Privacy Policy, CloudXOps

How we collect, use, and protect your personal data

Last updated: 9 June 2026

1. Introduction

Cloud X Ops Ltd. ("Cloud X Ops", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or otherwise interact with us.

This policy applies to all services provided by Cloud X Ops, including but not limited to cloud infrastructure management, DevOps consulting, and managed IT services.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

For the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and the Bulgarian Personal Data Protection Act (Закон за защита на личните данни, ЗЗЛД), the data controller is:

Cloud X Ops Ltd. (trading as "CloudXOps"), a limited liability company registered in the Republic of Bulgaria.

Company registration number (UIC / ЕИК): 208765591

Registered Address: Orlitsa Str. 31B, Krasna Polyana 3, Sofia, Bulgaria

Email: privacy@cloudxops.ai

Phone: +359 89 874 8283

Our Data Protection Officer (DPO) can be contacted at: dpo@cloudxops.ai

3. Data We Collect

3.1 Information You Provide

We collect information that you voluntarily provide when you:

Complete contact forms or request information
Register for an account or subscribe to our services
Request a consultation or quote
Subscribe to newsletters or marketing communications
Participate in surveys or provide feedback
Communicate with us via email, phone, or other channels

This may include:

Name and job title
Company name and address
Email address and phone number
Billing and payment information
Technical requirements and project specifications

3.2 Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

IP address and device identifiers
Browser type and version
Operating system
Pages visited and time spent on pages
Referring website addresses
Geographic location (country/region level)

This information is collected through cookies and similar technologies. Please refer to our Cookie Policy for details.

3.3 Information from Third Parties

We may receive information about you from third parties, including:

Business partners and referral sources
Cloud service providers (AWS, Azure, Google Cloud) when you authorize integrations
Publicly available sources for business contact information

4. Legal Basis for Processing

Under Article 6 of the GDPR and the Bulgarian Personal Data Protection Act, we process your personal data only where we have a valid legal basis. The legal grounds we rely on are:

Consent (Art. 6(1)(a) GDPR): where you have given us your consent, for example to receive marketing communications or to allow non-essential cookies. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Performance of a contract (Art. 6(1)(b) GDPR): where processing is necessary to enter into or perform a contract with you, including delivering our cloud, DevOps, and managed IT services, managing your account, and handling billing.
Compliance with a legal obligation (Art. 6(1)(c) GDPR): where processing is necessary to comply with obligations to which we are subject, such as accounting, tax, and statutory record-keeping duties under Bulgarian law.
Legitimate interests (Art. 6(1)(f) GDPR): where processing is necessary for our legitimate interests or those of a third party, provided these are not overridden by your interests or fundamental rights. This includes securing and improving our services, preventing fraud, network and information security, and limited business-to-business direct marketing. You have the right to object to processing based on legitimate interests (see Section 9).

Where we rely on legitimate interests, we carry out a balancing assessment. You may request further information about this assessment by contacting our Data Protection Officer at dpo@cloudxops.ai.

5. How We Use Your Data

We use your personal data for the following purposes:

Service delivery: To provide, maintain, and improve our cloud and DevOps services
Communication: To respond to your inquiries, provide support, and send service-related notices
Account management: To create and manage your account, process transactions, and maintain records
Marketing: To send promotional materials, newsletters, and information about our services (with your consent)
Analytics: To analyze website usage and improve user experience
Security: To protect our services, detect fraud, and ensure network security
Legal compliance: To comply with applicable laws, regulations, and legal processes

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our cloud service providers maintain infrastructure.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
EU-U.S. Data Privacy Framework certifications where applicable
Binding Corporate Rules for intra-group transfers

You may request a copy of the safeguards used by contacting our Data Protection Officer.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. To determine the appropriate retention period, we consider criteria such as the duration of our relationship with you, the existence of a legal, accounting, or tax obligation requiring retention, the nature and sensitivity of the data, and whether retention is necessary to establish, exercise, or defend legal claims. Applying these criteria, our typical retention periods are:

Active accounts: For the duration of your business relationship with us
Contractual data: 10 years after contract termination (as required by Bulgarian commercial law)
Financial records: 10 years (as required by Bulgarian tax law)
Marketing contacts: Until you withdraw consent
Website analytics: 26 months

After the retention period expires, your data will be securely deleted or anonymized.

9. Your Rights

Under GDPR and Bulgarian law, you have the following rights regarding your personal data:

Right of Access

You may request a copy of the personal data we hold about you.

Right to Rectification

You may request correction of inaccurate or incomplete data.

Right to Erasure

You may request deletion of your data in certain circumstances.

Right to Restriction

You may request that we limit how we use your data.

Right to Portability

You may request your data in a machine-readable format.

Right to Object

You may object to processing based on legitimate interests or for marketing.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Rights Regarding Automated Decision-Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. We do not carry out such automated decision-making. Should this change, we will inform you and provide the safeguards required under Article 22 of the GDPR.

Right to Complain

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the Bulgarian supervisory authority, the Commission for Personal Data Protection (CPDP), in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, contact us at privacy@cloudxops.ai. We will respond within one month, as required by the GDPR (this period may be extended by a further two months where necessary, taking into account the complexity and number of requests).

Commission for Personal Data Protection (CPDP) — Комисия за защита на личните данни (КЗЛД)

Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria

Website: https://www.cpdp.bg

Email: kzld@cpdp.bg

Phone: +359 2 915 3518

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption of data in transit (TLS 1.3) and at rest (AES-256)
Access controls and authentication mechanisms
Regular security assessments and penetration testing
Employee training on data protection
Incident response procedures
Physical security for data centers and offices

While we take reasonable measures to protect your data, no method of transmission over the Internet or electronic storage is completely secure.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

We will update the "Last Updated" date at the top of this page
We will notify you via email (for registered users) or prominent notice on our website
We will obtain your consent where required by law

We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Inquiries

Privacy: privacy@cloudxops.ai

Legal: legal@cloudxops.ai

Data Protection Officer: dpo@cloudxops.ai