User data protection statement

KuzCloud (“we”) treats privacy as part of the product, not a bolt-on compliance item. This statement covers what personal data we collect, why we use it, and how long we keep it.

Continued use of the website, console, or APIs means you have read and agree to this statement.If you disagree, stop using the service. This statement supplements the Terms of Service; both apply together.

Information you provide

• Account profile:Email address, optional name, password stored only in hashed form
• Payment records:Card numbers are handled by a licensed payment provider; we keep only transaction outcomes, amounts, dates, and redacted billing fields
• Support content:Issue descriptions, attachments, and correspondence in tickets and email
• Order parameters:Hardware specs, access region, billing tier

Automatically generated records

• Access logs:IP address, HTTP metadata, timestamps, referrer, browser and OS information
• Device identifiers:Device type and client identifiers we issue (SSAID) for risk control and anomaly detection
• Usage data:Sign-in times, feature paths, console behavior, bandwidth and compute consumption statistics
• Cookies / local storage:Used to keep sessions, remember language preferences, etc. (see Section 6)

We use collected data for:

• Service delivery:Create accounts, provision nodes, process payments and renewals
• Identity and risk control:Verify sign-ins, detect abuse, block unauthorized access
• Technical support:Respond to tickets and help troubleshoot incidents
• Product improvement:Analyze paths in aggregate or anonymized form to improve performance and build features
• Billing notices:Send invoices, expiry reminders, maintenance advisories, and security notices
• Product updates:Until you unsubscribe, we may send product-related updates or offers
• Compliance:Meet law-enforcement requests, regulatory obligations, and protect legitimate platform interests
• Systems research:Use anonymized technical logs for stability analysis and tuning

We do not sell your personal data.We disclose to third parties only in the following cases:

Service providers and infrastructure partners

To complete payment, email delivery, network access, and similar steps, we share the minimum necessary fields, including:

• Payment gateways (subject to their own privacy policies)
• Email delivery providers (for verification codes and notices)
• Self-hosted Matomo analytics (data stored on our own servers)
• Data center and bandwidth suppliers

We enter data processing agreements with these parties, limit purposes of use, and require comparable security measures.

Legal requirements

Where laws, court orders, or administrative commands require it, or where disclosure is necessary to protect the platform and users’ lawful interests, we may disclose necessary information.

Mergers or corporate restructuring

If a merger, acquisition, asset sale, or bankruptcy occurs, user data may transfer as an asset; we will announce in advance and require successors to provide equivalent protection.

With your authorization

We provide your data outside the scope of this statement only with your separate consent.

• Account fields:Kept for the life of the account and a reasonable period after deletion, up to about12 monthsto satisfy audit requirements
• Financial records:Invoices and payment evidence are kept for at least7 years
• Access logs:Retained routinely for about90 daysfor security audits and troubleshooting
• Tickets:For the life of the account and after deletion12 months
• Instance disks:After service stopswithin 72 hourspermanently deleted

If the law requires a longer retention period, we follow it.

We follow industry-standard security practices, including but not limited to:

• Encryption in transit:TLS 1.2 or higher end to end
• Password storage:Strong hashes such as bcrypt; original passwords are not recoverable
• Internal access:Staff follow least-privilege rules; sensitive operations leave audit trails
• Physical security:Data centers with 24-hour access control and video monitoring
• Security operations:Periodic internal security reviews and vulnerability scanning

We currently use the following categories of technical identifiers:

You can disable cookies in the browser; if essential cookies are off, the console and checkout may not work.

Submit requests via ticket; we will respond within about30 days:

• Access:Obtain a copy of personal data we hold about you
• Correction:Request fixes to inaccurate data (basic fields can also be updated in the console)
• Deletion:After account deletion, request erasure of related data except records we must keep by law
• Marketing opt-out:Use the link at the bottom of emails to leave promotional mail; billing and security notices continue
• Withdraw consent:Where processing is consent-based, you may withdraw anytime without affecting lawfulness of processing before withdrawal

While the account is active and services are still being delivered, some deletion requests may be deferred to balance delivery against statutory retention duties.

This service is offered only to people aged18 or olderand is not directed at minors. We do not knowingly collect children’s personal data. If you are a guardian and find a minor submitted data without authorization, contact us via ticket and we will delete it promptly.

We operate data centers in Hong Kong, Japan, Korea, the United States, and other regions; your data may be stored or processed outside where you live. Privacy laws differ by location.

To control cross-border risk, we sign data processing agreements with recipients, use standard encryption and access controls, and follow applicable cross-border transfer rules.

This site may link to third-party websites. We do not control their content, privacy practices, or security and are not responsible for them. Read each site’s privacy notice before visiting.

We may revise this statement from time to time; updated versions are posted here with the date at the top refreshed.

If a change materially affects purposes of use or sharing scope, we will notify you in advance via your registered email or in-product messages.Continued use after an update means you accept the revised statement.If you disagree, stop using the service and delete your account.

For human assistance with data matters, contact us through either channel below: