Privacy Policy

1. Information We Collect

We may collect and process the following types of information:

• Customer Contact Information: Names and email addresses, which are used for account management, support, and service-related communications.
• Analytics Data: Information about user interactions on the marketing website (cycle.io), such as approximate location, session duration, page views, button clicks, and form submissions. We may also collect limited product analytics/usage metrics within portal.cycle.io to improve service usability and reliability. We do not use cross-site tracking.
• Telemetry Data: Information opted in per hub environment by the user, used to monitor, diagnose, and improve service performance.
• Technical Data: Data related to container base images, provider access credentials, configuration files, and environment variables, which are necessary for container and infrastructure management.

2. Purpose of Data Processing and Legal Bases

We collect and process data for the following purposes:

• Service Monitoring: Telemetry data helps us monitor service usage, detect issues, and enhance functionality.
• Communication: Customer contact information allows us to manage user accounts and provide customer support.
• Service Optimization: Technical data is used to enable efficient container orchestration and infrastructure management.

Legal Bases (GDPR/UK GDPR, where applicable): performance of a contract (to provide the services); legitimate interests (to secure, improve, and support the platform); and compliance with legal obligations.

3. Cookies and Similar Technologies

We use limited cookies on cycle.io for functional and analytics purposes. You can manage or disable cookies in your browser settings. We do not use cookies for cross-site advertising.

4. Data Sharing and Internal Data Handling

We manage data as follows:

• Analytics Providers: We use PostHog for analytics on the marketing website and limited product analytics/usage metrics in the portal. These analytics are used to improve product experience and reliability.
• Internal Data Access: Access to sensitive data is restricted to essential roles, including the CEO and Head of Engineering. Other employees may access data only under specific conditions and, where appropriate, with customer consent. All access is logged.
• Subprocessors: We may engage subprocessors (e.g., hosting, email delivery) who are contractually required to implement security and confidentiality protections substantially similar to our own. A current list and change notifications are available at /legal/subprocessors.

We do not sell customer personal information. Internal data is not shared with third parties other than subprocessors acting on our instructions.

5. Data Retention

• Telemetry Data: Retained according to the selected monitoring tier, ranging from 7 to 120 days.
• Contact Information: Automatically deleted upon account deletion or upon request. Users can also unsubscribe via email links or by contacting us as outlined in Section 8.
• Technical Data: Correlated to individual hubs (not individual users) and kept until a hub is deleted. Once the hub is deleted, Cycle removes all associated data.

6. Data Security

We maintain a security program designed to protect the confidentiality, integrity, and availability of information processed through Cycle.

• Field-Level Encryption: Sensitive personally identifiable information (PII)—such as user names and email addresses—as well as secrets, access tokens, provider credentials, and API keys are encrypted at the database field level using industry-standard encryption algorithms.
• Access Control: Access to production databases, credentials, and infrastructure is restricted to a small number of senior engineering personnel following the principle of least privilege. All privileged access requires multi-factor authentication and is logged for auditing purposes.
• Secrets Management: Encryption keys and service tokens are stored and rotated using secure secrets-management systems. Access to these systems is controlled and monitored.
• Infrastructure Security: Systems are deployed in hardened, segmented environments protected by firewall policies and continuous monitoring for anomalies or unauthorized activity.
• Logging & Monitoring: Security-relevant events and access logs are collected, reviewed, and retained in accordance with our internal retention schedule to support investigation and incident response.
• Incident Response & Notification: If we confirm unauthorized access to encrypted personal data or secrets, we will notify affected users without undue delay and no later than 30 days from confirmation, or sooner if required by law. Notifications will include available details and remediation steps.

7. International Data Transfers

Personal data may be processed in the United States and other countries. Where required, we use appropriate safeguards for international transfers (e.g., the European Commission’s Standard Contractual Clauses or UK-approved equivalents) and implement supplementary measures as needed.

8. Your Rights and How to Contact Us

To exercise your rights or make a request, email info@cycle.io.

Subject to applicable law (e.g., GDPR/UK GDPR), you may:

• Access: Request a copy of your personal data.
• Correction: Correct inaccuracies in your data.
• Deletion: Request deletion of your data.
• Objection/Restriction: Object to or request restriction of certain processing.
• Portability: Request your data in a structured, machine-readable format.

If you are in the EEA/UK and are dissatisfied with our response, you may lodge a complaint with your local supervisory authority.

9. Children's Privacy

Our services are not directed to children under 16, and we do not knowingly collect their data.

10. Updates to This Policy

We may update this Privacy Policy periodically. Any changes will be posted here, and we may notify users directly if significant changes are made.

11. Contact Us

For questions or concerns about this Privacy Policy:

Email: info@cycle.io
Address: Petrichor Holdings, Inc., 18124 Wedge Pkwy #208, Reno, NV 89511