Cloudmesh Privacy Policy

Effective date: August 2, 2025

1. Introduction

At Cloudmesh, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our open-source SaaS platform, which allows you to access and manage files from OneDrive, Google Drive, and Dropbox through a unified dashboard. As an open-source project, we prioritize transparency in our data practices.

This policy applies to all users of Cloudmesh, including those accessing our services from Mumbai, Maharashtra, India, or any other location. We comply with applicable laws, including India's Digital Personal Data Protection Act, 2023 (DPDP Act), and strive to align with international standards like the General Data Protection Regulation (GDPR) for global users.

2. Information We Collect

We collect information to provide and improve our services. The types of data we gather include:

  • Personal Information: When you sign up or use Cloudmesh, we may collect details such as your email address, name, and authentication tokens from integrated services (OneDrive, Google Drive, Dropbox) to enable file access. This is necessary for account creation and service functionality.
  • Usage Data: We collect information about how you interact with our platform, including file access patterns, search queries, and preferences. This helps us improve our service and personalize your experience.
  • Device Information: We may collect information about the device you use to access Cloudmesh, such as IP address, browser type, and operating system. This helps us ensure secure and efficient service delivery.
  • File Metadata: To facilitate file management, we access and use metadata from your connected cloud accounts (e.g., file names, sizes, and timestamps). We do not store any user file data or access the actual file contents at any time.

3. How We Use Your Information

We use your information to:

  • Service Provision: To authenticate and sync your files from OneDrive, Google Drive, and Dropbox into the Cloudmesh dashboard.
  • Improvements and Analytics: Anonymized usage data helps us analyze trends and enhance features, especially as an open-source platform where community contributions are key.
  • Communication: We may send you updates, security alerts, or support messages via email.
  • Security and Compliance: To prevent unauthorized access and comply with legal requirements, such as data protection audits under the DPDP Act.

We do not use your information for any other purposes, including marketing or selling your data.

4. Data Sharing and Disclosure

We share data only in limited circumstances:

  • With Integrated Services: When you connect accounts, we share authentication details with OneDrive, Google Drive, or Dropbox as per their APIs, but only to enable file access.
  • Service Providers: We may engage trusted third-party vendors (e.g., hosting providers) for technical support, ensuring they adhere to strict confidentiality agreements.
  • Legal Obligations: If required by law, such as under the DPDP Act or court orders, we may disclose data to authorities.
  • Open-Source Community: As an open-source project, aggregated and anonymized usage statistics may be shared publicly to foster development, but never personal identifiable information.

We do not share your data with marketers or unrelated third parties.

5. Data Security

We implement robust measures to protect your information:

  • Encryption of data in transit and at rest using industry-standard protocols.
  • Regular security audits and access controls to prevent breaches.
  • As an open-source platform, our code is publicly available for review, promoting community-driven security enhancements.

However, no system is entirely risk-free, so we encourage you to use strong passwords and monitor your accounts.

6. Your Rights and Choices

Under applicable laws like the DPDP Act and GDPR, you have rights including:

  • Access and Correction: Request details of your data or update inaccuracies.
  • Deletion: Ask us to delete your personal information, subject to legal retention requirements.
  • Opt-Out: Withdraw consent for data processing or unsubscribe from communications.
  • Portability: Obtain a copy of your data in a structured format.

To exercise these rights, contact us at [support@cloudmesh.example]. We respond to requests within 30 days.

7. Data Retention

We retain your data only as long as necessary for service provision or legal compliance. For example, account information is kept while your account is active, and logs are retained for up to 12 months for security purposes. Inactive accounts may be deleted after 6 months of non-use.

8. Children's Privacy

Cloudmesh is not intended for users under 13 years old (or 18 in some jurisdictions). We do not knowingly collect data from children, and parents should contact us if they believe we have such information.

9. International Data Transfers

If you access Cloudmesh from outside India, your data may be transferred to servers in other countries. We ensure such transfers comply with data protection laws, using safeguards like standard contractual clauses.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you via email or in-app notices for significant updates. Continued use of Cloudmesh after changes implies acceptance.

11. Contact Us

For questions or concerns, reach us at vishvsalvi10@gmail.com or via our support portal.

By using Cloudmesh, you agree to this Privacy Policy. Thank you for trusting us with your data.