to which the user is a party.

3.5When providing the Service, CloudStrap acts only accordingly to your instructions and only as far as having control over the personal data you are processing as a part of the use of the Service. The Service Agreement and the application of the service's functionalities and capabilities are made available by CloudStrap as part of the Service by representing fully and explicitly your instructions as the Service Consumer to CloudStrap as the Service Provider. In this sense, CloudStrap has no control over the content and data you choose to upload within the service's usage (including whether the information contains personal data or not). Respectively, CloudStrap does not take role in deciding if you are executing data processing with the service, for what purposes and whether this particular information is protected. In this instance, the responsibility of CloudStrap is limited to 1) complying in complete accordance with your instructions for use of the Service, and 2) providing information about the service and functionality documentation through its interface. CloudStrap has no control and carries no responsibility of the personal data which you process.

3.6Your personal data, as well as the data which you are processing as a part of the Services and in your Applications, shall be stored within the European Union, unless you have expressly chosen another region for your Application. Irrespective of the chosen region, CloudStrap undertakes all reasonable and adequate measures for secure storage and processing of the personal data.

4. Content on the CloudStrap Services and Take Down Obligations

4.1You understand that all information (such as data files, written text, computer software, music, audio files or other sounds, photographs, videos or other images) to which you may have access as part of, or through your use of, the CloudStrap Services are the sole responsibility of the person from which such content originated. All such information is referred to below as the "Content." The term Content shall specifically exclude the web application that you create using the CloudStrap Services and any source code written by you to be used with the CloudStrap Services (collectively, "Applications").

4.2CloudStrap reserves the right (but shall have no obligation) to remove any or all Content from the CloudStrap Services. You agree to immediately take down any Content that violates the Acceptable Use Policy, including pursuant to a take down request from CloudStrap. In the event that you elect not to comply with a request from CloudStrap to take down certain Content, CloudStrap reserves the right to directly take down such Content or to disable Applications.

4.3In the event that you become aware of any violation of the Acceptable Use Policy by an End User of Applications, you shall immediately terminate such end user's account on your Application. CloudStrap reserves the right to disable Applications in response to a violation or suspected violation of the Acceptable Use Policy.

4.4You agree that you are solely responsible for (and that CloudStrap has no responsibility to you or to any third party for) the Application or any Content that you create, transmit or display while using the CloudStrap Services and for the consequences of your actions (including any loss or damage which CloudStrap may suffer) by doing so.

4.5You agree that CloudStrap has no responsibility or liability for the deletion or failure to store any Content and other communications maintained or transmitted through use of the Service. You further acknowledge that you are solely responsible for securing and backing up your Applications and any Content.

5. Proprietary Rights

5.1You acknowledge and agree that CloudStrap (or CloudStrap's licensors) own all legal right, title and interest in and to the CloudStrap Services, including any intellectual property rights which subsist in the CloudStrap Services (whether those rights happen to be registered or not, and wherever in the world those rights may exist).

5.2Except as provided in Section 8, CloudStrap acknowledges and agrees that it obtains no right, title or interest from you (or your licensors) under these Terms in or to any Content or Applications that you create, submit, post, transmit or display on, or through, the CloudStrap Services, including any intellectual property rights which subsist in that Content and the Application (whether those rights happen to be registered or not, and wherever in the world those rights may exist). Unless you have agreed otherwise in writing with CloudStrap, you agree that you are responsible for protecting and enforcing those rights and that CloudStrap has no obligation to do so on your behalf.

6. License from CloudStrap and Restrictions

6.1CloudStrap grants you a revocable, personal, worldwide, royalty-free, non-assignable and non-exclusive license to use the software provided to you by CloudStrap as part of the CloudStrap Services as provided to you by CloudStrap. This license is for the sole purpose of enabling you to use and enjoy the benefit of the CloudStrap Services as provided by CloudStrap, in the manner permitted by the Terms.

6.2You may not (and you may not permit anyone else to): (a) copy, modify, create a derivative work of, reverse engineer, decompile or otherwise attempt to extract the source code of the CloudStrap Services or any part thereof, unless this is expressly permitted or required by law, or unless you have been specifically told that you may do so by CloudStrap, in writing (e.g., through an open source software license); (b) attempt to disable or circumvent any security mechanisms used by the CloudStrap Services or any applications running on the CloudStrap Services; or (c) use the CloudStrap Services in any way that may subject the CloudStrap Services to any obligations under any open source software license, including, without limitation any license which imposes any obligation or restriction with respect to CloudStrap's patent or other intellectual property rights in the CloudStrap Services.

6.3Open source software licenses for components of the CloudStrap Services released under an open source license constitute separate written agreements. To the limited extent that the open source software licenses expressly supersede these Terms, the open source licenses govern your agreement with CloudStrap for the use of the components of the CloudStrap Services released under an open source license.

