User Data Protection Notice

ZecCloud ("we") treats privacy as part of the product, not a compliance checkbox. This Notice explains the scope of personal data collection, purposes of use, and retention rules.

By continuing to use the website, console, or API, you acknowledge that you have read and agree to this Notice. If you do not agree, please stop using the service. This Notice and the Terms of Service are complementary and apply together.

Information You Actively Provide

• Account Info: Email address, optional name, password stored as a one-way hash
• Payment Records: Card numbers are processed by licensed payment processors; we retain only transaction results, amounts, dates, and masked billing fields
• Support Content: Issue descriptions, attachments, and correspondence in tickets and emails
• Order Parameters: Machine specs, node location, billing tier

Records Automatically Generated by the System

• Access Logs: IP address, HTTP metadata, timestamps, referrer, browser, and OS information
• Device Identifiers: Terminal type and client identifier (SSAID) issued by us for risk control and anomaly detection
• Usage Data: Login times, feature usage paths, console activity records, bandwidth and compute consumption statistics
• Cookies / Local Storage: Used to maintain login sessions, remember language preferences, etc. (see Section 6 for details)

Data collected is used for the following purposes:

• Service Delivery: Creating accounts, provisioning nodes, processing payments and renewals
• Identity & Risk Control: Verifying login identity, detecting abuse, blocking unauthorized access
• Technical Support: Responding to ticket requests and assisting with troubleshooting
• Experience Improvement: Analyzing usage patterns in aggregated or anonymized form to improve performance and develop new features
• Billing Notifications: Sending invoices, expiry reminders, maintenance announcements, and security alert emails
• Product Updates: We may send product-related updates or offers until you unsubscribe
• Compliance: Cooperating with law enforcement, meeting regulatory requirements, and protecting the platform's legitimate interests
• System Research: Using anonymized technical logs for stability analysis and optimization

We do not sell your personal data. We disclose it to third parties only in the following circumstances:

Service Providers & Infrastructure Partners

To complete necessary operations such as payment processing, email delivery, and network access, we share the minimum required fields, including:

• Payment gateway (subject to their own privacy policy)
• Email delivery service provider (for verification codes and notifications)
• Self-hosted Matomo analytics (data stored on our own servers)
• Data center and bandwidth providers

We enter into data processing agreements with the above parties, restricting their use to specified purposes and requiring equivalent security standards.

Legal Requirements

We may disclose necessary information when required by law, judicial order, or administrative directive, or when necessary to protect the legitimate interests of the platform and users.

Merger or Business Restructuring

In the event of a merger, acquisition, asset sale, or bankruptcy proceedings, user data may be transferred as part of the assets. We will provide advance notice and require the successor to provide equivalent protection.

With Your Authorization

Your data may only be shared with third parties beyond the scope of this Notice with your separate consent.

• Account Fields: Retained for the account lifetime and a reasonable period after closure, up to approximately 12 months for audit purposes
• Financial Records: Invoices and payment records retained for at least 7 years as required by law
• Access Logs: Typically retained for approximately 90 days for security audits and troubleshooting
• Tickets: Retained for the account lifetime and 12 months after closure
• Instance Disk: Permanently deleted within 72 hours after service ends

If a longer retention period is required by law, that requirement takes precedence.

We follow industry-standard security practices, including but not limited to:

• Encryption in Transit: TLS 1.2 or higher for all transmissions
• Password Storage: Strong one-way hashing (e.g., bcrypt); original passwords are not recoverable
• Internal Access Controls: Staff follow least-privilege principles; sensitive operations are fully logged
• Physical Security: 24-hour access control and video surveillance at data centers
• Security Operations: Regular internal security reviews and vulnerability scanning

We currently use the following technical identifiers:

You may disable cookies in your browser settings; however, disabling essential cookies may prevent the console and ordering process from functioning properly.

Please submit your request via ticket — we will respond within approximately 30 days:

• Right to Access: Obtain a copy of your personal data held by us
• Right to Rectification: Request corrections to inaccurate data (basic fields can also be updated in the console)
• Right to Erasure: Request deletion of your data after closing your account, except for transaction records required to be retained by law
• Marketing Opt-Out: Unsubscribe from promotional communications via the link at the bottom of our emails; billing and security notices are not affected
• Withdrawal of Consent: If processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

Some deletion requests may be deferred while the account is active and service is still in effect, to balance service delivery and legal retention obligations.

This service is available to persons 18 years of age or older only and is not open to minors. We do not intentionally collect personal information from children. If you are a guardian and discover that a minor has submitted personal information without authorization, please contact us via ticket and we will delete it promptly.

We operate data centers in Hong Kong, Japan, South Korea, the United States, and other locations. Your data may be stored or processed in jurisdictions outside your country of residence. Privacy laws vary across jurisdictions.

To manage cross-border transfer risks, we enter into data processing agreements with data recipients, employ standard encryption and access controls, and comply with applicable cross-border data transfer regulations.

This site may contain links to third-party websites. We have no control over their content, privacy practices, or security measures, and accept no responsibility for them. Please review the applicable privacy notice before visiting.

We may revise this Notice from time to time. Revised versions will be published on this page with an updated date at the top.

If changes materially affect the purposes of data use or the scope of sharing, we will notify you in advance via your registered email or in-app message. Continued use of the service after a Notice update constitutes your acceptance of the revised content. If you disagree, please stop using the service and close your account.

To get human assistance with data-related matters, please contact us through any of the following channels: