Summary: We collect the minimum data necessary to run our service, never sell your personal data, and comply with GDPR, CCPA, and other applicable privacy regulations. Contact us at privacy@datacloud.sh with any questions.

1. Who We Are

DataCloud.sh Inc. operates a suite of web scraping and data extraction APIs, including our Amazon Scraper API, Hotel Data API, SERP API, and other data services available at datacloud.sh and app.datacloud.sh. We are the data controller for personal information collected through our website and the data processor for data you send through our APIs on behalf of your end users.

If you have questions about this policy, contact us at: privacy@datacloud.sh

2. Information We Collect

2.1 Account and Registration Data

When you create a DataCloud.sh account, we collect:

Full name and email address
Company name and website (optional)
Password (stored as a cryptographic hash — never in plain text)
Billing name and address (for invoicing purposes)

2.2 Payment Data

All payment processing is handled by Stripe, Inc. We never store your raw card number, CVC, or full bank account details on our servers. We receive and store a Stripe customer ID, the last four digits of your card, card brand, and billing address for invoicing.

2.3 API Usage Data

When you make requests to our APIs, our systems automatically log:

API key identifier (not the full secret key)
Endpoint called and request parameters
Response status, credits consumed, and latency
Originating IP address and timestamp
User-Agent header of your HTTP client

We use this data to compute your usage, enforce rate limits, detect abuse, and debug issues you report. We do not log the full content of target URLs you scrape beyond what is required for billing and abuse prevention.

2.4 Website Analytics

On our marketing website we use privacy-respecting analytics to understand traffic sources and popular pages. These tools may collect your browser type, operating system, referring URL, pages visited, and approximate geographic region (country/city level). We do not track individuals across unrelated websites.

2.5 Communications

If you contact us via email or our support system, we retain the conversation to resolve your issue and improve our service quality.

3. How We Use Your Information

Service delivery: provisioning your API keys, processing requests, computing credit balances, and delivering query results.
Billing and invoicing: generating invoices, processing subscription payments, and handling refunds.
Security and abuse prevention: detecting fraudulent activity, enforcing rate limits, investigating policy violations.
Product improvement: aggregated, anonymized analysis of API usage patterns to prioritize features.
Legal compliance: meeting our obligations under applicable laws and responding to lawful government requests.
Transactional communications: sending you receipts, alerts about your usage approaching limits, security notices, and policy updates. You cannot opt out of these messages while you hold an active account.
Marketing communications: with your consent (or where we have a legitimate interest), sending product updates and announcements. You may unsubscribe at any time using the link in any email.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under one or more of the following legal bases:

Contract performance: processing necessary to deliver the services you signed up for.
Legitimate interests: fraud prevention, security monitoring, analytics, and product improvement — where these interests are not overridden by your rights.
Legal obligation: compliance with applicable law.
Consent: marketing emails and non-essential cookies, where we ask for your agreement separately.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share information only in the following circumstances:

Infrastructure and hosting: Amazon Web Services (AWS) hosts our API infrastructure and stores encrypted data at rest. AWS is bound by a data processing addendum with us.
Payment processing: Stripe, Inc. processes all payment transactions.
Email delivery: transactional emails are sent via a third-party email service provider (e.g., Postmark or SendGrid).
Analytics: aggregated, anonymized website analytics may be processed by a third-party analytics provider.
Legal requirements: we may disclose information if required to comply with a court order, subpoena, or other valid legal process, or to protect the rights, property, or safety of DataCloud.sh, our users, or the public.
Business transfers: in the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred. We will notify you of any such change in control.

6. Data Retention

We retain your account data for as long as your account is active, plus an additional period required for legal, tax, and accounting purposes (typically 7 years for financial records). API request logs are retained for 12 months by default for debugging and billing verification, after which they are purged or anonymized. You may request earlier deletion of your personal data (see Section 8).

7. International Data Transfers

DataCloud.sh is incorporated in the United States. If you are accessing our services from outside the US, your data will be transferred to and processed in the United States. For transfers of personal data from the European Economic Area or United Kingdom, we rely on the EU Standard Contractual Clauses as an appropriate safeguard. You may request a copy of our transfer mechanism documentation at privacy@datacloud.sh.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Rectification: correct inaccurate or incomplete information.
Erasure ("right to be forgotten"): request deletion of your personal data, subject to our legal retention obligations.
Portability: receive your data in a structured, machine-readable format.
Restriction: ask us to pause processing of your data in certain circumstances.
Objection: object to processing based on legitimate interests, including direct marketing.
Opt-out of sale (CCPA): California residents — we do not sell personal information. You may still exercise this right by contacting us.

To exercise any of these rights, email privacy@datacloud.sh. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (e.g., your country's data protection authority).

9. Security

We apply industry-standard security measures including TLS encryption for data in transit, AES-256 encryption for data at rest, role-based access controls, regular security audits, and automated monitoring for anomalous access patterns. Despite these measures, no system is perfectly secure; we encourage you to use a strong, unique password and enable two-factor authentication on your account.

10. Cookies

We use cookies and similar tracking technologies on our website. Please see our Cookie Policy for full details on what we use and how to manage your preferences.

11. Children's Privacy

Our services are intended for users who are at least 18 years old (or the age of majority in their jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact us at privacy@datacloud.sh and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where required, notify you by email. Continued use of our services after the effective date of an updated policy constitutes your acceptance of the changes.

13. Contact Us

For privacy-related questions, rights requests, or data breach reports, contact our privacy team at:

Email: privacy@datacloud.sh
General: support@datacloud.sh