Personal Data Protection Notice

VukCloud (referred to as "we") treats privacy protection as an integral part of our product. This policy explains the scope of personal data processing, its purposes, and retention rules.

By continuing to use the website, console, or API, you confirm that you have read and agreed to this policy. If you do not agree, please stop using the service. This policy and the User Service Agreement are complementary and apply together.

Information You Actively Provide

• Account details: Email address, optional name, password stored as a hash
• Payment records: Card numbers are handled by licensed payment processors; we only store transaction outcomes, amounts, dates, and masked billing fields
• Support content: Issue descriptions, attachments, and correspondence in tickets and emails
• Order parameters: Hardware configuration, data center node, billing cycle

System-Generated Records

• Access logs: IP address, HTTP metadata, timestamps, referrer, browser, and OS information
• Device identifiers: Device type and client identifiers (SSAID) we issue, used for risk control and anomaly detection
• Usage data: Login times, feature clicks, console activity logs, bandwidth and compute consumption statistics
• Cookies / Local storage: Used to maintain login sessions, remember language preferences, etc. (see Section 6 for details)

Data collected is used for the following purposes:

• Delivery & Operations: Creating accounts, activating instances, processing payments and renewals
• Identity & Risk Control: Verifying login identity, detecting abuse, blocking unauthorized access
• Customer Support: Responding to ticket requests and helping troubleshoot issues
• Experience Improvement: Analyzing usage patterns in aggregated or anonymized form to optimize performance and develop new features
• Transactional Notifications: Sending billing, expiry reminders, maintenance announcements, and security notification emails
• Product Updates: Sending product-related updates or offers until you opt out
• Compliance: Cooperating with law enforcement, meeting regulatory requirements, and protecting the platform's legal interests
• Technical Research: Using anonymized technical logs for system stability analysis and optimization

We do not sell your personal information. We only disclose it to third parties in the following circumstances:

Service Processors & Infrastructure Partners

To complete necessary functions like payment, email delivery, and network access, we share the minimum required fields with:

• Payment gateway (subject to its own privacy policy)
• Email delivery service (for verification codes and notifications)
• Self-hosted Matomo analytics (data stored on our own servers)
• Data center and bandwidth providers

We enter into data processing agreements with these parties, limiting the purpose of use and requiring equivalent security standards.

Legal Requirements

We may disclose necessary information when required by law, court order, or government directive, or when necessary to protect the legitimate rights and interests of us and our users.

Mergers & Restructuring

In the event of a merger, acquisition, asset sale, or bankruptcy, user information may be transferred as part of the assets. We will provide advance notice and require the successor to provide equivalent protection.

With Your Consent

We will only share your information with third parties outside the scope of this policy after obtaining your separate consent.

• Account fields: Retained during account lifetime and for a reasonable period after cancellation, up to approximately 12 months to meet audit requirements
• Financial records: Invoices and payment proof are retained for at least 7 years as required by law
• Access logs: Typically retained for approximately 90 days for security audits and troubleshooting
• Tickets: Retained during the account lifetime and for 12 months after cancellation
• Instance disk: Permanently deleted within 72 hours of service termination

If law requires a longer retention period, that requirement takes precedence.

We follow industry-standard security practices, including but not limited to:

• Encryption in transit: TLS 1.2 and above
• Password storage: Strong hashing algorithms such as bcrypt — original passwords are irreversible
• Internal access: Employees follow the principle of least privilege; all sensitive actions are logged
• Physical security: 7×24 access control and video surveillance at data centers
• Security operations: Regular internal reviews and vulnerability scans

We currently use the following types of technical identifiers:

You may disable cookies in your browser settings. However, disabling essential cookies may prevent the console and checkout from functioning correctly.

Please submit a request via ticket — we will respond within approximately 30 days:

• Right of Access: Obtain a copy of the personal information we hold about you
• Right of Correction: Request corrections to inaccurate information (basic fields can also be self-updated in the console)
• Right of Deletion: Request data deletion after account cancellation, excluding transaction records required by law
• Marketing Opt-Out: Unsubscribe from promotional communications via the link in email footers; billing and security notices are not affected
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing conducted prior to withdrawal

While your account is active and services are within their contracted period, some deletion requests may be deferred to balance service delivery and statutory retention obligations.

This service is intended for individuals 18 years of age and older. We do not knowingly collect information from minors. If you are a guardian and believe a minor has submitted personal information without authorization, please contact us via ticket and we will delete it promptly.

We operate data centers in Hong Kong, Japan, Korea, the US, and other locations. Your data may be stored or processed outside your country of residence. Privacy laws vary by jurisdiction.

To manage cross-border transfer risks, we enter into data processing agreements with recipients, apply standard encryption and access controls, and comply with applicable cross-border data transfer rules.

This site may contain links to third-party websites. We have no control over their content, privacy practices, or security measures, and accept no responsibility for them. Please read their privacy statements before visiting.

We may revise this policy from time to time. Revised versions will be published on this page with an updated date at the top.

If changes materially affect how your data is used or shared, we will notify you in advance via your registered email or an in-platform message. Continued use of the service after a policy update constitutes acceptance of the revised terms. If you do not agree, please stop using the service and cancel your account.

For personal assistance, reach us through any of the following channels: