Privacy Policy

Introduction

Cloudpen ("we", "our", or "us") operates the cloudpen.dev platform and related services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

By using Cloudpen, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please discontinue use of our services.

Summary: We collect only what we need to provide the service, we never sell your data, and you can request deletion of your account and data at any time.

Information we collect

Account information

When you create a Cloudpen account, we collect:

Email address — used for authentication, billing communications, and important service notices.
Username — your public-facing identifier on the platform.
Password — stored as a one-way hash; we never store or transmit plaintext passwords.
Profile information — optional display name and avatar.
Payment information — handled entirely by our payment processor (Stripe). We store only a non-sensitive payment token and the last four digits of your card for display purposes.

Usage data

As you use the platform, we automatically record:

Project and file activity — files created, edited, deleted; deployments triggered.
Editor events — language used, features accessed (used to improve the product, not for advertising).
Log data — IP address, browser type, operating system, pages visited, timestamps, and referring URL.
Device data — screen resolution and device type (desktop, mobile, tablet).
Error reports — crash logs and console errors to help us fix bugs.

User content

We store all code files, project data, and deployment assets you create or upload. This content remains yours. We access it only to provide the service and never use it to train AI models or for any commercial purpose beyond the core service.

Third-party integrations

When you connect a third-party account such as GitHub, we receive:

Your GitHub username and email address.
A scoped OAuth token allowing us to read (and optionally write) repositories you explicitly authorize.
Repository metadata — names, descriptions, default branches.

We never access repositories you have not explicitly connected to a Cloudpen project.

How we use your information

We use the data we collect to:

Provide the serviceRun the editor, execute code, store files, and serve deployments.

AuthenticationVerify your identity and protect your account.

BillingProcess payments, issue invoices, and manage plan limits.

CommunicationsSend transactional emails (password reset, payment receipts, deployment alerts). Marketing emails require explicit opt-in.

Product improvementAnalyse aggregate, anonymised usage patterns to improve features.

SecurityDetect and prevent abuse, fraud, and unauthorised access.

Legal complianceMeet our obligations under applicable law.

We do not sell, rent, or broker your personal data to third parties. We do not use your code or project content to train AI or machine learning models.

Sharing & disclosure

We share your data with third parties only in the following circumstances:

Cookies

We use cookies and similar tracking technologies. See our Cookie Policy for full details on what we set, why, and how to control them.

Data retention

Account dataRetained for the lifetime of your account plus 30 days after deletion to allow recovery.

Project & file contentDeleted immediately upon project deletion; account deletion purges all projects within 30 days.

Payment recordsRetained for 7 years to comply with financial regulations.

Log dataRetained for 90 days for security and debugging purposes.

Anonymised analyticsMay be retained indefinitely as they cannot be linked to any individual.

Security

All data in transit is encrypted using TLS 1.2 or higher.
Data at rest is encrypted using AES-256.
Passwords are hashed using bcrypt with a work factor of 12.
Access to production systems requires multi-factor authentication.
We conduct regular security reviews and dependency audits.
Deployments are served over HTTPS with automatically renewed SSL certificates.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to using commercially reasonable means to protect your data.

Your rights

AccessRequest a copy of the personal data we hold about you.

CorrectionRequest correction of inaccurate or incomplete data.

DeletionRequest deletion of your account and personal data.

PortabilityRequest an export of your data in a machine-readable format.

RestrictionRequest that we limit processing of your data in certain circumstances.

ObjectionObject to processing based on legitimate interests.

Withdrawal of consentWithdraw consent for any processing based on consent (e.g. marketing emails).

To exercise any of these rights, contact us at privacy@cloudpen.dev. We will respond within 30 days.

Children's privacy

Cloudpen is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such information, please contact us at privacy@cloudpen.dev.

International transfers

Cloudpen operates globally. Your data may be transferred to countries other than your own. Where we transfer data from the EEA or UK, we use appropriate safeguards such as Standard Contractual Clauses.

Changes to this policy

When we make material changes, we will notify you by email and with a prominent in-app notice at least 14 days before the change takes effect. Continued use of Cloudpen after an update constitutes acceptance of the revised policy.

Contact us

Privacy emailprivacy@cloudpen.dev

Legal emaillegal@cloudpen.dev

Websitehttps://cloudpen.dev

If you are in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.