Privacy Policy

Your privacy is important to us at Thamara Cloud. This Privacy Policy explains what information we collect, how we use and share it, and your rights regarding that information. We are committed to transparency and to complying with applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and relevant laws in the countries where we operate (such as the California Consumer Privacy Act for U.S. residents, among others).

By using Thamara Cloud’s services or website, you consent to the practices described in this Policy. If you do not agree with this Policy, please discontinue use of our services. We may update this Privacy Policy from time to time (see Section 9 on changes). If you have any questions or requests regarding your personal data, you can contact us at support@thamara.cloudز

1. Who We Are (Data Controller)

Thamara Cloud (“Thamara Cloud”, “we”, “us”, or “the Company”) provides web hosting and related services globally. For the purposes of data protection law, Thamara Cloud [is a single entity located in Country – OR if multiple entities, list them]. Thamara Cloud is the “Data Controller” of your personal information, which means we determine how and why your personal data is processed. Our contact details are:

• Company Name: Thamara Cloud LLC
  
• Address: 1111B S Governors Ave STE 28253, Dover, DE, United States, 19904
  
• Email: support@thamara.cloud
  

If you are a resident of the European Economic Area (EEA) or UK, you may also contact our EU/UK representative at [rep contact, if required by GDPR Article 27 for non-EU company].

2. What Information We Collect

We collect only the necessary personal data to provide our services and run our business. The types of information we collect fall into a few categories:

a. Information You Provide to Us:

• Account Registration Data: When you sign up, we ask for details like your name, email address, billing address, phone number (in some cases), and account username/password. If you register a domain, we require information required by ICANN/registries: domain registrant name, address, email, phone (these are used for domain records).
  
• Payment Information: For processing payments, we (or our payment processors) collect payment details such as credit card numbers or PayPal/other payment IDs. We do not store full credit card numbers on our servers; this is handled by our PCI-compliant payment gateway partner. We store basic payment transaction records (e.g., the last 4 digits of your card, card type, expiration, and billing name/address) for record-keeping and to comply with accounting/tax obligations.
  
• Support Communications: If you contact us for support (via ticket, email, or phone), we may collect the information you choose to give us. This could include your troubleshooting details, screenshots you send, or account preferences. We keep support conversation records to better assist you and improve our services. Calls may be recorded for training and quality assurance (we will notify you at call start if recording).
  
• Customer Surveys, Contests, etc.: Occasionally, we may offer optional surveys, contests, or promotions. If you choose to participate, you might provide information such as feedback, testimonials, or additional contact info (like a shipping address for a giveaway prize). We will tell you at the time what data is collected and how it will be used.
  

b. Information We Collect Automatically:
When you use our website or client area, or when your visitors access your hosted site, we collect some data automatically:

• Usage and Log Data: Our servers automatically log certain information when you visit thamara.cloud or access your hosting account. This includes IP address, browser type and version, device type, operating system, pages or screens viewed, the date/time of access, and referring webpage. For example, we log when you log into the control panel and any actions taken (for security and audit).
  
• Cookies and Similar Technologies: We use cookies (small text files stored in your browser) and similar tracking technologies (like web beacons or pixels) on our websites. Cookies allow us to remember your login session, collect analytics about site usage, and personalize content/ads. For detailed info, see our “Cookie Policy” (Section 10 below). Key points: we use essential cookies for site functionality (like remembering your session or preferences), and with your consent we use analytics cookies (e.g., Google Analytics) to understand traffic and marketing cookies to provide relevant advertising. You have control over non-essential cookies via our cookie consent banner.
  
• Monitoring and Security: For cybersecurity, we may use automated tools to monitor our network (e.g., firewall logs, intrusion detection systems). These might collect IP addresses and behavior patterns that could be considered personal data (like detecting multiple failed login attempts). This is done to protect our infrastructure and your accounts from malicious activity.
  

c. Information from Third Parties:
Sometimes we obtain information about you from third-party sources, such as:

• Reseller or Referral Partners: If you were referred to Thamara Cloud by a third-party reseller or affiliate partner, they may have provided us your name, email or domain to help set up your account.
  
• Third-Party Login: If we enable “Sign in with Google/Facebook” or similar, we get your basic profile info from those services (only if you choose that method).
  
• WHOIS Directory: If you transfer a domain to us, we may retrieve your registration info from the prior registrar (as required to process the transfer).
  
• Public Databases & Blacklists: We might check certain data against public anti-fraud databases or spam blacklists (for instance, we might check if an IP address trying to register is on a known spammer list, as part of our fraud prevention).
  
• Advertising Partners: If you came to our site via an ad or promotion, our marketing partners might provide info like which campaign or keyword led you to us (this is usually analytics data, not identifying you personally, except possibly your IP or a cookie ID).
  

We treat any third-party-sourced information according to this Privacy Policy plus any additional restrictions imposed by the source (like if they only provided it for a specific use, we honor that).

d. Sensitive Personal Data:
We do not intentionally collect any sensitive personal data such as government ID numbers, financial account passwords, biometric data, health information, etc., from our users in the normal course of providing hosting. Please do not provide these to us unless necessary (for example, we might need a scan of an ID for verification in case of a disputed account ownership, but we will explicitly ask if so). We also do not solicit or process any special categories of personal data (such as data about race, ethnicity, religious or philosophical beliefs, trade union membership, genetic or biometric data, or information about sexual orientation) from you. Any such information in your website content is incidental and under your control as the content owner—we just process it as part of hosting.

3. How We Use Your Information (Purposes and Legal Bases)

Thamara Cloud uses personal information only for legitimate business purposes and in accordance with applicable law. Under GDPR (for EU users), we must state the legal bases for processing your data. Depending on the context, one or more of the following bases apply: (a) processing is necessary to perform our contract with you (to provide services), (b) processing is necessary for our legitimate interests (after we’ve balanced any impact on your rights), (c) processing is based on your consent (for example, for non-essential cookies or marketing emails), or (d) processing is necessary to comply with a legal obligation. Below are the purposes for which we process data and the corresponding legal bases:

• Provide and Maintain Services: We use your information to set up your hosting account, register your domain, provide customer support, and ensure your services are working as intended. For example, using your domain and IP to route internet traffic to your server, or your email to send service notifications. Legal basis: Contractual necessity – we can’t deliver the service without using certain data. Also, legitimate interests in ensuring our services function properly.
  
• Account Management and Communication: To send important account or transactional communications: e.g., welcome emails, password reset emails, billing invoices and renewal notices, service outage alerts, or policy updates. These are not marketing, but essential communications. Legal basis: Contract necessity and legitimate interests (to keep you informed about service status, security, and billing).
  
• Processing Payments: We use payment info to charge for services you purchase, and to process refunds when applicable. We keep billing history for accounting, auditing, and tax purposes. Legal basis: Contract (billing is part of the service) and legal obligations (financial record-keeping).
  
• Customer Support: If you reach out for support, we will use your info and any logs or data necessary to resolve your issue. This may include accessing your account (with your permission) to troubleshoot, or reviewing server logs related to your account. Legal basis: Contract (support is part of our service commitment) and legitimate interests (helping our customers, improving support quality).
  
• Improve and Optimize Our Services: We use usage data and analytics to understand how our customers interact with our website and services. This helps us optimize user experience, plan new features, and improve performance. For example, analyzing which knowledge base articles are most accessed or understanding server load patterns to allocate resources efficiently. Wherever possible, we use aggregated or anonymized data for this purpose (not tied to a specific user). Legal basis: Legitimate interests – it’s in our interest (and generally beneficial to users) to improve our services. We ensure this does not override your rights by using mostly non-identifying data.
  
• Marketing and Newsletters (With Consent): If you opt-in to marketing communications, we will use your name and email to send you newsletters, product updates, special offers, or promotions. You can opt-out at any time by clicking “unsubscribe” in any email or changing preferences in your account. We may also use information about the services you have (e.g., if you have a basic plan, we might send an offer about upgrading to a higher plan) – this is to ensure our marketing is relevant. Legal basis: Consent (for email marketing to EU users or where required by law). For existing customers, in some jurisdictions we might rely on legitimate interest to send limited marketing about similar products, but we will always respect opt-out requests.
  
• Advertising (Cookies): We might use third-party advertising networks (like Google Ads, Facebook Ads) to promote our services. If we do, and you consented to marketing cookies, those networks might use cookies or pixels on our site to track conversions or tailor ads. For example, if you visited our pricing page, we might later show you a Thamara Cloud ad on another site (commonly known as retargeting). The information used for this is typically cookie identifiers or IPs – we do not give your personal details (like name or email) to ad networks for targeted ads without consent. Legal basis: Consent (for EU, via our cookie consent; for others, often legitimate interest in advertising, but we still seek to honor “Do Not Track” signals and offer opt-outs).
  
• Security and Abuse Prevention: We process personal data (like IP addresses, user agent, account activity) to monitor, prevent, and mitigate security incidents and abusive behavior. This includes detecting fraudulent signups, DDOS mitigation (recording attacking IPs), preventing unauthorized account access, and network debugging. For instance, we might block an IP that’s trying to brute-force logins across multiple accounts. We also may use your date of sign-up or account history as part of trust and safety decisions (e.g., new account restrictions if high risk). Legal basis: Legitimate interests – we have a strong interest in keeping our services secure and free of abuse; this benefits us and our entire user base. It may also overlap with legal obligation if, for example, we must comply with law enforcement requests or abuse reporting laws.
  
• Legal Compliance: We may need to process and retain data to comply with laws and regulations. Examples: Keeping records for tax audits, responding to lawful requests by public authorities (e.g., court orders to disclose the contents of an account or logs), complying with KYC (know your customer) or export-control regulations if applicable, and handling user data requests under privacy laws. Legal basis: Compliance with legal obligations and legitimate interests (in cooperating with lawful requests and enforcing our terms).
  
• Enforcing Our Terms and Policies: We will use data as needed to investigate and address violations of our Terms of Service or other misuse of our services. For instance, if we suspect an account is sending spam, we will examine the email logs or email content on that server. Similarly, if content on a site is reported as illegal, we may review it. We also reserve the right to use data in legal proceedings if necessary (either to pursue or defend against claims). Legal basis: Legitimate interests – we must protect our business, enforce rules for fairness and safety, and defend ourselves when needed.
  
• Mergers or Business Transfers: If we ever merge with another company, or if our company or assets are acquired, your data would likely be transferred to the successor entity. In such case, we’ll ensure the new owners understand they must honor the commitments we’ve made in this Privacy Policy. Legal basis: Legitimate interest in business continuity. We would provide notice to users in such events as required by law.
  

We do not use personal data for any purposes incompatible with those above. We do not engage in any automated decision-making or profiling that has legal or similarly significant effects on you without human review (for instance, we don’t have algorithms that automatically terminate accounts without staff involvement).

4. Who We Share Your Information With

Thamara Cloud is in the business of hosting, not selling personal data. We do not sell your personal information to third parties for profit. However, we do share certain information with third parties in the following contexts, as necessary to run our service or as required by law:

a. Thamara Cloud Group and Personnel: If Thamara Cloud operates through multiple affiliated companies or branches (e.g., an EU subsidiary vs a US parent), your data may be shared internally among our corporate family. Our employees, agents, and contractors who have a need to know personal data in order to provide support, review security issues, or perform accounting tasks will have access. All such personnel are bound by confidentiality and this Privacy Policy.

b. Service Providers (“Processors”): We use reputable third-party companies to help us deliver our services. These providers only process your data under our instructions and for the purposes we specify, and they are bound by data protection agreements. Key service providers include:

• Data Center and Infrastructure Providers: We colocate our servers or rent cloud infrastructure from companies (for example, AWS, Google Cloud, or other regional data center partners). Data stored on our hosting servers (including your website content, databases, etc.) is physically or virtually present in those facilities. These providers do not access your data except for maintenance of infrastructure and as needed (they typically don’t look at content).
  
• Domain Registries and Registrars: If you register or transfer a domain through us, we must share the necessary WHOIS data with the domain registry operator and our upstream registrar partner. For example, to register a .com domain, we send your contact data to VeriSign (the .com registry) via our registrar. This is required by ICANN regulations. Some of that data may become public in the WHOIS directory, unless you use domain privacy (we strongly recommend domain privacy to protect your personal info – when enabled, our information or that of a privacy service will show in WHOIS instead of yours).
  
