Privacy Policy
Last updated: June 2026
1. Data Controller
Cloudrix ("we", "us", "our") operates the Cloudrix SaaS Starter Kit. We are the data controller responsible for your personal data. For any privacy-related inquiries, contact us at support@cloudrix.io.
2. Information We Collect
We collect the following categories of personal data:
- Account information: name, email address, and password hash when you register.
- Payment information: billing details processed securely through Stripe. We do not store full credit card numbers.
- Usage data: pages visited, features used, timestamps, IP address, browser type, and device information.
- Communication data: support emails and feedback you send us.
3. Lawful Bases for Processing (GDPR)
We process your data under the following legal bases:
- Contract performance: to provide our services, process purchases, and deliver the product you bought.
- Legitimate interest: to improve our products, prevent fraud, and ensure security.
- Consent: for optional marketing communications (you can withdraw consent at any time).
- Legal obligation: to comply with tax, accounting, and other legal requirements.
4. How We Use Your Information
To provide and maintain our service, process payments, send transactional emails (welcome, password reset, invoices), and improve user experience through analytics.
5. Cookie Policy
We use the following types of cookies:
- Essential cookies: required for authentication and security (session tokens, CSRF protection).
- Functional cookies: to remember your preferences (theme, language).
- Analytics cookies: to understand how visitors interact with our site. You can opt out at any time.
6. Third-Party Processors
We share data with the following processors, each bound by data processing agreements:
- Stripe -- payment processing (PCI DSS compliant).
- Resend -- transactional email delivery.
- Railway -- application hosting and infrastructure.
- AWS (Amazon Web Services) -- cloud infrastructure, file storage (S3), and database hosting.
7. Data Retention
We retain your data according to these periods:
- Account data: retained while your account is active, deleted within 30 days of account deletion request.
- Payment records: retained for 7 years to comply with tax and accounting regulations.
- Usage analytics: aggregated and anonymized after 26 months.
- Support correspondence: retained for 2 years after last interaction.
8. Your Rights (GDPR)
Under GDPR and applicable data protection laws, you have the right to:
- Access: request a copy of all personal data we hold about you.
- Rectification: correct any inaccurate or incomplete data.
- Erasure: request deletion of your personal data ("right to be forgotten").
- Portability: receive your data in a structured, machine-readable format (JSON export).
- Restriction: limit how we process your data in certain circumstances.
- Objection: object to processing based on legitimate interest or direct marketing.
To exercise any of these rights, use the data export/deletion tools in your account Settings, or email support@cloudrix.io. We respond to all requests within 30 days.
9. Data Security
We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, secure password hashing (bcrypt), and regular security audits. Access to personal data is restricted to authorized personnel only.
10. Contact
For privacy inquiries, data requests, or complaints, email support@cloudrix.io. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.