Privacy Policy

Last updated: September 2025

This Privacy Policy explains how ContentCloud processes personal data in compliance with GDPR and other applicable privacy laws. We are committed to protecting your privacy and being transparent about our data practices.

1. What Personal Data We Collect

2. Legal Basis for Processing

• Contract Performance: To provide ContentCloud services as agreed
• Legitimate Interests: To improve, secure, and optimize our services
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations

3. How We Use Your Data

• Provide AI-powered search and knowledge management services
• Generate cited responses based on your uploaded content
• Maintain and improve service performance and security
• Provide customer support and technical assistance
• Send service-related communications and updates
• Comply with legal obligations and prevent fraud

4. Data Sharing and Disclosure

We do not sell personal data. We may share data with:

• Service Providers: EU-based cloud infrastructure and security providers
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In case of merger or acquisition (with notice)

All third-party processors are bound by strict data protection agreements and GDPR compliance requirements.

5. International Data Transfers

Your data is processed within the European Union. If any transfers outside the EU are necessary, we use Standard Contractual Clauses (SCCs 2021/914) and ensure adequate protection measures.

6. Data Retention

• Account Data: Retained while your account is active, plus 90 days after termination
• Content Data: Configurable retention periods (default: 2 years, customizable for Enterprise)
• Conversation Logs: 1 year default, with admin controls for shorter periods
• Technical Logs: 90 days for security and performance monitoring

7. Your Rights Under GDPR

You have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: For processing based on consent

To exercise these rights, contact our DPO at dpo@contentcloud.com.

8. Data Security

We implement comprehensive security measures:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and multi-factor authentication
• Incident response and breach notification procedures
• EU-based data centers with ISO 27001 certification

9. Cookies and Tracking

We use essential cookies for service functionality and optional cookies for analytics. You can manage cookie preferences through our cookie banner or browser settings. See our Cookie Policy for detailed information.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or service notifications.

12. Contact and Complaints

For privacy-related questions or to exercise your rights, contact:

• Data Protection Officer: dpo@contentcloud.com
• Legal Team: legal@contentcloud.com
• General Contact: Contact Form

You have the right to lodge a complaint with your local supervisory authority if you believe we have not addressed your privacy concerns adequately.