Privacy Policy

Privacy Policy

Effective Date: September 24, 2025

1. Introduction

Welcome to CloudBuildTech. This Privacy Policy explains how CloudBuildTech (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal data when you visit our website at www.CloudBuildTech.com (the “Website”) or engage with our services. We provide AWS setup and maintenance, CI/CD DevOps maintenance, and web design and maintenance services tailored for Small & Medium-Sized SaaS Startups.

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, as well as other applicable data protection laws. This policy applies to personal data of individuals in the European Union (EU) and European Economic Area (EEA), and we process such data in accordance with GDPR principles where applicable.

CloudBuildTech is the data controller responsible for your personal data. Our contact details are:

  • Business Name: CloudBuildTech
  • Address: Project 6, Quezon City, Philippines
  • Email: [email protected]

If you have any questions about this Privacy Policy or our data practices, please contact us using the details above.

2. Personal Data We Collect

We collect personal data that you provide to us directly, as well as data collected automatically through your use of the Website. The types of personal data we may collect include:

  • Contact Information: Such as your name, email address, phone number, company name, and postal address, when you fill out contact forms, request quotes, subscribe to newsletters, or inquire about our services.
  • Service-Related Information: Details about your business needs, such as technical specifications for AWS setup, DevOps requirements, or web design preferences, which may include personal data if you provide it.
  • Payment Information: Billing details, including credit card information or bank details, processed through secure third-party payment gateways (we do not store payment card details directly).
  • Usage Data: Automatically collected information, such as IP address, browser type, device information, pages visited, time spent on pages, and referral sources, via cookies and similar technologies (see Section 10 for details).
  • Communication Data: Records of correspondence, such as emails or chat logs, when you contact us.
  • Marketing Data: Preferences for receiving marketing communications.

We do not collect special categories of personal data (e.g., data revealing racial or ethnic origin, political opinions, religious beliefs, health data) unless it is strictly necessary for providing our services and you have provided explicit consent.

3. How We Collect Your Personal Data

  • Directly from You: When you submit forms on the Website, sign up for services, or communicate with us.
  • Automatically: Through cookies, web beacons, and analytics tools (e.g., Google Analytics) that track your interactions with the Website.
  • From Third Parties: Such as business partners, analytics providers, or payment processors, where you have authorized the sharing of data.

4. Purposes for Processing Your Personal Data

We process your personal data for the following purposes:

  • To provide and manage our services, including AWS setup, CI/CD DevOps maintenance, and web design/maintenance.
  • To respond to inquiries, process orders, and fulfill contracts.
  • To send administrative communications, such as service updates or billing information.
  • To improve the Website and our services through analytics and user feedback.
  • To send marketing communications about our services (with your consent, where required).
  • To comply with legal obligations, such as tax reporting or anti-fraud measures.
  • To protect our rights, property, or safety, and that of our users or others.

5. Legal Basis for Processing

Under GDPR, we rely on the following legal bases for processing your personal data:

  • Performance of a Contract: When processing is necessary to provide our services to you (e.g., setting up AWS environments based on your instructions).
  • Consent: For marketing communications, certain cookies, or where you voluntarily provide data (you can withdraw consent at any time).
  • Legitimate Interests: For Website analytics, fraud prevention, and improving our services, where our interests are not overridden by your rights.
  • Legal Obligation: To comply with applicable laws, such as financial regulations.
  • Vital Interests: In rare cases, to protect someone’s life.

We will only process your data for the specified purposes and will inform you if we intend to use it for new purposes.

6. Sharing Your Personal Data

We may share your personal data with:

  • Service Providers: Third-party vendors who assist us, such as cloud hosting providers (e.g., AWS), payment processors (e.g., Stripe or PayPal), analytics tools (e.g., Google Analytics), and email service providers (e.g., Mailchimp). These providers are bound by data processing agreements to ensure GDPR compliance.
  • Business Partners: If necessary for collaborative services, with your consent.
  • Legal Authorities: If required by law, court order, or to enforce our rights.
  • Successors: In the event of a merger, acquisition, or sale of assets.

We do not sell your personal data to third parties.

7. International Data Transfers

CloudBuildTech is based in the Philippines, which is outside the EU/EEA and does not have an adequacy decision from the European Commission. When transferring personal data from the EU/EEA to the Philippines or other non-adequate countries, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules (where applicable).
  • Other mechanisms ensuring an equivalent level of protection.

We ensure that any international transfers comply with GDPR Chapter V requirements.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Contact and service data: For the duration of our business relationship plus 6 years for legal and accounting purposes.
  • Marketing data: Until you withdraw consent or unsubscribe.
  • Usage data: Up to 2 years for analytics.
  • Payment data: As required by financial regulations (typically 7 years).

After the retention period, we securely delete or anonymize the data. If you request deletion earlier, we will comply unless retention is required by law.

9. Your Data Protection Rights

Under GDPR, EU/EEA residents have the following rights regarding their personal data:

  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): Request deletion where there is no compelling reason for continued processing.
  • Restriction: Limit processing in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: At any time, without affecting prior processing.
  • Automated Decision-Making: Not to be subject to decisions based solely on automated processing (we do not engage in this).

To exercise these rights, contact us at [email protected]. We will respond within one month (extendable by two months for complex requests). You also have the right to lodge a complaint with your local supervisory authority (e.g., the data protection authority in your EU country).

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. Categories include:

  • Essential Cookies: Necessary for Website functionality (no consent required).
  • Analytics Cookies: To track usage (e.g., Google Analytics; based on legitimate interests).
  • Marketing Cookies: For targeted ads (with your consent).

You can manage cookie preferences via our cookie banner or browser settings. For more details, see our Cookie Policy (linked on the Website). Note that disabling cookies may affect Website functionality.

11. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (e.g., HTTPS) and at rest.
  • Access controls and regular security audits.
  • Firewalls and intrusion detection systems.
  • Employee training on data protection.

Despite these measures, no system is completely secure. In the event of a data breach, we will notify affected individuals and authorities as required by GDPR (within 72 hours where feasible).

12. Children’s Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a prominent notice on the Website. The updated policy will be effective from the date posted, and continued use of the Website constitutes acceptance.

14. Contact Us

For any questions, requests, or complaints, please contact:

CloudBuildTech
Project 6, Quezon City, Philippines
Email: [email protected]

This Privacy Policy was last updated on September 24, 2025.