Privacy Policy
This Privacy Policy explains how Pilae Cloud collects, uses, shares and protects personal data when you visit pilae.cloud, create an account, or use our platform. We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).
The short version: everything runs on our own infrastructure. The website, the console, our analytics and your workloads are all hosted by Pilae on Pilae Cloud. We do not sell your data, and we do not use third-party advertising trackers.
1. Data controller
The controller responsible for your personal data is:
Pilae SA
Rue de Bourg 27, 1003 Lausanne, Switzerland
Swiss business identification number (UID): CHE-419.492.386
Privacy contact: privacy@pilae.cloud
2. Scope: our roles
For website visitors, account holders, billing and support, Pilae SA acts as a data controller, and this policy applies.
For personal data contained in the workloads you deploy and run on Pilae Cloud, we act as a data processor on your instructions. That processing is governed by our Data Processing Agreement (DPA), available on request at privacy@pilae.cloud. We do not access the content of your workloads except where strictly necessary to operate the service or where you ask us to for support. Workload data stays in the region you choose.
3. Personal data we collect
- Account and contact data: name, professional email address, organisation, and the message or request you send us. Without an email address we cannot create your account or respond to you.
- Platform and usage data: workspace, project and deployment metadata, region selection, resource usage (compute, storage, egress) and operational logs required to run, secure and bill the service.
- Billing data: billing contact and the records needed to issue invoices. Card details, where applicable, are handled by our payment provider and are not stored by us.
- Website and product analytics: pages viewed, product events and approximate location, collected by our self-hosted analytics (see Section 8).
- Support data: the content of support requests and related correspondence.
We collect this data directly from you or from your use of the service. We do not buy or enrich personal data from third-party sources.
4. Purposes and legal bases
- Providing the service (account creation, deployments, operation, billing): performance of a contract, GDPR Art. 6(1)(b) / FADP Art. 31.
- Responding to enquiries and pre-contractual steps: pre-contractual measures and our legitimate interest in answering you, GDPR Art. 6(1)(b) and (f).
- Improving and securing the platform (analytics, abuse and fraud prevention): our legitimate interest in a reliable, secure product, GDPR Art. 6(1)(f).
- Legal and accounting obligations: compliance with a legal obligation, GDPR Art. 6(1)(c).
Where processing relies on your consent, you can withdraw it at any time with effect for the future, without affecting the lawfulness of processing carried out before the withdrawal.
5. Where your data is hosted
Everything is hosted by Pilae on Pilae Cloud. This website, the console, our analytics and our internal tooling run on infrastructure operated by Pilae SA, in our own production regions in Switzerland and the European Union. Your workload data is hosted in the region you choose and does not leave it.
6. Sharing and recipients
We do not sell your personal data. Because we run our own stack on Pilae Cloud, we share personal data with only a small number of service providers acting as processors on our instructions:
- Email provider: transactional email (account and billing notifications).
- Payment provider: payment processing and invoicing for paid plans.
We may also disclose personal data where required by law or to protect our rights, subject to applicable legal safeguards. A current list of sub-processors is available on request at privacy@pilae.cloud.
7. International transfers
Personal data is processed in Switzerland and the European Economic Area, two jurisdictions that mutually recognise each other's data protection as adequate. In the limited cases where a provider (such as an email or payment provider) processes data outside these regions, the transfer is covered by appropriate safeguards, such as the EU Standard Contractual Clauses supplemented by the Swiss addendum. You can request details of the safeguards used at privacy@pilae.cloud.
8. Cookies and analytics
We measure how the website and product are used with a self-hosted analytics instance running on Pilae Cloud. Analytics data is processed on our own infrastructure and is not shared with any third party. This may set cookies or use similar technologies and may record approximate, IP-based location. We do not use third-party advertising trackers, and we do not build advertising profiles. You can object to analytics processing at any time by contacting privacy@pilae.cloud.
9. Retention
We keep personal data only for as long as necessary for the purposes above:
- Account and platform data: for the life of your account, then deleted or anonymised within 90 days of account closure.
- Operational logs: for a rolling window sized to security and reliability needs, typically no longer than 12 months.
- Billing records: 10 years, as required by Swiss commercial law.
- Enquiries and support threads: until the matter is resolved, then for a reasonable follow-up period.
You can ask us to delete your data at any time, subject to legal retention obligations.
10. Security
We protect personal data with technical and organisational measures appropriate to a hosting company: encryption in transit and at rest, network isolation with dedicated VLANs, role-based access controls, offsite cross-region backups, and prioritized security patching. If a data breach occurs that is likely to put your rights at risk, we will notify the competent supervisory authority as required by the FADP and the GDPR, and inform you where the law requires it.
11. Your rights
Under the FADP and the GDPR you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing (including any direct marketing), and to withdraw consent where processing is based on it. To exercise these rights, contact privacy@pilae.cloud; we may ask you to verify your identity and will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC); in the EU, the data protection authority of your place of residence or work.
12. Automated decision-making
We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.
13. Children
Pilae Cloud is a service for businesses and professionals. It is not directed at children under 16 and we do not knowingly collect their personal data.
14. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the "last updated" date above and, where appropriate, communicated to you directly.
Questions about this policy? Email privacy@pilae.cloud.