Privacy Policy

1. Who we are

CloudGPU operates the website and platform at cloudgpu.app. This Privacy Policy explains what personal information we collect, why, who we share it with, how long we keep it, and what rights you have. For privacy questions, contact support@cloudgpu.app.

2. What we collect

• Account information: email address, username, hashed password.
• Verification: a one-time email verification code, sent at registration.
• Billing information: wallet balance, top-up history, instance billing records. We do not store full credit-card numbers; payment details are handled by our payment processor.
• Usage data: instance creation/destruction events, GPU model + region, hourly cost, template choice, basic timing metrics.
• Technical data: client IP address, browser user agent, request timestamps. IP addresses are kept in server logs for security and abuse investigation.

What we do NOT collect: the contents of your GPU instances, the prompts you send to your own deployed AI models, the files you upload or generate inside an instance. The instance is yours; we cannot see inside it during normal operation.

3. How we use your data

• To provide and operate the Service (provision instances, route traffic, calculate billing).
• To send transactional notifications (email verification, password reset, low-balance alerts, security notices).
• To detect and prevent fraud, abuse and acceptable-use violations.
• To comply with legal obligations (tax, audit, lawful requests from authorities).
• To improve the Service (aggregated usage metrics, feature usage analytics).

We do not sell your personal data, ever. We do not use your data to train AI models. We do not show third-party advertising on the Service.

4. Subprocessors & third parties

To run the Service we share limited data with the following processors:

• 共绩算力 (Gongjiyun) — physical GPU compute supplier. Receives instance creation requests (template image, GPU model, region) but does not receive your CloudGPU account email or billing information.
• Cloudflare — DNS, CDN, DDoS protection, and TLS termination for cloudgpu.app. Receives all incoming HTTP requests including IP, user-agent, request URL.
• Resend (or equivalent) — transactional email delivery for verification codes and account notices. Receives recipient email address and message body.
• Tencent Cloud — virtual machine hosting for the CloudGPU control plane (Hong Kong region).
• Payment processor — when payment integration goes live, the chosen processor (Stripe, Lemon Squeezy, or similar) will receive billing details. We will update this list before any payment integration is enabled.

Each subprocessor has its own privacy policy governing how they handle data.

5. Where your data is stored

The CloudGPU control plane (account database, billing records, application logs) runs on a Tencent Cloud server in Hong Kong. GPU instances themselves run in supplier data centres located in mainland China and Hong Kong; the specific region depends on which template and GPU you choose, and is shown in your dashboard.

By using the Service you acknowledge that your data may be processed in jurisdictions with different data-protection laws than your own. We will only transfer or process personal data where there is a lawful basis to do so.

6. Data retention

• Account data: retained for the lifetime of your account, plus 30 days after deletion.
• Billing records: retained for 7 years for tax and audit compliance.
• Server logs (IP, request URL): retained for 30 days for security investigation, then deleted or anonymised.
• Instance contents (your data inside a GPU instance): not retained by us. Permanently deleted by the supplier when the instance is destroyed.

7. Your rights

Depending on the laws of your jurisdiction (GDPR, CCPA, PIPL, etc.), you may have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to fix incorrect data.
• Deletion — ask us to delete your data, subject to retention requirements above.
• Portability — request your data in a machine-readable format.
• Objection — object to certain processing.
• Withdraw consent — for any processing that relies on consent.

To exercise any of these rights, email support@cloudgpu.app. We will respond within 30 days. We may need to verify your identity before acting on a request.

8. Cookies

The Service uses essential cookies and local storage to keep you logged in (a session token) and to remember UI preferences (theme, dismissed banners). We do not use third-party advertising or analytics cookies. You can clear these at any time from your browser settings; doing so will log you out.

9. Children

CloudGPU is not directed at children under 18 (or the age of majority in your jurisdiction) and we do not knowingly collect data from them. If you believe a child has registered, contact us and we will delete the account.

10. Security

We take reasonable technical and organisational measures to protect your data: encrypted transport (HTTPS only), hashed passwords (bcrypt), restricted server access (SSH key only), private subnets for the database. No system is perfectly secure, however, and you remain responsible for keeping your account credentials safe.

11. Changes to this policy

We may update this Privacy Policy as the Service evolves. The "Last updated" date at the top of this page indicates when the most recent change was made. Material changes will be announced by email to registered users.

12. Contact

For privacy-related questions, requests, or complaints, email support@cloudgpu.app.