7. License from You

7.1CloudStrap claims no ownership or control over any Content or Application. You retain copyright and any other rights you already hold in the Content and/or Application, and you are responsible for protecting those rights, as appropriate. By submitting, posting or displaying the Content on or through the CloudStrap Services you give CloudStrap a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute such Content for the sole purpose of enabling CloudStrap to provide you with the CloudStrap Services. Furthermore, by creating an Application through use of the CloudStrap Services, you give CloudStrap a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute such Application for the sole purpose of enabling CloudStrap to provide you with the CloudStrap Services.

7.2By adding a collaborator to your Application, you hereby grant to that user a non-exclusive, royalty-free, non-transferable license, with no right to sub-license, to use, display, perform, reproduce, modify, publish, distribute, list information regarding, edit, translate and analyze such Application(s) and Content as permitted by the relevant CloudStrap Services functionality or features for the sole purpose of collaborating on development of the Application(s).

7.3You may choose to or we may invite you to submit comments or ideas about the CloudStrap Services, including without limitation about how to improve the CloudStrap Services or our products ("Ideas"). By submitting any Idea, you agree that your disclosure is gratuitous, unsolicited and without restriction and will not place CloudStrap under any fiduciary or other obligation, and that we are free to use the Idea without any additional compensation to you, and/or to disclose the Idea on a non-confidential basis or otherwise to anyone.

7.4You agree that CloudStrap, in its sole discretion, may use your trade names, trademarks, service marks, logos, domain names and other distinctive brand features in presentations, marketing materials, customer lists, financial reports and Web site listings (including links to your website) for the purpose of advertising or publicizing your use of the CloudStrap Services.

8. EXCLUSION OF WARRANTIES

8.1NOTHING IN THESE TERMS, INCLUDING SECTIONS 'EXCLUSION OF WARRANTIES' AND 'Other Content', SHALL EXCLUDE OR LIMIT CLOUDSTRAP'S WARRANTY OR LIABILITY FOR LOSSES WHICH MAY NOT BE LAWFULLY EXCLUDED OR LIMITED BY APPLICABLE LAW.

8.2YOU EXPRESSLY UNDERSTAND AND AGREE THAT YOUR USE OF THE CLOUDSTRAP SERVICE IS AT YOUR SOLE RISK AND THAT THE CLOUDSTRAP SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE."

8.3CLOUDSTRAP, ITS SUBSIDIARIES AND AFFILIATES, AND ITS LICENSORS MAKE NO EXPRESS WARRANTIES AND DISCLAIM ALL IMPLIED WARRANTIES REGARDING THE CLOUDSTRAP SERVICES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CLOUDSTRAP, ITS SUBSIDIARIES AND AFFILIATES, AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO YOU THAT: (A) YOUR USE OF THE CLOUDSTRAP SERVICES WILL MEET YOUR REQUIREMENTS, (B) YOUR USE OF THE CLOUDSTRAP SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED THROUGH THE CLOUDSTRAP SERVICES WILL BE ACCURATE.

9. LIMITATION OF LIABILITY

9.1SUBJECT TO SECTION "EXCLUSION OF WARRANTIES para 1" ABOVE, YOU EXPRESSLY UNDERSTAND AND AGREE THAT CLOUDSTRAP, ITS SUBSIDIARIES AND AFFILIATES, AND ITS LICENSORS SHALL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL CONSEQUENTIAL OR EXEMPLARY DAMAGES WHICH MAY BE INCURRED BY YOU, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY. THIS SHALL INCLUDE, BUT NOT BE LIMITED TO, ANY LOSS OF PROFIT (WHETHER INCURRED DIRECTLY OR INDIRECTLY), ANY LOSS OF GOODWILL OR BUSINESS REPUTATION, ANY LOSS OF DATA SUFFERED, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR OTHER INTANGIBLE LOSS.

9.2THE LIMITATIONS ON CLOUDSTRAP'S LIABILITY TO YOU IN PARAGRAPH 'LIMITATION OF LIABILITY para 1' ABOVE SHALL APPLY WHETHER OR NOT CLOUDSTRAP HAS BEEN ADVISED OF OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF ANY SUCH LOSSES ARISING.

10. Indemnification

10.1You agree to hold harmless, defend and indemnify CloudStrap, and its subsidiaries, affiliates, officers, agents, employees, advertisers, licensors, suppliers or partners (collectively "CloudStrap and Partners") from and against any third party claim arising from or in any way related to (a) your breach of the Terms, (b) your use of the CloudStrap Services, (c) your violation of applicable laws, rules or regulations in connection with the CloudStrap Services, or (d) your Content or your Application, including any liability or expense arising from all claims, losses, damages (actual and consequential), suits, judgments, litigation costs and attorneys' fees, of every kind and nature. In such a case, CloudStrap will provide you with written notice of such claim, suit or action.

