CloudFran™ Privacy Policy

Last Updated: January 29, 2025

—

 Introduction

At CLOUDFRAN, INC (“we,” “our,” or “us”), we recognize the importance of your privacy and are committed to safeguarding your personal information. This Privacy Policy outlines how we collect, store, process, and share your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. We strive for transparency in our data practices, ensuring you are informed about how your personal data is handled.

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles. Any disputes shall be resolved exclusively in the state or federal courts located in Wilmington, Delaware.

This Privacy Policy applies to our U.S. stores, online experiences (including our websites and mobile applications), and any other locations where you interact with us. By using our services, you consent to the practices outlined in this Privacy Policy. If you do not agree with the terms, please refrain from using our services.

—

 What Personal Information Do We Collect?

We may collect the following categories of personal information:

•Identifiers: Name, email address, phone number, IP address, account credentials.

•Commercial Information: Purchase history, product preferences.

•Payment Information: Billing details, credit card numbers.

•Internet/Network Activity: Browsing data, device identifiers, interactions with our website.

•Geolocation Data: Precise or approximate location based on user consent.

•Professional or Business Information: Business contacts, employer details (for business accounts).

•User-Generated Content: Public comments, reviews, feedback.

Your Rights Regarding Personal Information

Under GDPR, you have several rights concerning your personal information, including:

– Right to Access: Request access to your personal data and obtain a copy.

– Right to Rectification: Request correction of inaccurate or incomplete data.

– Right to Erasure: Request deletion of your personal data under certain conditions.

– Right to Restrict Processing: Request to limit how we process your personal data.

– Right to Data Portability: Request transfer of your personal data to another organization.

– Right to Object: Object to the processing of your personal data in certain situations.

To exercise these rights, please contact us using the details provided below.

Your Rights Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

If you are a California resident, you have the following rights under CCPA/CPRA:

•Right to Know: You have the right to request information regarding the personal data we collect, use, disclose, or sell.

•Right to Delete: You can request the deletion of personal information, subject to legal limitations.

•Right to Correct: You can request correction of any inaccurate personal information we maintain about you.

•Right to Opt-Out of Sale or Sharing: CloudFran does not sell personal information, but if we ever engage in such activities, you will have the right to opt out.

•Right to Limit Use of Sensitive Personal Information: You may request that we restrict the processing of certain sensitive data, such as financial information or precise geolocation.

•Right to Non-Discrimination: Exercising your privacy rights will not result in discriminatory treatment, including denial of service or different pricing.

To exercise your CCPA/CPRA rights, please contact us at su*****@cl*******.com with “CCPA Request” in the subject line.

Your Rights Under Other U.S. State Privacy Laws

If you are a resident of Virginia, Colorado, Connecticut, Utah, or other U.S. states with applicable privacy laws, you may have additional rights, including:

•Right to Access & Data Portability – Request a copy of personal data in a portable format.

•Right to Correction – Request correction of inaccurate personal information.

•Right to Deletion – Request deletion of personal data under applicable legal conditions.

•Right to Opt-Out of Targeted Advertising & Profiling – Opt-out of personalized advertising and automated decision-making.

To exercise your state-specific rights, please contact us at su*****@cl*******.com with “Privacy Rights Request” in the subject line.

2. Automated Information Collection:

We may utilize cookies and similar tracking technologies to collect information automatically from your device, including:

– Device Information: IP address, browser type, operating system, and device identifiers.

– Browsing Data: Pages viewed, links clicked, time spent on the site, and interactions with our emails.

– Location Data: With your consent, we may collect precise location data.

3. Third-Party Information:

We may receive additional publicly available information about you from third parties.

—

 When Do We Collect Your Personal Information?

We collect your personal information in various situations, including when you:

– Purchase products or services from us.

– Make a return or exchange.

– Access our websites or mobile applications.

– Join a loyalty program or create an account.

– Participate in surveys, promotions, or discounts.

– Contact our customer service team.

– Engage with us on social media.

– Fill out registration or contact forms.

—

 How Do We Use Your Personal Information?

We use your personal information for legitimate business purposes, including:

– Order Processing: To process and fulfill your orders.

– Customer Communication: To communicate with you regarding purchases and respond to inquiries.

– Marketing: To send you marketing materials (with your consent) and analyze shopping trends to enhance your experience.

– Personalization: To personalize your shopping experience and improve our services.

– Fraud Prevention: To conduct fraud checks and ensure security.

– Compliance: To fulfill legal obligations and respond to legitimate requests from authorities.

—

 Sharing Your Personal Information

We may share your personal information with:

– Service Providers: Trusted third-party vendors for payment processing and services (all third-party service providers are required to maintain confidentiality and security).

– Legal Authorities: To comply with legal obligations, prevent fraud, or respond to law enforcement requests.

– Business Transfers: In the event of a merger, sale, or transfer of assets.

– Affiliated Brands: Other members of our corporate family for operational purposes.

We do not sell personal information to third parties.

How Do We use Your Personal Information?

