Privacy Policy
Last updated: July 2, 2026
1. What this covers
This policy explains what personal data MyCloudAlly ("we") collects, why, where it lives, and your rights. It covers the mycloudally.com website, the customer dashboard, and the managed servers ("Boxes") and hosting we operate for you.
2. What we collect
Account data: your email address, name, and a hashed password (we never store your password in plain text). Billing data: handled by Stripe — we never see or store your card number; we keep your Stripe customer reference, plan, and invoice status. Support data: the tickets and messages you send us. Service telemetry: operational health of your Box (service up/down, disk, connectivity) so we can monitor and repair it. Chat data: conversations with your assistant are stored on your own Box, not in our central systems; our dashboard displays them by reading from your Box over an encrypted connection.
3. What lives on your Box
Your Box is a private server dedicated to you. Everything you or your assistant create there — files, projects, chat history, uploaded secrets — stays on it (plus its encrypted backups). Our staff and automated support tooling access your Box only to operate, repair, or support the Service, and access is logged on the server. Secrets you upload through the dashboard are delivered directly to your Box over encrypted channels and are not retained centrally.
4. Third parties we rely on (subprocessors)
Amazon Web Services — all infrastructure and backups (US and EU regions; your Box's region is fixed once created). Stripe — payments and invoicing. Telegram — if you connect a Telegram bot, your messages transit Telegram under their terms. Anthropic / OpenAI — the AI account you connect processes the content of your conversations under that provider's terms; we are not the AI provider. We don't sell your data or share it with advertisers.
5. Emails we send
Transactional only: verification, password resets, billing and renewal notices, support replies, and service alerts about your Box (e.g. "your assistant needs to be reconnected"). We don't send marketing email without a separate opt-in, and every non-essential email includes a way out.
6. Cookies
One first-party session cookie (ncp_token) to keep you signed in. No advertising or cross-site tracking cookies.
7. Retention and deletion
Your Box and its data are retained for 30 days after cancellation (so you can recover anything you need), then permanently deleted, including backups on their normal expiry cycle. Account and billing records are kept as long as required for tax and accounting. You may request earlier deletion of your Box or your account at any time.
8. Security
Encryption in transit everywhere (HTTPS/SSH); each customer's Box is isolated from every other customer's; passwords are bcrypt-hashed; payment handled by Stripe (PCI-DSS); routine encrypted backups; access to production systems is restricted and audited. No system is perfectly secure — report concerns to the address below and we'll respond promptly.
9. Your rights
You can access, correct, export, or delete your personal data. EU/EEA and UK users have the rights provided by the GDPR (access, rectification, erasure, portability, restriction, objection) and may lodge a complaint with their supervisory authority. To exercise any right, open a support ticket or email us — we respond within 30 days.
10. Children
The Service is not directed to children under 16, and we don't knowingly collect their data.
11. Changes
We'll post any material changes here and update the date above; continued use after changes means acceptance.
Contact: support@mycloudally.com.