11. Other Content

11.1The CloudStrap Services may include hyperlinks to other web sites or content or resources or email content. CloudStrap may have no control over any web sites or resources which are provided by companies or persons other than CloudStrap.

11.2You acknowledge and agree that CloudStrap is not responsible for the availability of any such external sites or resources, and does not endorse any advertising, products or other materials on or available from such web sites or resources.

11.3You acknowledge and agree that CloudStrap is not liable for any loss or damage which may be incurred by you or your End Users as a result of the content or availability of those external sites or resources, or as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products or other materials on, or available from, such web sites or resources.

12. Changes to the Terms

12.1CloudStrap may make changes to the Terms from time to time. If we change the Terms in any substantive way, we will give you at least seven (7) days notice before the changes take effect, during which period of time you may reject the changes by terminating your account.

12.2You understand and agree that if you use the CloudStrap Services after the date on which the Terms have changed, CloudStrap will treat your use as acceptance of the updated Terms.

13. General Legal Terms

13.1Except to the extent you and CloudStrap have entered into a separate written agreement that is expressly intended to supersede these Terms either in whole or in part, the Terms constitute the whole legal agreement between you and CloudStrap and govern your use of the CloudStrap Services (but excluding any services which CloudStrap may provide to you under a separate written agreement), and completely replace any prior agreements between you and CloudStrap in relation to the CloudStrap Services.

13.2There are no third party beneficiaries to these Terms. The parties are independent contractors, and nothing in these Terms creates an agency, partnership or joint venture.

13.3If CloudStrap provides you with a translation of the English language version of these Terms, the English language version of these Terms will control if there is any conflict.

13.4You agree that CloudStrap may provide you with notices, including those regarding changes to the Terms, by email, regular mail, or postings on the CloudStrap Services. By providing CloudStrap your email address, you consent to our using the email address to send you any notices required by law in lieu of communication by postal mail.

13.5You agree that if CloudStrap does not exercise or enforce any legal right or remedy which is contained in the Terms (or which CloudStrap has the benefit of under any applicable law), this will not be taken to be a formal waiver of CloudStrap's rights and that those rights or remedies will still be available to CloudStrap.

13.6CloudStrap shall not be liable for failing or delaying performance of its obligations resulting from any condition beyond its reasonable control, including but not limited to, governmental action, acts of terrorism, earthquake, fire, flood or other acts of God, labor conditions, power failures, and Internet disturbances.

13.7The Terms, and your relationship with CloudStrap under the Terms, shall be governed by the laws of the Republic of Bulgaria without regard to its conflict of laws provisions. You and CloudStrap agree to submit to the exclusive jurisdiction of the Bulgarian courts to resolve any legal matter arising from the Terms.

13.8You may not assign any of your rights or obligations under these Terms, whether by operation of law or otherwise, without the prior written consent of CloudStrap (not to be unreasonably withheld).


Security Policy

We enable our customers to focus on their apps without worrying about infrastructure, scaling, security, and ops. The CloudStrap platform protects customers from threats by employing strict security controls at every layer from physical to application level. The CloudStrap team can rapidly deploy security updates to keep customer applications protected.


1. Security Assessments and Compliance

1.1DATA CENTERS - CloudStrap's physical infrastructure is hosted and managed within Amazon's secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data center operations have been accredited under: ISO 27001, SOC 1/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX), PCI

We use payment processor Braintree for encrypting and processing credit card payments. Braintree is a validated Level 1 PCI DSS Compliant Service Provider.

1.2PHYSICAL SECURITY - CloudStrap utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

For additional information see: AWS Security

2. Environmental Safeguards

2.1FIRE DETECTION AND SUPPRESSION - Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.

2.2POWER -The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.

2.3CLIMATE AND TEMPERATURE CONTROL - Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels.

2.4MANAGEMENT - Data center staff monitor electrical, mechanical and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

3. Network Security

3.1FIREWALLS - Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.

Host-based firewalls restrict customer applications from establishing localhost connections over the loopback network interface to further isolate customer applications. Host-based firewalls also provide the ability to further limit inbound and outbound connections as needed.

3.2DDOS MITIGATION - Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed.

3.3SPOOFING AND SNIFFING PROTECTIONS - Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. CloudStrap utilizes application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels.

3.4PORT SCANNING - Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked.

4. Data Security

Customer data is stored in separate access-controlled databases per application. Customers with multiple applications are assigned separate databases per application to mitigate the risk of unauthorized access between applications inside and outside the European Union depending which region you have chosen for you Application.

5. System Security

5.1SYSTEM CONFIGURATION - System configuration and consistency is maintained through standard, up-to-date images, configuration management software, and by replacing systems with updated deployments. Systems are deployed using up-to-date images that are updated with configuration changes and security updates before deployment. Once deployed, existing systems are decommissioned and replaced with up-to-date systems.

5.2SYSTEM AUTHENTICATION - Operating system access is limited to CloudStrap staff and requires username and key authentication. Operating systems do not allow password authentication to prevent password brute force attacks, theft, and sharing.

5.3VULNERABILITY MANAGEMENT - Our vulnerability management process is designed to remediate risks without customer interaction or impact. CloudStrap is notified of vulnerabilities through internal and external assessments, system patch monitoring, and third party mailing lists and services. Each vulnerability is reviewed to determine if it is applicable to CloudStrap’s environment, ranked based on risk, and assigned to the appropriate team for resolution.

6. Backups

All of your application configuration is snapshotted every six hours. CloudStrap can restore configuration from the last snapshot if data loss occurs.

7. Disaster Recovery

7.1APPLICATION DATABASES AND CONFIGURATIONS - Our platform automatically restores customer applications and databases in the case of an outage.

7.2CloudStrap PLATFORM - The CloudStrap platform is designed for stability, scaling, and inherently mitigates common issues that lead to outages while maintaining recovery capabilities. Our platform maintains redundancy to prevent single points of failure, is able to replace failed components, and utilizes multiple data centers designed for resiliency. In the case of an outage, the platform is deployed across multiple data centers using current system images and data is restored from disaster recovery backups. CloudStrap reviews platform issues to understand the root cause, impact to customers, and improve the platform and processes.

8. Access to Customer Data

CloudStrap staff does not access or interact with customer data or applications as part of normal operations. There may be cases where CloudStrap is requested to interact with customer data or applications at the request of the customer for support purposes or where required by law. CloudStrap may also inspect customer data to debug and troubleshoot platform issues.

These Terms of Service have been last amended on 24 May 2018


Privacy Policy


1. Web Site Covered

This Privacy Statement covers the information practices of https://www.cloudstrap.io and is subject to CloudStrap's Terms of Service and Privacy Notice

2. Information Collected

CloudStrap offers a variety of services that are collectively referred to as the "Services." CloudStrap collects information from individuals who visit the Company’s Web site ("Visitors") and individuals who register to use the Services ("Customers").

When expressing an interest in obtaining additional information about the Services or registering to use the Services, CloudStrap requires you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address ("Required Contact Information"). When purchasing the Services, CloudStrap requires you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Services ("Billing Information"). CloudStrap may also ask you to provide additional information, such as company annual revenues, number of employees, or industry, or you may choose to provide information about the end users of your application ("Optional Information"). Required Contact Information, Billing Information, and Optional Information, are referred to collectively as "Data About CloudStrap Customers."

Please, have in mind that not all information which CloudStrap collects and processes is considered personal data, for instance details about companies, working e-mails, etc. Personal data is only the information relating to an identified or identifiable natural person.

The personal data which CloudStrap collects and processes, the grounds and purposes of such processing, the rights of the data subjects and other relevant information is included in CloudStrap’s Privacy Notice.

As you navigate the Company’s Web site, CloudStrap may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons ("Web Site Navigational Information"). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol ("IP") address, and the actions you take on the Company’s Web site (such as the Web pages viewed and the links clicked).

CloudStrap AD is registered as a personal data administrator with the Commission for Personal Data Protection under № 421129.

Commission for Personal Data Protection

Address: Sofia 1592 Prof. Tsvetan Lazarov Str. № 2,

tel.: (02) 940 20 46, fax: (02) 940 36 40

Email: [email protected], [email protected]

Website: www.cpdp.bg

3. Use of Information Collected

The Company uses Data About CloudStrap Customers to perform and support the services. For example, if you fill out a "Contact Me" Web form, the Company will use the information provided to contact you about your interest in the Services.

The Company may also use Data About CloudStrap Customers for marketing purposes if you have expressed your wish and consent for this. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company and its partners, such as information about promotions or events.

CloudStrap uses credit card information solely to check the financial qualifications of prospective Customers and to collect payment for the Services. CloudStrap uses Web Site Navigational Information to operate and improve the Company’s Web site. The Company may also use Web Site Navigational Information alone or in combination with Data About CloudStrap Customers to provide personalized information about the Company.

4. Web Site Navigational Information

CloudStrap uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company's Web site ("Web Site Navigational Information"). This section describes the types of Web Site Navigational Information that may be collected on the Company's Web site and how this information may be used.

4.1Cookies - CloudStrap uses cookies to make interactions with the Company's Web site easy and meaningful. When you visit the Company's Web site, CloudStrap's servers send a cookie to your computer. Standing alone, cookies do not personally identify you. They merely recognize your Web browser. Unless you choose to identify yourself to CloudStrap, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a "Contact Me" or a "30 Day Free Trial" Web form), you remain anonymous to the Company. CloudStrap uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer.

