Privacy Policy

This Privacy Policy explains how Pilae Cloud collects, uses, shares and protects personal data when you visit pilae.cloud, create an account, or use our platform. We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).

The short version: everything runs on our own infrastructure. The website, the console, our analytics and your workloads are all hosted by Pilae on Pilae Cloud. We do not sell your data, and we do not use third-party advertising trackers.

1. Data controller

The controller responsible for your personal data is:

Pilae SA
Rue de Bourg 27, 1003 Lausanne, Switzerland
Swiss business identification number (UID): CHE-419.492.386
Privacy contact: privacy@pilae.cloud

2. Scope: our roles

For website visitors, account holders, billing and support, Pilae SA acts as a data controller, and this policy applies.

For personal data contained in the workloads you deploy and run on Pilae Cloud, we act as a data processor on your instructions. That processing is governed by our Data Processing Agreement (DPA), available on request at privacy@pilae.cloud. We do not access the content of your workloads except where strictly necessary to operate the service or where you ask us to for support. Workload data stays in the region you choose.

3. Personal data we collect

We collect this data directly from you or from your use of the service. We do not buy or enrich personal data from third-party sources.

4. Purposes and legal bases

Where processing relies on your consent, you can withdraw it at any time with effect for the future, without affecting the lawfulness of processing carried out before the withdrawal.

5. Where your data is hosted

Everything is hosted by Pilae on Pilae Cloud. This website, the console, our analytics and our internal tooling run on infrastructure operated by Pilae SA, in our own production regions in Switzerland and the European Union. Your workload data is hosted in the region you choose and does not leave it.

6. Sharing and recipients

We do not sell your personal data. Because we run our own stack on Pilae Cloud, we share personal data with only a small number of service providers acting as processors on our instructions:

We may also disclose personal data where required by law or to protect our rights, subject to applicable legal safeguards. A current list of sub-processors is available on request at privacy@pilae.cloud.

7. International transfers

Personal data is processed in Switzerland and the European Economic Area, two jurisdictions that mutually recognise each other's data protection as adequate. In the limited cases where a provider (such as an email or payment provider) processes data outside these regions, the transfer is covered by appropriate safeguards, such as the EU Standard Contractual Clauses supplemented by the Swiss addendum. You can request details of the safeguards used at privacy@pilae.cloud.

8. Cookies and analytics

We measure how the website and product are used with a self-hosted analytics instance running on Pilae Cloud. Analytics data is processed on our own infrastructure and is not shared with any third party. This may set cookies or use similar technologies and may record approximate, IP-based location. We do not use third-party advertising trackers, and we do not build advertising profiles. You can object to analytics processing at any time by contacting privacy@pilae.cloud.

9. Retention

We keep personal data only for as long as necessary for the purposes above:

You can ask us to delete your data at any time, subject to legal retention obligations.

10. Security

We protect personal data with technical and organisational measures appropriate to a hosting company: encryption in transit and at rest, network isolation with dedicated VLANs, role-based access controls, offsite cross-region backups, and prioritized security patching. If a data breach occurs that is likely to put your rights at risk, we will notify the competent supervisory authority as required by the FADP and the GDPR, and inform you where the law requires it.

11. Your rights

Under the FADP and the GDPR you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing (including any direct marketing), and to withdraw consent where processing is based on it. To exercise these rights, contact privacy@pilae.cloud; we may ask you to verify your identity and will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC); in the EU, the data protection authority of your place of residence or work.

12. Automated decision-making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

13. Children

Pilae Cloud is a service for businesses and professionals. It is not directed at children under 16 and we do not knowingly collect their personal data.

14. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the "last updated" date above and, where appropriate, communicated to you directly.