• Payment Processors: We rely on third-party payment gateways (e.g., Stripe, PayPal, etc.) to handle credit card processing and other payments. These processors will receive your payment card details or account info to process transactions. They are PCI-DSS compliant. We share with them the transaction amount, invoice info, and your billing info to charge you. They may also handle recurring billing. We do not store your full card details on our systems; that is tokenized by the payment processor.
  
• Email and Communication Tools: We use third-party platforms to send transactional emails (like SendGrid or similar) and to manage marketing mailing lists (like MailChimp, etc., for those who opt in). Your email and name may reside in those platforms for the purpose of sending you communications. They are not allowed to use your info except to send our messages.
  
• Analytics and Optimization Tools: As mentioned, we use analytics services like Google Analytics on our website to understand traffic. These services may set cookies and collect your IP and browsing info on our site. The data they provide us is aggregated (we see general usage patterns, not every single user’s behavior by name). Google Analytics is governed by Google’s privacy policy and we’ve configured it to anonymize IPs where applicable. We may also use A/B testing or UX analytics tools to improve our site (e.g., seeing where users click on a page). These tools might record interactions but generally not personally identifying info, and any IP or other data is used only for our internal analysis.
  
• Customer Support Systems: If we use a CRM or helpdesk provider (e.g., Zendesk, Freshdesk, etc.), your support tickets and contact info might be stored there. This helps us manage and respond to inquiries efficiently. Those systems are accessed by our support team and are protected by confidentiality.
  
• Backup Storage Providers: If we store encrypted backups with a third-party storage service (for off-site redundancy), some data could be hosted with them. For example, we might store server snapshots on an object storage service. These backups might include customer content, but they are secured and only for disaster recovery.
  
• Advertising Partners: If you consent to marketing cookies, we share certain info via those cookies with advertising networks (like Google Ads, Facebook). For example, a tracking pixel on our site will tell Facebook that a certain anonymous user visited a page, which can then match if that user has a Facebook account to allow us to show an ad. We do not give your actual identity to advertisers for targeting; it’s done via userIDs or hashes through their systems. If you fill out a lead form or similar from an ad, that information is obviously given to us from that partner.
  

We ensure that all service providers we use can meet high data protection standards. Where required by GDPR, we have Data Processing Addendums (DPAs) in place.

c. Business Transfers: If Thamara Cloud undergoes a business transaction like a merger, acquisition by another company, or sale of all or part of its assets, your personal data might be transferred as part of that deal. We would ensure the new owner continues to treat your data in line with this Privacy Policy. We will provide notice (e.g., via email or a prominent site notice) if a transfer materially changes how your data is handled.

d. Legal and Law Enforcement: We may disclose personal information to third parties when required by law or necessary to protect our rights. Examples include:

• In response to lawful requests by public authorities (such as subpoenas, court orders, or government demands under applicable law). If a law enforcement agency properly requests data related to your account, we may be obligated to provide it. Our policy is to scrutinize each request to ensure it has a valid legal basis, and to only provide the minimum data necessary. Where allowed, we would inform the affected user of the request (e.g., if not prohibited by the order).
  
• When necessary to enforce our Terms of Service, or to investigate and defend ourselves against any third-party claims or allegations. For instance, if you are involved in a legal dispute and we receive a civil subpoena related to your account, we might have to comply. Or if necessary to collect overdue payments, we might share data with a debt collection agency.
  
• If we believe disclosure is necessary to prevent physical or financial harm, or in connection with suspected or actual illegal activity. For example, sharing information with fraud prevention networks or reporting a misuse to law enforcement.
  

e. Your Visitors or End-Users: If you host a website on Thamara Cloud that collects personal data from your end-users, that data is under your control. We act as a Data Processor for such data. We don’t share your end-users’ data except as needed to provide the service (e.g., their data is stored on our servers). However, you may choose to integrate third-party services into your site (like Google Analytics for your own site, or a payment gateway for your e-commerce) – in those cases, your end-user data might be shared with those third parties through your implementation. That’s your decision and outside of our direct control.

In summary, Thamara Cloud only shares personal information in order to run our business and deliver our services to you, or when we are legally compelled. We do not sell or rent personal info to data brokers or advertisers. We also do not share your info with third parties for their own independent marketing (unless you separately consent with them, e.g., if we have a partnership and you explicitly opt in to that partner’s communications).

5. International Data Transfers

Thamara Cloud is a global service. Regardless of where you are located, your data may be stored or processed in multiple countries, including the United States, members of the European Union, or any country where we or our service providers maintain facilities. This means your information could be transferred to or accessed from jurisdictions that might not have equivalent data protection laws as your home country.

However, we take measures to ensure an adequate level of protection for such cross-border data transfers. These include:

• EU-U.S. and Swiss-U.S. Data Privacy Framework: If we are based in the US and receive personal data from the EU/EEA or Switzerland, we comply with the EU-U.S. Data Privacy Framework principles (or any successor mechanism) for those transfers, ensuring that EU personal data is protected to EU standards. [Only applicable if we self-certify to this – if not, remove or mark TBD.]
  
• Standard Contractual Clauses (SCCs): We have incorporated the European Commission’s approved Standard Contractual Clauses into our agreements between our EU entity and any non-EU affiliates, and in agreements with relevant service providers. These clauses contractually oblige recipients of EU personal data to protect it according to EU law standards. If your data originates from the EEA or UK and is transferred to a country not deemed adequate by the EU/UK, such SCCs (along with any additional measures needed) are in place.
  
• Adequacy Decisions: Some countries (like Canada, Japan, UK, etc.) are recognized by the EU as having adequate data protection. Where applicable, we rely on those decisions for data transfers.
  
• Our Commitment: No matter where your data is processed, this Privacy Policy and our internal privacy practices apply. We also train our employees on data protection and ensure only staff in need of access (e.g., support agents in your region) handle your personal data.
  

If you have questions about cross-border transfers or need more information on the safeguards we use, you can contact us (see Section 9).

6. Data Retention

We keep personal data only as long as necessary for the purposes for which it was collected, or as required for legitimate business or legal purposes. This section outlines typical retention periods:

• Account Information: Your account registration data (name, email, contact info, account login) is kept as long as you have an active account with us. If you cancel all services, we generally archive this information for a certain period in case you return or for record-keeping. Typically, we retain basic account records for [7-10 years] after account closure. (For example, we may keep your email to recognize if you come back, or to provide you with copies of invoices for your taxes.)
  
• Billing and Payment Records: Financial transaction records are retained to comply with accounting and tax laws. In many jurisdictions, we must keep invoices and payment records for 7-10 years. We store minimal card info (e.g., last4) associated with invoices for audit purposes also for similar durations.
  
• Support Tickets and Communications: We keep support correspondence and live chat logs for a period of time so we have history if you contact us again with related issues, and to improve our support. Typically, support tickets are retained for about 2-3 years after resolution, then deleted or anonymized, unless they contain information we need to keep longer (e.g., evidence of consent or a critical change request). Recorded phone calls, if any, are usually kept for a shorter time (e.g., 6 months) unless flagged for training or legal reasons.
  
• Server Logs: Our system and security logs (which may include IP addresses and actions like login attempts) are kept for a limited time — often 30 days to 1 year — depending on the type of log, and then automatically rotated or deleted. Shorter retention (like 30-90 days) is used for high-volume logs, especially if only needed for short-term troubleshooting. Some security-related logs might be kept longer if needed for analysis of persistent threats.
  
• Hosted Content: As a hosting provider, we primarily act as a processor for the content you upload. We do not access or curate that except as needed (e.g., backups or per your support requests). When you delete files or emails from your hosting account, it’s generally immediately removed from the active server and then from backups within a reasonable window (our backup retention cycle is usually [e.g., 7-14 days]). If you cancel your hosting service, your data on the server is deleted shortly after cancellation (we might give a brief grace period after the service expires, such as 14 days, before wiping, in case you change your mind or failed to backup). After deletion from servers, remnants might remain in offline backups for a few more days, but then those too fall out of rotation. We do not purposely keep your website content after cancellation unless legally required.
  
• Cookies: Cookies set on your browser have their own expirations. For example, our login session cookies might last only for the session or a few hours; preferences cookies might last some months; analytics cookies might persist for a year or two unless cleared. You can clear cookies any time via your browser. Our Cookie Policy (Section 10) provides specifics on durations.
  
• Domain Registration Data: If you register a domain, the domain’s WHOIS info is maintained in the registry’s database for the life of the domain. Even if you cancel hosting with us, if the domain is still under your ownership or is active, the data remains with the registry (we can assist to update or delete it if you relinquish the domain). ICANN rules require registrars to keep domain registration records for at least 2 years after the domain’s term ends.
  
• Marketing Data: If you have consented to marketing emails, we retain your name and email on our mailing list until you opt-out. If you unsubscribe or opt-out, we may retain your contact info on a suppression list to ensure we don’t accidentally contact you, but we won’t actively use it.
  
• Legal Holds: If we are engaged in a dispute or investigation, or have received a legal hold notice, we may retain certain information beyond standard periods until that issue is resolved (override normal deletion schedules). For instance, if there’s a claim regarding your account, we may preserve relevant logs or communications until it’s resolved, even if you request deletion.
  

When we no longer have a legitimate need or legal obligation to keep your personal information, we will securely delete it or anonymize it. For example, by removing identifying details so data can be kept in aggregate for statistical analyses or service improvement without identifying you.

7. Your Rights and Choices

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you, as well as information about how we process it. (Commonly known as a Subject Access Request.) This typically includes data like your account details, contact info, and potentially server logs associated with you. We will provide this unless an exception applies.
  
• Right to Rectification: If any personal data we have is inaccurate or incomplete, you have the right to ask us to correct it. You can also update much of your info via your account dashboard (for instance, update your contact email or address).
  
• Right to Erasure: Also called “Right to be Forgotten.” In certain circumstances, you may request that we delete your personal data. For active customers, we need some data to provide the service (so we can’t always delete everything unless you cancel services). But if you cancel and request erasure, we will delete data that we are not obligated to retain. We will also forward your request to third parties who have your data via our service (e.g., if we shared data with a sub-processor) where required.
  
• Right to Restrict Processing: You can ask us to limit processing of your data in certain cases – for example, if you contest the accuracy of data, or we no longer need the data but you want us to keep it for legal reasons, or while you object to processing (see below). When processing is restricted, we will store the data but not use it until the issue is resolved.
  
• Right to Data Portability: You have the right to obtain your personal data from us in a structured, commonly used, machine-readable format, and request that we transfer it to another controller where technically feasible. This applies to data you provided to us and that we process by automated means based on your consent or contract. Practically, for hosting, this might not be heavily applicable (as your “personal data” is often minimal beyond contact info), but for things like account profile or maybe content, we’ll assist by providing backups or exports if needed.
  
• Right to Object: You may object to our processing of your personal data where we rely on legitimate interests as the legal basis, and you believe your rights outweigh our interests. If you object, we will consider your request and only continue processing if we have compelling legitimate grounds or if needed for legal claims. You also have an absolute right to object to your data being used for direct marketing. If you object to marketing (or withdraw consent), we will stop sending marketing communications.
  
• Right to Withdraw Consent: Where we process data based on your consent (e.g., for marketing emails or non-essential cookies), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. For example, you can unsubscribe from newsletters and we will cease sending them.
  
• Right not to be subject to Automated Decisions: We do not use automated decision-making without human involvement in any way that produces legal effects for you. If we ever do, you have rights to contest such decisions.
  
• Right to Complain: If you have concerns about our data practices, you have the right to lodge a complaint with a data protection supervisory authority. If you’re in the EU, this would be the authority in your country (for example, the CNIL in France, ICO in the UK, etc.). We would, however, appreciate the chance to address your concerns directly before you do this – we take privacy seriously and will try to resolve any issue.
  

California Residents: If you are a California resident, the CCPA provides certain rights as well, which overlap the above: the right to know what personal info is collected and shared, the right to request deletion, the right to opt-out of “sale” of personal info (we don’t sell data in the traditional sense, but as mentioned, some sharing for advertising might be considered a “sale” under CCPA’s broad definitions – you can opt-out of those via cookie settings or by sending us a Do Not Sell request). Also, California’s “Shine the Light” law allows you to ask for a notice describing what categories of personal info we share with third parties for direct marketing – we do not share personal info with third parties for their own direct marketing, so we believe that is not applicable. We also will not discriminate against you for exercising any privacy rights (e.g., we won’t deny service or charge different prices just because you made a privacy request).

Exercising Your Rights: To exercise any of your rights, please contact us at contact@thamara.cloud or via your account dashboard’s privacy settings if available. Please be specific about what you are requesting (e.g., “I want a copy of my data” or “Please delete X information”). For security, we may need to verify your identity (for example, by asking you to send the request from the email on file or to provide certain account identifying info). We will respond to your request within a reasonable timeframe as required by law (for example, GDPR mandates within 1 month, which can be extended by 2 months if necessary – we will inform you if an extension is needed). For data access or portability requests, we will provide the data in a commonly used format (likely JSON or CSV, or PDF for human reading).

There are some limitations: We might not be able to fully comply if, for instance, fulfilling your request would conflict with legal obligations (e.g., we cannot delete your billing records before the retention period ends, even if you ask, due to tax laws). Also, if your request is manifestly unfounded or excessive (like repetitive requests), we might charge a reasonable fee or refuse it – but we’ll explain why.

We encourage you to keep your personal data accurate and up to date – you can do a lot by logging into your account settings. For anything else, our team is here to help.

8. Security Measures

Thamara Cloud employs a variety of technical and organizational security measures to protect your personal data and hosted content from unauthorized access, disclosure, alteration, and destruction. We take security very seriously (our business depends on trust). Some of the key measures we have in place include:

• Encryption: Our websites and control panels are secured via HTTPS (TLS encryption) so that data transmitted between your browser and our servers is encrypted in transit. For stored data, sensitive personal info (such as passwords and payment details) is encrypted or hashed. For example, account passwords are stored hashed with strong algorithms (we cannot see your plaintext password). Credit card information is handled by PCI-compliant processors; any stored card tokens or summaries are secured. We also support encryption for email services (e.g., SMTPS/IMAPS for retrieving/sending emails).
  
• Access Controls: Internally, we restrict access to personal data to authorized personnel who need it to perform their job. We follow the principle of least privilege. Administrative access to systems that store personal data is limited to trained staff and protected by strong authentication (including multi-factor authentication). Our employees are bound by confidentiality obligations.
  
• Network Security: We implement firewalls and monitoring systems to safeguard our hosting network. This includes intrusion detection systems (IDS) that alert on suspicious activity, DDoS protection services to mitigate attacks, and regular updating and patching of our servers and software to address security vulnerabilities. We also isolate customer accounts on shared servers to prevent “cross-site” issues (one user’s vulnerability affecting others).
  
• Malware Scanning: We use security tools that regularly scan our servers for malware or suspicious files. This helps detect if any websites are compromised or if any malicious content has been uploaded, so we can act promptly.
  
• Backups and Recovery: We maintain backup routines and have disaster recovery plans. Your data is backed up regularly (frequency depends on your plan or our backup policy), and backups are stored securely. This ensures that in case of a hardware failure or other incident, we can restore service and data. Backup data is often encrypted or stored in secure environments.
  
• Monitoring and Auditing: We log administrative actions and monitor access to sensitive systems. Regular audits (internal and sometimes external) are conducted on our security controls. We also keep software updated – when patches for security issues are released, we apply them in a timely manner.
  
• Physical Security: For servers in data centers, those facilities have robust physical security (guard presence, controlled entry, surveillance). Our own office systems that might store customer data (if any) are secured as well.
  
• Training: We provide privacy and cybersecurity training to our staff, particularly developers and support agents, to ensure they follow safe practices and understand the importance of protecting customer data.
  

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. Thus, we cannot guarantee absolute security. However, we continuously update and improve our security measures to adapt to new threats. If we ever experience a data breach involving your personal data, we will notify you and the appropriate authorities as required by law.