Legal Basis for Processing (GDPR Article 6)

Under GDPR, we rely on the following legal bases to process your personal data:

•Performance of a Contract – Processing is necessary to fulfill contractual obligations, such as order processing and customer support.

•Legitimate Interests – Processing is based on our legitimate business interests, such as improving services, fraud prevention, and security.

•Consent – We rely on consent for marketing communications and the collection of sensitive data (e.g., location tracking).

•Legal Obligation – We process personal data to comply with legal requirements, such as tax and accounting regulations.

Where processing is based on consent, you have the right to withdraw your consent at any time.
—

AI and Machine Learning Models

CloudFran™ may use de-identified customer data to improve AI and machine learning models, enhancing product functionality. By using our services, you acknowledge and consent to this processing.

 International Transfers

We may transfer your personal data to countries outside your own. When doing so, we will ensure that appropriate safeguards are in place to protect your data in compliance with GDPR.

Third-Party Data Transfers

We may transfer personal data to third-party service providers located outside of your country. When doing so, we implement adequate safeguards to ensure your data is protected, including:

•Standard Contractual Clauses (SCCs) approved by the European Commission.

•Binding Corporate Rules (BCRs) for intra-company transfers.

•Privacy Shield Frameworks (where applicable).

If you require further information on our third-party data processors, you may contact us at su*****@cl*******.com.

—

 Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, or misuse. This includes encryption, firewalls, and secure access controls.

Cross-Border Data Transfers

If we transfer personal data outside of your country (e.g., U.S. to the EU or vice versa), we ensure compliance with:

•GDPR Standard Contractual Clauses (SCCs)

•Adequacy Decisions (for countries approved by the European Commission)

•Binding Corporate Rules (BCRs)

•Other Legally Approved Mechanisms

For details on specific cross-border transfers, contact su*****@cl*******.com.

Third-Party Security Measures

We work with third-party service providers (e.g., payment processors, cloud hosting) that implement strict security standards, including:

•Data Encryption – All data is encrypted at rest and in transit.

•Access Controls – Restricted access to authorized personnel only.

•Regular Security Audits – Conducted to prevent unauthorized data access.

•Incident Response Plan – In place to detect and mitigate potential breaches.

If a data breach affects your information, we will notify you as required by law.

—

 Children’s Privacy

CLOUDFRAN, INC does not knowingly collect personal information from children under 16 in the EU or under 13 in the U.S. If we learn that we have collected data from a minor without appropriate parental consent, we will delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at su*****@cl*******.com to address the issue.

—

 Changes to This Privacy Policy

We may update this Privacy Policy periodically. Please review it regularly for any changes. If we make significant changes, we will notify you through our services or via email. Your continued use of our services after the changes indicates your acceptance of the updated policy.

Cookies and Tracking Technologies

We use cookies, pixels, and similar tracking technologies to enhance your experience and analyze website usage.

How We Use Cookies:

•Essential Cookies: Necessary for website functionality.

•Analytics Cookies: Help us analyze website traffic and user behavior.

•Marketing Cookies: Used for personalized advertising and promotions.

You can manage or disable cookies through your browser settings. If you are in the EU or California, you may opt-out of tracking through our Cookie Preferences Input

Do Not Track & Global Privacy Controls (GPC)

Some browsers allow users to enable “Do Not Track” (DNT) signals or Global Privacy Controls (GPC) to indicate a preference to opt out of tracking.

•For California Residents: If a GPC signal is detected, we will treat it as an opt-out request for targeted advertising.

•For Other Users: We honor DNT and GPC signals as required by applicable laws.

For more information, visit https://cloudfran.com

Data Retention Policy  (Required for GDPR & Best Practice)

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:

•Account Data: Retained while your account remains active.

•Transaction Data: Retained for at least 7 years for compliance with tax and legal obligations.

•Marketing Data: Retained until you opt out of marketing communications.

•Cookies & Tracking Data: Stored based on industry standards and user preferences.

Once retention periods expire, data is either deleted or anonymized.

 Business Transfers and Corporate Changes

In the event of a merger, acquisition, bankruptcy, asset sale, or restructuring, your personal data may be transferred as part of the transaction. If required by law, we will notify you via email or a prominent notice before the transfer occurs.

You may opt-out of data transfers not involving legal obligations by contacting su*****@cl*******.com.

How to Withdraw Marketing Consent

If you previously consented to receive marketing emails, SMS messages, or push notifications, you may withdraw consent by:

•Clicking “Unsubscribe” in emails.

•Adjusting notification settings in your account preferences.

•Replying “STOP” to opt-out of SMS messages.

•Contacting su*****@cl*******.com to request manual removal.

Once unsubscribed, we may still contact you regarding account-related transactions, security alerts, or legal obligations.  The CloudFran website enables users to option out of advertisement by selection cookie preference for advertisement, if applicable, located on Cloudfran.com

 Contact Us

If you have any questions or concerns regarding this Privacy Policy or your rights under GDPR, please contact us at:

CLOUDFRAN, INC 

Email: su*****@cl*******.com

—

By clearly outlining our practices regarding personal information and your rights, we aim to build trust and transparency with our users. Thank you for choosing CLOUDFRAN, INC.