Privacy Policy

Quazzar Cloud ("we," "us," or "our") operates the Quazzar Cloud platform, which consists of two distinct components: 1. Quazzar Cloud OS — a self-hosted cloud operating system that you install and run on your own servers. When you use Cloud OS in self-hosted mode, your data remains entirely on your hardware. Quazzar Cloud does not have access to, collect, or process any data stored within your self-hosted Cloud OS instances. 2. Quazzar Cloud Control Center (cp.quazzar.cloud) — a centralized cloud service operated by Quazzar Cloud that enables fleet management of multiple Cloud OS instances. The Control Center is a cloud-hosted service, and we collect and process certain information as described in this policy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (quazzar.cloud), use the Control Center, or interact with our services. By using our services, you consent to the practices described in this policy.

We collect information depending on how you interact with our services: Account Information: When you register for the Control Center or a paid plan, we collect your name, email address, organization name, and password (stored in hashed form). Billing Information: When you subscribe to a paid plan (Cloud Pro, Cloud Business, or Enterprise), we collect billing details such as your payment method, billing address, and transaction history. Payment card details are processed and stored exclusively by Stripe, our payment processor. We do not store your full credit card number. Server Metadata: When you connect Cloud OS instances to the Control Center, we collect server metadata including hostnames, IP addresses, operating system versions, Cloud OS version numbers, resource utilization summaries (CPU, memory, disk), and connection status. This metadata is necessary to provide fleet management functionality. Usage Analytics: We collect aggregated, non-personally-identifiable usage data about how you interact with the Control Center, including feature usage patterns, page views, and session duration. Communications: When you contact us via [email protected] or through our contact form, we retain the content of your messages, your email address, and any attachments you provide. Log Data: Our servers automatically record information including your IP address, browser type, operating system, referring URLs, pages visited, and timestamps.

We use the information we collect for the following purposes: - To provide, operate, and maintain the Control Center and related services - To process transactions and manage your subscription billing through Stripe - To send you transactional communications such as account confirmations, billing receipts, security alerts, and service updates - To provide customer support and respond to your inquiries - To monitor and analyze usage trends to improve our services - To detect, prevent, and address technical issues, fraud, or security incidents - To enforce our Terms of Service and protect the rights, property, and safety of Quazzar Cloud, our users, and the public - To comply with legal obligations and respond to lawful requests from public authorities

Quazzar Cloud OS is designed with privacy as a core principle. When you install and run Cloud OS on your own servers: - All application data, configurations, databases, files, backups, and logs remain exclusively on your hardware. - Quazzar Cloud has no access to, and does not collect, store, or process, any data residing within your self-hosted Cloud OS instances. - Docker containers, app templates, AI Hub models (Ollama), VPN configurations (WireGuard), SSL/TLS certificates, and all other workloads run entirely on your infrastructure. - You are the sole data controller for all information processed by your self-hosted Cloud OS installation. - We do not embed telemetry, analytics, or phone-home mechanisms in the self-hosted Cloud OS software. If you choose to connect your Cloud OS instance to the Control Center, only the server metadata described in the "Information We Collect" section is transmitted. Your application-level data, user files, database contents, and container payloads are never sent to the Control Center.

The Control Center (cp.quazzar.cloud) is a cloud service operated by Quazzar Cloud. When you use the Control Center, we act as both data controller and data processor for the following: - Account credentials and profile information - Fleet management data including server inventories, cluster configurations, and provisioning records - Multi-tenancy configurations and tenant metadata - Billing and licensing records, subscription status, and payment history - Managed hosting provisioning details for integrated cloud providers (e.g., Hetzner, DigitalOcean) - Audit logs of administrative actions performed through the Control Center - API access logs and GraphQL query metadata All Control Center data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorized personnel using multi-factor authentication.

We implement industry-standard technical and organizational measures to protect your information: - All data transmitted between your browser and our services is encrypted using TLS 1.2 or higher. - Data at rest in the Control Center is encrypted using AES-256 encryption. - Passwords are hashed using bcrypt with appropriate cost factors. - We conduct regular security assessments and vulnerability scanning of our infrastructure. - Access to production systems is limited to authorized personnel and protected by multi-factor authentication. - We maintain detailed audit logs of administrative access to our systems. While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users in the event of a data breach in accordance with applicable law.

We retain your personal information for as long as necessary to fulfill the purposes described in this policy: - Account information is retained for the duration of your account and for 30 days following account deletion to allow for recovery. - Billing and transaction records are retained for 7 years to comply with tax and accounting regulations. - Server metadata from the Control Center is retained for the duration of your subscription and deleted within 90 days of subscription termination. - Support communications are retained for 3 years from the date of resolution. - Log data is retained for 12 months and then automatically purged. You may request earlier deletion of your data by contacting us at [email protected], subject to our legal obligations to retain certain records.

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances: Service Providers: We share information with trusted third-party service providers who assist us in operating our business, including Stripe (payment processing), cloud infrastructure providers (hosting), and email delivery services. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf. Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others. Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy. With Your Consent: We may share your information for any other purpose with your explicit consent.

Our website and the Control Center use cookies and similar technologies: Essential Cookies: Required for the operation of our services, including session management, authentication, and security. These cannot be disabled. Analytics Cookies: We use privacy-focused analytics to understand how visitors interact with our website. We do not use Google Analytics. Analytics data is aggregated and does not identify individual users. Preference Cookies: Used to remember your settings and preferences, such as theme selection and language. We do not use third-party advertising cookies or cross-site tracking technologies. You can control cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of our services.

Our services integrate with or rely on the following third-party services: - Stripe (https://stripe.com/privacy) — Payment processing for subscriptions - Hetzner and DigitalOcean — Managed hosting provisioning (only when you opt in to managed hosting features) - Let's Encrypt — SSL/TLS certificate issuance for self-hosted instances Each third-party service operates under its own privacy policy. We encourage you to review their respective policies. We select third-party partners that demonstrate strong data protection practices and, where applicable, maintain SOC 2, ISO 27001, or equivalent certifications.

Depending on your jurisdiction, you may have the following rights regarding your personal information: Access: You may request a copy of the personal information we hold about you. Correction: You may request that we correct inaccurate or incomplete information. Deletion: You may request that we delete your personal information, subject to certain legal exceptions. Portability: You may request a copy of your data in a structured, commonly used, machine-readable format. Restriction: You may request that we restrict the processing of your personal information under certain circumstances. Objection: You may object to the processing of your personal information for certain purposes. Withdrawal of Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing. For Canadian residents: You have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Protection Act (PIPA BC). For EU/EEA residents: You have rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority. For California residents: You have rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us at [email protected].

Quazzar Cloud is based in British Columbia, Canada. Your information may be processed and stored in Canada. Canada has been recognized by the European Commission as providing an adequate level of data protection under GDPR. If you are accessing our services from outside Canada, please be aware that your information may be transferred to, stored, and processed in Canada. By using our services, you consent to the transfer of your information to Canada and acknowledge that it will be subject to Canadian privacy laws. For self-hosted Cloud OS users, your data remains on your servers in the jurisdiction of your choosing. We do not transfer self-hosted data across borders.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: - Update the "Effective date" at the top of this policy - Post a prominent notice on our website - Send an email notification to registered Control Center users We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Quazzar Cloud British Columbia, Canada Email: [email protected] Website: https://quazzar.cloud We aim to respond to all inquiries within 5 business days.