Privacy Policy

Last updated: 09 Aug 2025 • Applies to kdcloudsync.net and related services

Plain English: KD Cloud Sync is a small, EU-hosted file sync project. We collect the bare minimum to run the service. Files are encrypted before they leave your device. We don’t sell data and we don’t run ads.

1) Who we are (data controller)

KD Cloud Sync (“we”, “us”, “our”) provides lightweight file synchronisation and sharing. For the purposes of the GDPR, we are the data controller for account and billing data. Contact: privacy@kdcloudsync.net.

2) What we collect

Account details — email address, plan type, signup date.
Operational logs — IP address, timestamp, HTTP status codes and user-agent when you access the service or our website. These are short-retention and used for security/debugging.
Storage metadata — size used, file counts, and technical identifiers needed for sync (e.g., hashed block IDs). We don’t index your file contents.
Support messages — any info you send to support@kdcloudsync.net.

3) What we do not collect

No advertising identifiers or third-party trackers.
No content scanning for marketing or profiling.
No “social” pixels (Facebook, etc.).

4) Encryption & security

Files are encrypted on your device before upload (client-side). Transport uses TLS. Server access is restricted, keys are rotated, and logs are minimised. As with any online service, zero risk is impossible, but we aim for sensible, industry-standard practices.

5) Why we process data (legal bases)

Contract — to provide the service you signed up for (create your account, sync files, provide support).
Legitimate Interests — to keep the service secure and reliable (e.g., abuse prevention, diagnostics, service analytics without tracking individuals).
Legal Obligation — to comply with applicable laws (e.g., invoices, tax rules).
Consent — if we ever ask for optional features (we’ll ask clearly; you can withdraw any time).

6) Retention

Account — kept while your account is active. If you close your account, we delete it within 30 days unless we must keep limited records for legal/accounting reasons.
Operational logs — typically retained up to 30 days; shorter if feasible.
Backups — rolling backups may persist for up to 30 days; they are encrypted and automatically expire.

7) International transfers

Primary hosting is in the EU. If we use subprocessors outside the EU, we use appropriate safeguards (e.g., Standard Contractual Clauses). We try to keep data local where possible.

8) Subprocessors (infrastructure)

We may use reputable infrastructure vendors (compute, storage, email delivery). Each is contractually bound to process data only as instructed. A current list is available on request by emailing privacy@kdcloudsync.net.

9) Cookies

Essential (session): keeps you logged in; expires when you log out or after inactivity.
No analytics/tracking cookies are set by us.

10) Your rights (EU/EEA)

Subject to applicable law, you have the right to:

Access your personal data and obtain a copy.
Rectify inaccurate or incomplete data.
Erase data (right to be forgotten) in certain cases.
Restrict or object to processing in certain cases.
Data portability (receive your data in a structured, commonly used format).
Withdraw consent where processing is based on consent.
Lodge a complaint with your local supervisory authority.

11) How to make a request

Email privacy@kdcloudsync.net from your account email and describe the request (access, deletion, correction, etc.). We’ll verify identity and respond within one month (or explain if more time is needed for complex requests).

12) Children

Our service is not directed at children under 16. If you believe a child has provided personal data without consent, contact us and we’ll remove it.

13) Third-party links

Our website may link to other sites. We’re not responsible for their content or privacy practices.

14) Data breaches

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and (where required) the relevant authority without undue delay.

15) Changes to this policy

We may update this policy from time to time. Material changes will be signposted on this page (and sometimes via email if appropriate). The date at the top reflects the latest version.

16) Contact

Questions, requests, or complaints: privacy@kdcloudsync.net. If you’re in the EU/EEA, you also have the right to complain to your local data protection authority.

That’s it. We keep things simple: minimal data, strong encryption, and no ad tracking.