Privacy Policy

Scope: Marketing Site and Support Portal

This Privacy Policy covers two distinct properties operated by Cloud Sentry, which collect and process information for different purposes:

• Marketing Site (cloudsentry.com): our public website, used to publish information about Cloud Sentry, receive inbound inquiries, and present resources such as blog posts, case studies, and policy documents. The Marketing Site does not require sign-in.
• Knowledge Base (help.cloudsentry.com): our public help center, where we publish self-service support articles. The Knowledge Base does not require sign-in.
• Support Portal (support.cloudsentry.com): the customer portal where Cloud Sentry customers and their authorized contacts submit support requests, track ticket status, approve access requests, and access policies and standard operating procedures we maintain on their behalf. The Support Portal supports both unauthenticated request submission and optional sign-in; certain workflows require sign-in.

Sections below note where a particular practice applies only to the Marketing Site, only to the Support Portal, or to both.

Information We Collect

From both properties. We may collect personal information that you voluntarily provide to us when you express interest in our services, request a consultation, subscribe to our newsletter, submit a support request, or otherwise contact us. This information may include:

• Name, email address, phone number, and company name
• Job title and professional role
• Billing and payment information when purchasing services
• Information about your IT environment relevant to the services we provide
• Communications you send to us, including support requests, attachments, and feedback

From the Support Portal (authenticated sessions). When you sign in to the Support Portal, we collect and store the limited identity attributes required to authenticate you and to associate your activity with your organization. These attributes vary by sign-in method:

• Single sign-on via Google or Microsoft (OIDC). We request only your name, email address, and the identity provider you used. We do not request access to your mailbox, calendar, files, or any other resource in your Google Workspace or Microsoft 365 tenant.
• One-time email link (magic link). We collect the email address you entered to request the link and use it solely to deliver a single-use, time-limited sign-in link.

After sign-in we maintain a session cookie on your device that identifies your authenticated session. The cookie is signed with a server-held secret and carries an idle timeout and an absolute lifetime. See the Cookie Policy for details.

From the Marketing Site (visitor analytics). We also automatically collect certain technical information when you visit our public website, including your IP address, browser type, operating system, referring URLs, pages viewed, and the dates and times of your visits. This information is collected through cookies and similar tracking technologies as described in our Cookie Policy.

Operational logs from infrastructure providers. Both properties are hosted on Cloudflare. Cloudflare receives and processes request data (IP address, user agent, request path, response status, timing) as part of serving and protecting our sites. Application logs we generate may also include the email address associated with an authenticated session, the ClickUp task identifier of a support request, or similar identifiers; we use these logs for security, observability, and incident response.

How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our managed IT, security, cloud operations, and compliance services
• To operate, monitor, and secure the Marketing Site and the Support Portal, including authenticating users, routing support requests, and delivering notifications
• To respond to your inquiries and fulfill your requests for information or consultations
• To send administrative information, such as service updates, security alerts, ticket notifications, and support messages
• To send marketing communications about our services, where permitted by law and with your consent where required
• To analyze website usage and improve the user experience
• To detect, prevent, and address technical issues and security threats, including by retaining short-term operational logs
• To comply with legal obligations and enforce our terms of service

Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers and Sub-processors: We share information with the third-party processors listed in the Sub-processors section below, each of which is contractually obligated to handle your data only on our instructions and to maintain appropriate safeguards.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Protection of Rights: We may disclose information to protect the rights, property, or safety of Cloud Sentry, our clients, or others.

Sub-processors

The following third-party processors handle data on our behalf to operate the Marketing Site, the Support Portal, or both. Each link points to the provider's published security or trust information; we encourage you to review their certifications and practices directly.

• Cloudflare, Inc. Hosting, edge compute, DNS, DDoS protection, key-value and object storage, and serverless database for both the Marketing Site and the Support Portal. See the Cloudflare Trust Hub.
• Resend, Inc. Transactional email delivery for Support Portal notifications such as request confirmations, status updates, and approver links. See the Resend security page.
• ClickUp, Inc. (Mango Technologies, Inc.) Workflow, ticket, and customer-record system of record for the Support Portal. Information you submit through the Support Portal is written into ClickUp tasks; we read from ClickUp to render ticket status and history back to you. See the ClickUp security page.
• Google LLC (only if you choose Google single sign-on on the Support Portal). Google authenticates you and returns the limited identity attributes described above. See Google Safety.
• Microsoft Corporation (only if you choose Microsoft single sign-on on the Support Portal). Microsoft authenticates you and returns the limited identity attributes described above. See the Microsoft Trust Center.

We review this list when we add or change a sub-processor and update this Privacy Policy accordingly.

Data Security

We implement administrative, technical, and physical security measures to protect your personal information. Measures specific to the Marketing Site and Support Portal include:

• Encryption in transit. All traffic to both properties is served over HTTPS, terminated at the Cloudflare edge.
• Encryption at rest. Data we store in Cloudflare-managed services (key-value namespaces, the serverless database, and object storage) is encrypted at rest by the platform.
• Signed session and link credentials. Authenticated sessions on the Support Portal are carried by cookies that are signed with a server-held secret and that enforce an idle timeout and an absolute lifetime. Special links such as approver-decision links are likewise signed and time-limited, are scoped to a single recipient and request, and become invalid once the decision is recorded.
• Access controls. Operator access to the Support Portal is gated by a server-side role assignment and by single sign-on with a trusted identity provider.
• Operational monitoring. We retain short-term application and platform logs to detect, triage, and respond to security events.

No method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including:

• The right to access the personal information we hold about you
• The right to request correction of inaccurate or incomplete information
• The right to request deletion of your personal information, subject to legal retention requirements
• The right to opt out of marketing communications at any time
• The right to restrict or object to certain processing of your data

To exercise any of these rights, please contact us using the information provided below.

Cookies

Both the Marketing Site and the Support Portal use cookies and similar technologies. On the Marketing Site we use them to enhance your browsing experience, analyze site traffic, and understand where our visitors come from. On the Support Portal we additionally set an authentication cookie when you sign in. The Marketing Site and Support Portal cookies are set on different hosts and are not shared between them. For details on each cookie, including the Support Portal session cookie's attributes and lifetime, please refer to our Cookie Policy.

Data Retention

We retain personal information for as long as needed to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention practices include:

• Support requests and ticket history. Information you submit through the Support Portal is written into a ClickUp task that serves as our system of record for that request. The Support Portal renders this information back to authorized users but is not itself the long-term store; deletion or modification at the system of record propagates to the Support Portal on its next read.
• Authenticated session data. Session cookies expire on idle and have an absolute maximum lifetime; sign-in links expire after a short, fixed window.
• Operational logs. Platform and application logs used for security and observability are retained on a short-term rolling basis, subject to the retention windows configured at the platform layer.

Specific retention periods are available on request through the contact channel below.

Third-Party Services

Our website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our website.

Children's Privacy

Our services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will post the revised policy on this page and update the "Last updated" date. We encourage you to review this policy periodically. Your continued use of our website and services after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: