Sentio Cloud

Privacy Policy

Last updated: 8 June 2026. This document is provided in good faith and is not a substitute for independent legal advice.

1. Introduction & Data Controller

This Privacy Policy explains how Sentio Cloud Services LLC, a limited liability company registered in Georgia, collects, uses, and protects your personal data when you use sentiocloud.io and our services. For the purposes of the EU General Data Protection Regulation (GDPR), Sentio Cloud Services LLC is the data controller.

Because we may serve customers in the European Union, the GDPR applies to that processing under Article 3(2). We intend to designate an EU representative under Article 27; once appointed, their contact details will be published here. For any privacy matter you can contact us at support@sentiocloud.io.

2. Information We Collect

We collect only what we need to provide and protect the services:

  • Account information: your email address (which also serves as your login) and the password hash — we never store your password in clear text
  • Service data: orders, provisioning history, the hostname and specification of your servers, resource-usage metrics, and renewal/billing records
  • Technical & security data: IP addresses, timestamps of logins and key actions, and limited request metadata used for rate-limiting and fraud/abuse prevention
  • Payment metadata: the minimum needed to confirm a payment (e.g. an invoice reference and confirmation status) — see "Payments" below
  • Support communications: the content of messages you send us

3. What We Do Not Collect

We do not log the contents of your VPN traffic or your browsing activity through our VPN servers. We do not store the private keys of your VPN devices — our records hold only the public key material needed to manage your peers. We do not use advertising or cross-site tracking technologies, and we do not sell or rent your personal data to anyone.

4. How We Use Your Data & Legal Bases

We process your data to create and operate your account, provision and maintain your services, process payments, send service-related notifications (such as provisioning, invoices, and security notices), and respond to support requests. We also process limited data to secure the platform and prevent abuse and fraud.

Our legal bases under the GDPR are: performance of our contract with you (providing the services); our legitimate interests (securing the platform, preventing abuse, and operating our business); compliance with legal obligations (such as accounting); and, where applicable, your consent, which you may withdraw at any time.

5. Payments

Payments are handled by our payment processor using the methods offered at checkout. We do not see or store your full payment-card number, security code, or expiry date — that data is handled by the processor. We retain payment records only as needed to confirm receipt, provide the service, and meet accounting and anti-fraud obligations.

6. Third-Party Processors

We share personal data only with service providers that help us run the platform, and only to the extent each needs to perform its function:

  • Our payment processor — processing of payments made at checkout
  • Cloudflare — Turnstile anti-bot verification on sign-up and password-recovery forms
  • Vercel — hosting and delivery of our website/front-end
  • Hetzner (Germany, EU) — the servers and virtual machines on which the platform and customer services run
  • Our transactional email provider — delivery of account and service emails

7. International Transfers

Some of our processors (for example Vercel and Cloudflare) are based in the United States, so your data may be transferred outside your country. Where we transfer personal data of EU/EEA individuals outside the EEA, we rely on an appropriate safeguard such as the EU–US Data Privacy Framework or the European Commission’s Standard Contractual Clauses.

8. Data Storage & Security

We apply technical and organisational measures appropriate to the risk, including encryption in transit, hashed credentials, access controls, and network protections. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work to protect your data and to notify you and the relevant authority of a personal-data breach where the law requires.

9. Data Retention

We keep personal data only as long as necessary for the purposes described here or as required by law. Server data associated with a terminated service is retained for 7 days and then permanently deleted. Account records are deleted within 30 days of account closure, except where a longer period is required to meet a legal obligation or to resolve a dispute.

10. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you and receive a copy
  • Request correction of inaccurate or incomplete data
  • Request erasure of your data ("right to be forgotten")
  • Restrict or object to certain processing
  • Receive your data in a portable, machine-readable format
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local data-protection supervisory authority

11. Cookies

We use only strictly necessary cookies, and no tracking or advertising cookies. For the full list and how to control them, see our Cookie Policy.

12. Changes & Contact

We may update this Privacy Policy from time to time and will post the revised version with a new "Last updated" date. For any privacy question or to exercise your rights, email support@sentiocloud.io; we aim to respond within 30 days.