Privacy.

Effective Date: Jun 25, 2026

This Privacy Policy describes how Petrichor Holdings, Inc. ("we," "us," or "our") collects, uses, and shares personal data when you visit cycle.io or use our web application at portal.cycle.io. Cycle provides container orchestration and infrastructure management services.

Petrichor Holdings, Inc. (United States) is the data controller for the personal data described in this Policy, namely information about visitors to cycle.io and holders of Cycle accounts. For personal data contained within customer workloads and hubs processed on the Platform, Petrichor acts as a processor on behalf of the customer; that processing is governed by the applicable customer agreement and Data Processing Agreement rather than by this Policy.

1. Information We Collect

We may collect and process the following types of information:

Customer Contact Information: Names and email addresses, used for account management, support, and service-related communications.

Analytics Data: Information about user interactions on the marketing website (cycle.io), such as approximate location, session duration, page views, button clicks, and form submissions. We also collect limited product analytics and usage metrics within portal.cycle.io to improve service usability and reliability.

Telemetry Data: Information opted in per hub environment by the user, used to monitor, diagnose, and improve service performance.

Technical Data: Data related to container base images, provider access credentials, configuration files, and environment variables, which are necessary for container and infrastructure management. Where this data is part of a customer's workload, we process it as a processor on the customer's behalf.

We collect and process data for the following purposes: account management and customer support (using contact information); service monitoring, diagnostics, and improvement (using telemetry and analytics data); and container orchestration and infrastructure management (using technical data).

Legal bases (GDPR/UK GDPR, where applicable): performance of a contract, to provide the Services; legitimate interests, to secure, improve, and support the Platform and to measure website audience; consent, where we rely on it, including for advertising cookies and retargeting; and compliance with legal obligations.

3. Cookies and Similar Technologies

We use a limited set of cookies and similar technologies on cycle.io.

Audience Measurement (enabled by default where permitted): We use analytics cookies solely to measure website audience, understand how visitors use the site, and improve content and usability. These cookies are limited to this purpose, are not used for cross-site tracking, and the resulting data is not shared with any third party for that third party's own purposes. Our analytics provider, PostHog, processes this data only as our processor under a data processing agreement. Where the law of a visitor's jurisdiction requires prior consent for analytics, these cookies are set only after consent.

Advertising and Retargeting (consent only): Only where you opt in do we enable advertising cookies that may share information with Google Ads to show you Cycle-related advertisements, which may involve cross-site tracking by that partner. We do not enable these cookies, and do not share any data with advertising partners, unless you have given consent. You can decline at the outset or withdraw consent at any time through our cookie settings, after which we stop. We do not use cookies for cross-site advertising or profiling unrelated to Cycle services.

4. Data Sharing and Internal Data Handling

We share personal data only with: (a) service providers and subprocessors that process data on our behalf and under our instructions, including PostHog (website and product analytics, under a data processing agreement) and providers of hosting and email delivery; and (b) where you have opted in to advertising cookies, our advertising partner (Google) for retargeting, as described in Section 3. We do not sell personal data, and we do not otherwise share it with third parties for their own purposes.

Internal Data Access: Access to sensitive data is restricted to a small number of authorized personnel with a legitimate business need. Other employees may access data only under specific conditions and, where appropriate, with customer consent. All access is logged.

Subprocessors: Subprocessors are contractually required to implement security and confidentiality protections substantially similar to our own. A current list and change notifications are available at /legal/sub-processors.

5. Data Retention

Telemetry Data: Retained according to the selected monitoring tier, ranging from 7 to 120 days.

Contact Information: Deleted upon account deletion or upon request. Users can also unsubscribe via email links or by contacting us as outlined in Section 8.

Technical Data: Correlated to individual hubs rather than individual users and kept until a hub is deleted, after which we remove all associated data.

Audience Measurement Data: Analytics cookies and the data they generate are retained for no longer than the period permitted by the applicable audience-measurement exemption, after which they are deleted or anonymized.

6. Data Security

We maintain a security program designed to protect the confidentiality, integrity, and availability of information processed through Cycle.

Field-Level Encryption: Sensitive data such as secrets, access tokens, and provider credentials are encrypted at the database field level using industry-standard encryption algorithms.

Access Control: Access to production databases, credentials, and infrastructure is restricted to a small number of senior engineering personnel following the principle of least privilege. Privileged access requires multi-factor authentication where applicable and is logged for auditing.

Secrets Management: Encryption keys and service tokens are stored and rotated using secure secrets-management systems, with access controlled and monitored.

Infrastructure Security: Systems are deployed in hardened, segmented environments protected by firewall policies and continuous monitoring for anomalous or unauthorized activity.

Logging and Monitoring: Security-relevant events and access logs are collected, reviewed, and retained in accordance with our internal retention schedule to support investigation and incident response.

Incident Response and Notification: If we confirm unauthorized access to personal data or secrets, we will notify affected users without undue delay, or sooner if required by law, and will include available details and remediation steps.

7. International Data Transfers

Personal data may be processed in the United States and other countries. Where required, we use appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses or UK-approved equivalents, and implement supplementary measures as needed.

8. Your Rights and How to Contact Us

To exercise your rights or make a request, email info@cycle.io. Subject to applicable law (e.g., GDPR/UK GDPR), you may request access to your personal data, correction of inaccuracies, deletion, objection to or restriction of certain processing, and portability in a structured, machine-readable format. If you are in the EEA or UK and are dissatisfied with our response, you may lodge a complaint with your local supervisory authority.

9. Children's Privacy

Our services are not directed to children under 16, and we do not knowingly collect their data.

10. Updates to This Policy

We may update this Privacy Policy periodically. Any changes will be posted here, and we may notify users directly if significant changes are made.

11. Contact Us

For questions about this Privacy Policy: Email info@cycle.io, or write to Petrichor Holdings, Inc., 18124 Wedge Pkwy #208, Reno, NV 89511.

Document Status: This document (Privacy) was last updated and went into effect on June 25, 2026.

>_DEPLOYMENT.AUTOMATION()

Want to see what Cycle can do for you?

Experience the only control plane that natively orchestrates Containers, VMs, and Functions across any provider with a fully automated networking fabric.

Cookies

Cookies Preferences

We run basic, anonymous analytics by default to measure site traffic. By clicking "Accept," you allow additional cookies for advanced app improvements and tailored advertising. Choose what you share by clicking "Customize."