If you have chosen to identify yourself to CloudStrap, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your account is placed your browser. These session cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Session cookies are required to use the Services.

CloudStrap uses persistent cookies that only the Company can read and use to identify browsers that have previously visited the Company's Web site. When you purchase the Services or provide the Company with personal information, a unique identifier is assigned you. This unique identifier is associated with a persistent cookie that the Company places on your Web browser. The Company is especially careful about the security and confidentiality of the information stored in persistent cookies. For example, the Company does not store account numbers or passwords in persistent cookies. If you disable your Web browser's ability to accept cookies, you will be able to navigate the Company's Web site, but you will not be able to successfully use the Services.

CloudStrap may use information from session and persistent cookies in combination with Data About CloudStrap Customers to provide you with information about the Company and the Services.

4.2Web Beacons - CloudStrap uses Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors' usage of the Company's Web site and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Website tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, CloudStrap may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company's Web site. CloudStrap uses Web beacons to operate and improve the Company's Web site and email communications.

CloudStrap may use information from Web beacons in combination with Data About CloudStrap Customers to provide you with information about the Company and the Services.

4.3Flash Cookies - CloudStrap may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on our site to personalize your visit. Third parties, with whom the Company partners to provide certain features on our site or to display advertising based upon your Web browsing activity, use Flash cookies to collect and store information.

Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies.

4.4IP Addresses - When you visit CloudStrap's Web site, the Company collects your Internet Protocol ("IP") addresses to track and aggregate non-personal information. For example, CloudStrap uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company's Web site.

4.5Third Party Cookies - From time-to-time, CloudStrap engages third parties to track and analyze usage and volume statistical information from individuals who visit the Company's Web site. CloudStrap may also use other third-party cookies to track the performance of Company advertisements. The information provided to third parties does not include personal information, but this information may be re-associated with personal information after the Company receives it.

CloudStrap may also contract with third-party advertising networks that collect IP addresses and other Web Site Navigational Information on the Company's Web site and emails and on third-party Web sites. Ad networks follow your online activities over time by collecting Web Site Navigational Information through automated means, including through the use of cookies. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other Web sites. This process also helps us manage and track the effectiveness of our marketing efforts.

5. Public Forums, Refer a Friend, and Customer Testimonials

CloudStrap may provide bulletin boards, blogs, or chat rooms on the Company's Web site. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. CloudStrap is not responsible for the personal information you choose to submit in these forums.

CloudStrap may post a list of Customers and testimonials on the Company's Web site that contain information such as Customer names and titles. CloudStrap obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.

6. Sharing of Information Collected

CloudStrap may share Data About CloudStrap Customers with the Company's service providers, vendors and other partners so that they can support the services you use and contact Customers and Visitors who have provided contact information on our behalf. CloudStrap may also share Data About CloudStrap Customers with the Company's service providers, vendors and other partners to ensure the quality of information provided. Unless described in this privacy statement, CloudStrap does not share, sell, rent, or trade any information provided with third parties for their promotional purposes.

From time to time, CloudStrap may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from CloudStrap, the Company may share Data About CloudStrap Customers collected in connection with your purchase or expression of interest with our joint promotion partner(s). CloudStrap does not control our business partners' use of the Data About CloudStrap Customers we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.

CloudStrap uses a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on the Company's behalf.

CloudStrap reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company's rights and/or to comply with a judicial proceeding, court order, or legal process.

7. Communications Preferences

CloudStrap offers Customers and Visitors who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the "unsubscribe" link located on the bottom of the Company's marketing emails. Additionally, you may send a request specifying your communications preferences to [email protected]. Customers cannot opt out of receiving transactional emails related to their account with CloudStrap or the Services.

8. Correcting and Updating Your Information

Customers may update or change their registration information by logging in to their accounts at https://www.cloudstrap.io. Requests to access, change, or delete your information will be handled within 30 days.

9. Security

CloudStrap uses appropriate administrative, technical, and physical security measures to protect Data About CloudStrap Customers.

10. Changes to this Privacy Statement

CloudStrap reserves the right to change this Privacy Statement. CloudStrap will provide notification of the material changes to this Privacy Statement through the Company's Web site at least thirty (30) business days prior to the change taking effect.

11. Contacting Us

If you have questions or complaints regarding our Privacy Statement or practices, please contact us by mail. If you are located in BG or EU, our mailing address is CloudStrap AD., 1000 3, Angel Kanchev str., Sofia, Bulgaria. You may also contact us at [email protected].


GDPR Privacy Notice

Information about the Data controller

Legal name: CloudStrap AD
UIN/BULSTAT: 204018250
Seat and registered office: 3 Angel Kanchev Str., office 1, 1000 Sofia
Address of correspondence: 3 Angel Kanchev Str., office 1, 1000 Sofia
Telephone: -
E-mail: [email protected]
Registration Number at the Bulgarian Data Protection Commission 421129

Information about the Supervisory authority

Legal name: Commission for personal data protection
Seat and registered office: 2 Prof. "Tsvetan Lazarov" Blvd., Sofia 1592, Bulgaria
Address of correspondence: 2 Prof. "Tsvetan Lazarov" Blvd., Sofia 1592, Bulgaria
Telephone: +3592/91-53-518
Website: www.cpdp.bg


Art. 1. The basis for the collection, processing and storage of your personal data

1.CloudStrap collects and processes your personal data under Art. 6, para. 1, Regulation (EU) 2016/679, and in particular under the following:

- Obtained explicit consent from you as a user of the service/client;
- Performance of CloudStrap's obligations under a Contract with you;
- Processing is necessary for compliance with a legal obligation to which CloudStrap is subject;
- Processing is necessary in order to protect the vital interests of you or of another natural person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Processing is necessary for the purposes of the legitimate interests pursued by CloudStrap or by a third party.

2.CloudStrap acts as a data controller with regard to your personal data as our Customer and as a data processor with regard to the personal data of third parties which we process as a part of the Service we provide to You.

Art. 2. Objectives and principles in the course of collection, processing and storage of your personal data

1.CloudStrap collects and processes the personal data which you as our client provide, for the purposes of performance of a contract, including the following purposes:

- registration at CloudStrap's website via creating a user account and ensuring its full functionality;
- accounting purposes;
- statistical purposes;
- protection of information security;
- securing the performance of the contract for provision of the service concerned;
- optimization of the provided service;
- sending newsletters, service announcements, recommendations to improve the use of the platform, new and upgraded subscription plans, etc.;
- improvement and personalization of your service by providing offers, ads, promotional campaigns, events, and other products and services that are subject to your interest;
- dispute resolution between you and third parties.

2.CloudStrap collects and processes the personal data which you provide as a legal representative of a company with which we conclude a contract, for the purposes of individualization of our contractual partner and performance of the contract.

3.CloudStrap adheres to the following Principles in the course of processing of your personal data:

- lawfulness, fairness and transparency;
- purpose limitation of the processing personal data;
- data minimization;
- accuracy;
- storage limitation;
- integrity and confidentiality.

4.In the course of processing and storage of personal data, CloudStrap is entitled to process and keep personal data for the purposes of protection of the following legitimate interests:

- to perform its obligations towards state and municipal bodies and perform its obligations under the applicable legislation and regulations.

Art. 3. What kind of data do we collect, process and keep?

1.CloudStrap carries out the following operations with the personal data you provide for the following purposes:

Provision of technical assistance to customers through a ticketing system or call center – the operation is intended to provide a service to the customer. In some cases, the purpose of the transaction may also be to protect the legitimate interests of the company in executing the transaction.

  - We may use your name, e-mail and telephone for the provision of technical assistance as a part of our Services, on the grounds of the concluded service agreement - Art. 6, para. 1, b. (b) GDPR.

Conclusion and execution of a commercial transaction – the operation aims to conclude and execute a contract with a commercial partner or client and ensures its administration. In some cases, the purpose of the transaction may also be to protect the legitimate interests of the company in executing the transaction.

  - We may use your name as a legal representative for the conclusion and execution of a commercial transaction on the grounds of the concluded service agreement - Art. 6, para. 1, b. (b) GDPR.

Registration of a user of the services of the company – The operation is intended to provide services, including but not limited to the following: collection of data by the client for the purpose of individualization as a party to the service contract; creation of a user account for usage and management of the application creation process; acceptance of payments by the client for the services provided and billing; management of the Company's information security in the provision of services; provision of an interface for managing the processing of personal data by the user of the service; sending of messages regarding the use of the Service, upgrade proposals, etc.

  - We use your e-mail for registration at our website and contacting you, including for sending you messages related to our Services; you can additionally provide your name and telephone number in your account once it is created

  - We need Billing information such as your name, address, e-mail, phone, VAT ID and PIN, as well as payment method for billing purposes

  - We process this data on the grounds of the concluded service agreement - Art. 6, para. 1, b. (b) GDPR.

Sending newsletters – The operation aims to send newsletters at the customer's request, via email in the form of the website for sending messages

  - We use your e-mail for sending you newsletters or advertising messages in case you have indicated your wish, on the grounds of your explicit consent - Art. 6, para. 1, b. (a) GDPR.

2.CloudStrap also collects, stores and uses log-ins, cookies, IP addresses and device information pursuant to its Privacy Policy.

3.CloudStrap reserves its right to request, collect and process other data, necessary for performing the obligations under the contract.

4.CloudStrap doesn't collect and process personal data, that refers to:
- revealing racial or ethnic origin;
- revealing political opinions, religious or philosophical beliefs, or trade union membership;
- genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

5.Personal data is collected by CloudStrap from the persons it refers to.

6.The company is not carrying out automated decision making with data.

7.CloudStrap does not collect and process data of persons under the age of 13 years.

Art. 4. Duration of personal data storage

1.CloudStrap stores your personal data for the whole period of provision of the services and after deactivation of the account - for a period no longer than 5 years, unless otherwise required by the applicable law. After the expiry of this period, CloudStrap makes all reasonable efforts to delete and destroy or anonymize all of your personal data without undue delay.

2.CloudStrap informs you in case that the period for the storage of the personal data is necessary to be extended in regard to performing the purposes, performing the contract, in regard to legitimate interests of the Company or other person.

3.CloudStrap stores the personal data in accordance with the applicable law and the legal term for storage of such data could exceed the existence of the contractual relation.

Art. 5. Transmission of your personal data for processing

1.CloudStrap is allowed on its own decision to transmit all or part of your personal data to a data processor for performing the purposes of processing, including in other countries, by complying with the requirements of Regulation (EU) 2016/679, for which you are considered informed with this Privacy notice and the publicly available list of processors used by the CloudStrap.

2.CloudStrap informs you in case of intention to transmit part or all of your personal data to third countries or international organization.

3.If you chose as a region for your Application a region outside the European Union, your data will be stored in the chosen region.

Your rights in the course of collection, processing and storage of your personal data

Art. 6. Withdrawal of the consent

1.If you no longer wish for your personal data to be processed for all or specific purposes, you may at any time withdraw your consent by filling the form in your profile or sending an e-mail with a request to CloudStrap.

2.CloudStrap could request you to certify your identity in a manner it considers appropriate given the circumstances.

3.The withdrawal of your consent for processing of personal data which is required for maintenance of your profile on our website and use of our Services, will automatically deactivate your account. The withdrawal of your consent does not affect the legality and validity of any processing of your personal data which has been made prior to the withdrawal.

4.You may at any time withdraw your consent for processing of your personal data which is used for direct marketing purposes.

Art. 7. Right of access by the data subject

1.You have the right to obtain from CloudStrap confirmation as to whether or not it is processing personal data concerning you, as you can at any time view all information we have for you in your details in your client's account.

2.You have the right to obtain access to the personal data related to you, аs well as to the information regarding the collection, processing and storage of your personal data.

3.CloudStrap provides on your request, a copy of the personal data related to you and processing in electronic or other suitable form, including through visualization in your profile.

4.The provision of access to the personal data is free, but CloudStrap keeps his right to charge administrative fee, in case of repeatability or excessiveness of the requests.

Art. 8. Right to rectification or completion

1.You could at any time rectify or complete inaccurate or incomplete information concerning you directly through your account or by sending us a request via e-mail.

Art. 9. Right to erasure ("right to be forgotten")

1.You have the right to request from CloudStrap to erase the personal data concerning you and CloudStrap has the obligation to erase personal data without undue delay where one of the following grounds applies:

- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
- you object to the processing of personal data concerning you, including for the purposes of the direct marketing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services

2.CloudStrap is not obliged to erase the personal data if he collects and process them:

- for exercising the right of freedom of expression and information
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- for the establishment, exercise or defense of legal claims.

3.You can exercise your right to erasure by filling and submitting the request form in your profile or by sending an e-mail to CloudStrap, after which we could request you to certify your identity in a manner it considers appropriate given the circumstances in order to verify that you are indeed the data subject whose data should be erased.

4.CloudStrap does not erase the personal data which it has a legal obligation to store or which is necessary for proving its legitimate rights against claims against the Company.

Art. 10. Right to restriction of processing

1.You have the right to obtain from CloudStrap restriction of processing where one of the following applies:

- you contest the accuracy of the personal data, for a period enabling CloudStrap to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the CloudStrap no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;
- you have objected to processing pending the verification whether the legitimate grounds of the CloudStrap override those of yours.

Art. 11. Right to data portability

1.If you have given your consent for processing of your personal data or the processing is necessary for performance of a contract with CloudStrap, or your personal data is processed by automated means, you could, after identification before the CloudStrap:

- require CloudStrap to provide you with your personal data in readable format and to transmit those data to another controller;
- require CloudStrap to transmit directly your personal data to another controller, specified by you, where technically feasible.

2.You could exercise your right to data portability by using the "Export" option directly from your profile or by sending an e-mail to the controller and indicate the format in which you require the data to be transmitted, as well as to whom.

Art. 12. Right to receive information

1.You have the right to require CloudStrap to inform you about all recipients, to whom your personal data, for which has been required rectification, erasure or restriction of processing, have been disclosed. CloudStrap is allowed to refuse to provide this information if this is impossible or involves disproportionate effort.

Art. 13. Right to object

1.You have the right to object at any time to processing of personal data concerning you including processing for the purpose of profiling or direct marketing

Art. 14. Your rights in case of personal data breach

1.When CloudStrap detects personal data breach, which is likely to result in a high risk to your rights and freedoms, CloudStrap communicates the personal data breach to you without undue delay, as well as the measures taken or proposed to be taken by the Company.

2.CloudStrap is not obliged to inform you if:

- CloudStrap has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach;
- CloudStrap has taken subsequent measures which ensure that the high risk to your rights is no longer likely to materialize;
- it would involve disproportionate effort.

Art. 15. Persons, to whom your personal data is provided

1.For the purpose of processing your personal data and provision of the service, the CloudStrap is allowed to provide your personal data to data processors, for which you are considered informed with this Privacy notice and the publicly available list of processors used by the Company.

2.Designated processors comply with all requirements of legality and security in the course of processing and storage of your personal data.

Art. 16. Other provisions

1.In case of violation of the principles of data protection or your rights according to this Privacy notice, the Terms of use or the applicable law, you could file a complaint before the competent national supervisory authority:

Information about the Supervisory authority

Legal name: Commission for personal data protection
Seat and registered office: 2 Prof. "Tsvetan Lazarov" Blvd., Sofia 1592, Bulgaria
Address of correspondence: 2 Prof. "Tsvetan Lazarov" Blvd., Sofia 1592, Bulgaria
Telephone: +3592/91-53-518
Website: www.cpdp.bg

Art. 17.

You could exercise all of your rights related to the processing of your personal data by using the exemplary forms of CloudStrap or by using the functionalities in your profile. Of course, you can also exercise your rights by sending us an e-mail with a request. Please, have in mind that CloudStrap as a data controller with respect to your personal data may require additional information and certification of your identity for safety and security purposes.

Art. 18.

CloudStrap may at any time amend the Privacy notice for which it shall publish a notification on its website. Your continued use of the service after the publication of the amended Privacy notice means that you consent that your personal data shall be processed under the terms as set out therein.

Art. 19.

1.When assigning CloudStrap to process personal data of a third party (the End users) for the purpose of using the service, CloudStrap acts as a personal data processor.

2.In the cases under para. 1, CloudStrap acts only on your instruction as a user of the service and only as long as it may have control over the personal data you are processing. CloudStrap has no control over the content and data that you as a service user choose to upload to the service (including whether or not this data includes personal data). In this case, CloudStrap has no role in the decision-making process whether the user uses the data processing service, for what purposes and whether they are protected. Accordingly, the responsibility of CloudStrap in this case is limited to 1) complying with the user's instructions under the contract and terms and conditions, and 2) providing the service and functionality information through its interface.


CLOUDSTRAP DATA PROCESSORS LIST

Data Processor | Purpose of the processing of personal data

- Braintree / PayPal, Inc. | Processing payments
- Chargebee / ChargeBee Inc. | Managing subscriptions, invoicing and billing
- Intercom / Intercom Inc. | Real-time communication with our customers via livechat and emails.
- Teamwork / Teamwork.com Ltd. | 24/7 Technical support communication with our customers


Acceptable Use Policy

Your use of the Service is subject to this Acceptable Use Policy. CloudStrap reserves the right to terminate your account and cease all service if you are found to be in violation of this policy. We may change these policies at any time. It is your responsibility to keep up-to-date with and adhere to them. All capitalized terms used herein have the meanings stated in the Terms, unless stated otherwise.


Prohibited Content

1.The Content displayed and/or processed through your Application or other web site utilizing the Service shall not contain any of the following types of content:

- Content that infringes a third party's rights (e.g., copyright) according to applicable law;

- Excessively profane content;

- Hate-related or violent content;

- Content advocating racial or ethnic intolerance;

- Content intended to advocate or advance computer hacking or cracking;

- Other illegal activity, including without limitation illegal export of controlled substances or illegal software;

- Drug paraphernalia;

- Phishing;

- Malicious content;

- Other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third-party rights.

Prohibited Actions

1.Customer agrees not to, and not to allow third parties (including End Users) to use the Service:

- to violate, or encourage the violation of, the legal rights of others (for example, this may include allowing End Users to infringe or misappropriate the intellectual property rights of others in violation of the Digital Millennium Copyright Act);

- to engage in, promote or encourage illegal activity

- for any unlawful, invasive, infringing, defamatory or fraudulent purpose (for example, this may include phishing, creating a pyramid scheme or mirroring a website);

- to intentionally distribute viruses, worms, Trojan horses, corrupted files, hoaxes, or other items of a destructive or deceptive nature;

- to interfere with the use of the Services, or the equipment used to provide the Service, by customers, authorized resellers, or other authorized users;

- to disable, interfere with or circumvent any aspect of the Service;

- to generate, distribute, publish or facilitate unsolicited mass email, promotions, advertisings or other solicitations ("spam")


arrow-up icon