Privacy Policy

Last updated: March 9, 2026

Introduction

ChenPo LLC, doing business as CloudRepo ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our repository management services. ChenPo LLC is a North Dakota limited liability company.

We wrote this policy to be clear and straightforward. If anything here is confusing, reach out to us at privacy@cloudrepo.io and we will explain it in plain language.

Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your name, email address, company name, and billing information.
  • Repository Data: We store the artifacts and repositories you upload to our service. Your artifacts are yours — we do not scan, analyze, or mine their contents.
  • Support Communications: We collect information you provide when contacting our support team.
  • Payment Information: We use third-party payment processors and do not store credit card information directly.

Information Collected Automatically

  • Usage Data: We collect information about how you interact with our services, including API calls, bandwidth usage, and storage metrics.
  • Log Data: Our servers automatically record information including IP addresses, browser types, and access times. Logs may contain user identifiers for troubleshooting purposes and are automatically purged according to the retention schedules described below.
  • Cookies: We use cookies and similar technologies as described in the Cookies section below.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues
  • Protect against fraudulent or illegal activity

Cookies

We use cookies and similar technologies to operate our service and understand how people use it. Here is what we use and why:

Strictly Necessary Cookies

These cookies are essential for our service to function. They maintain your session and authenticate your requests. You cannot opt out of these cookies without losing access to authenticated features.

Analytics Cookies

We use Amplitude and Google Tag Manager to understand how visitors use our website. These services may set their own third-party cookies to collect anonymized usage data, such as pages visited and interactions with features. This helps us improve the experience for everyone.

Support Cookies

We use Intercom for customer support. Intercom may set third-party cookies to maintain your support conversation state and provide a seamless help experience.

Managing Cookies

You can manage or refuse cookies through your browser settings. Most browsers allow you to block or delete cookies in their privacy or security settings. Note that disabling strictly necessary cookies may prevent you from using authenticated features of our service. For more details, consult your browser's help documentation.

Data Sharing and Disclosure

We do not sell, trade, rent, or market your personal information to third parties. We put our users first and only share your information in the following limited situations:

  • Service Providers: We share data with third-party vendors who perform services on our behalf (e.g., payment processing, email delivery, analytics, customer support). For a complete list, see our subprocessor list.
  • Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We would notify you before your information becomes subject to a different privacy policy.
  • Consent: We may share information with your explicit consent.

If you need a formal data processing agreement, one is available on our Trust Center.

Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Automated code analysis and security testing gates in our development pipeline
  • Access controls and authentication mechanisms
  • Background checks on all personnel with access to production systems
  • Incident response procedures

Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. When you delete your account or submit a verified deletion request, we will delete or anonymize your personal information within 30 calendar days, unless we are required to retain it for legal purposes.

Log retention: Application logs stored in Grafana Cloud are retained for 30 days. Infrastructure logs in AWS CloudWatch follow AWS default retention periods. Logs may contain user identifiers (such as user IDs and IP addresses) for troubleshooting purposes and are automatically purged at the end of their retention period.

Your Rights and Choices

You have the following rights regarding your information:

  • Access: You can request a copy of the personal information we hold about you.
  • Correction: You can request that we correct inaccurate information.
  • Deletion: You can request that we delete your personal information. Verified deletion requests are fulfilled within 30 calendar days.
  • Portability: You can request your data in a machine-readable format. We provide exports in CSV or JSON format.
  • Withdraw Consent: Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.
  • Opt-out: You can opt out of marketing communications at any time.

To exercise any of these rights, contact us at privacy@cloudrepo.io.

International Data Transfers

All customer artifacts and account data are stored exclusively in the United States (AWS US-West). Certain subprocessors we use for operational purposes (see our subprocessor list) may process limited categories of operational data in other jurisdictions. We ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it.

California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

Categories of Personal Information We Collect

  • Identifiers: Name, email address, IP address, account ID
  • Commercial Information: Billing records, subscription history, service usage
  • Internet Activity: Browsing history on our site, interactions with our services, API usage logs
  • Professional Information: Company name, job title (when provided)

How We Use This Information

We collect and use personal information for the business and commercial purposes described in the "How We Use Your Information" section above, including providing our services, processing payments, improving our platform, and communicating with you.

We Do Not Sell or Share Your Personal Information

CloudRepo does not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

Your CCPA Rights

  • Right to Know: You can request details about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request that we delete personal information we have collected from you.
  • Right to Correct: You can request correction of inaccurate personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing or quality of service for making a request.

Submitting a Request

To submit a verifiable consumer request, email us at privacy@cloudrepo.io from the email address associated with your account. We may need to verify your identity before processing the request. We will respond to verified requests within 45 calendar days. If we need additional time (up to 45 more days), we will let you know in writing.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) provides you with additional rights regarding your personal data.

Controller and Processor

CloudRepo acts as a data controller for your account data (name, email, billing information) and as a data processor for the artifacts and repository data you store with us. When we process artifacts on your behalf, we act only on your instructions and do not access, analyze, or use the contents of your artifacts for our own purposes.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Processing Activity Legal Basis
Providing our services (account management, repository hosting) Contract performance — Art. 6(1)(b)
Payment processing Contract performance — Art. 6(1)(b)
Analytics and service improvement Legitimate interest — Art. 6(1)(f)
Marketing communications Consent — Art. 6(1)(a)
Security monitoring and fraud prevention Legitimate interest — Art. 6(1)(f)
Legal and regulatory compliance Legal obligation — Art. 6(1)(c)

Your GDPR Rights

In addition to the rights listed in the "Your Rights and Choices" section above, you have the right to:

  • Object to Processing: You can object to processing based on legitimate interest. We will stop unless we can demonstrate compelling legitimate grounds.
  • Restrict Processing: You can request that we limit how we use your data in certain circumstances.
  • Withdraw Consent: Where processing is based on consent (Art. 7(3)), you may withdraw consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Response Timeline

We will respond to GDPR requests within 30 calendar days. If we need additional time due to the complexity or volume of requests, we will let you know within the initial 30-day period.

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email or through our services.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Email: privacy@cloudrepo.io
  • Company: ChenPo LLC d/b/a CloudRepo
  • Jurisdiction: North Dakota, United States

Privacy Contact

For privacy-related inquiries, you can also reach our privacy team at dpo@cloudrepo.io.

Legal Information

This Privacy Policy is provided by ChenPo LLC, a North Dakota limited liability company doing business as CloudRepo. Any disputes arising from this policy shall be governed by the laws of North Dakota.