Your Responsibility: You also play a role in keeping your data safe. We urge you to use a strong, unique password for your Thamara Cloud account and to enable two-factor authentication (2FA) if we offer it. Do not share your login credentials with others. Also, be aware of phishing: Thamara Cloud will never ask you for your password via email or unsolicited contact. If you suspect any unauthorized access to your account, notify us immediately.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will notify you in a timely manner appropriate to the significance of the changes:

• If the changes are minor (e.g., clarifying language or updating contact information), we may just update the policy with a new effective date.
  
• If the changes are significant (e.g., we start processing data for a new purpose not originally outlined, or we want to collect additional personal data), we will provide a more prominent notice. This could be an email to the address on your account, a pop-up notice on our website, or a notification in your account dashboard. We may also request your consent for something new if required (for example, if we were to start processing data on a new legal basis that needs consent).
  

The “Effective Date” at the top of this Policy indicates when the latest revisions became effective. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If you continue to use Thamara Cloud services after an update to the Privacy Policy, it generally means you accept the revised policy (to the extent permitted by law). If you do not agree to any changes, you should stop using our services and can request that we remove your personal data (consistent with Section 7 above).

10. Cookies and Tracking Technologies

Cookies are small text files placed on your device by websites you visit. We (and our third-party partners) use cookies and similar technologies (such as web beacons, pixels, and local storage) to provide and personalize our services, analyze site usage, and for advertising.

When you first visit our website, we present a cookie consent banner allowing you to accept or reject non-essential cookies. You can also manage preferences there. Here’s an overview of how we use cookies:

• Essential Cookies: These are necessary for our site and services to function. For example, authentication cookies to keep you logged in as you navigate the client area, or preferences cookies that remember your language or region. Without these, certain features (like the shopping cart or account login) may not work. These cookies are typically set to expire when you log out or after a short time. Using our site implies consent to these essential cookies, as they are needed for service.
  
• Analytics Cookies: We use these to collect information about how visitors use our website – which pages are visited, traffic sources, bounce rates, etc. This helps us improve the website’s design and performance. We primarily use Google Analytics (_ga, _gid, etc.) and possibly similar tools. The data from these cookies is aggregated and not meant to identify you personally. For instance, Google Analytics might log that “10 users from Paris visited the pricing page and stayed for X minutes.” We have configured Google Analytics to anonymize IP addresses where applicable. These cookies have varying lifespans (some last for the session, others like _ga last up to 2 years). We only deploy analytics cookies if you have given consent via the banner. You can also opt-out anytime (Google provides a browser add-on for opt-out as well).
  
• Advertising Cookies: Thamara Cloud may use advertising and retargeting cookies to market our services on third-party sites. For example, if you visited our site, cookies like Facebook Pixel or Google Ads cookies may remember this so we can show you an ad later. These cookies track things like which pages you viewed or if you completed certain actions (e.g., started checkout but didn’t finish), so that advertising can be tailored. They don’t store your name, just identifiers. Advertising cookies might also measure ad campaign effectiveness (so we know if an ad led someone to sign up). Common advertising cookies we use might include Google’s NID/IDE, Facebook’s fr, etc. These are set only with your consent. If consent is given, and later you opt out (via our cookie settings or browser settings), those cookies will be disabled going forward. You can also generally opt-out of interest-based ads by using industry opt-out tools (such as aboutads.info choices for US or YourOnlineChoices.eu for EU).
  
• Other Third-Party Cookies: If our website integrates content from others (like a YouTube tutorial video embedded, or social media share buttons), those third parties may set their own cookies on your browser. For example, playing an embedded YouTube video might set YouTube cookies. We try to minimize this and will mention in our cookie policy details. Also, our live chat or support widgets may use cookies to function (like remembering your chat session ID).
  
• Do Not Track: Our site currently [honors / does not honor] “Do Not Track” signals. (Note: Many sites currently do not change behavior for DNT due to lack of consensus. We would clarify our stance here.)
  

Managing Cookies: You have a few options to control cookies:

• Use our cookie consent banner’s “Settings/Preferences” to toggle categories on or off (it remains accessible via a link like “Cookie Settings” in the footer at all times).
  
• Browser settings: Most web browsers let you refuse new cookies, delete existing ones, or notify you when new ones are set. Please refer to your browser’s help documentation for how to do this. Note that blocking all cookies may break some functionality.
  
• Third-party opt-outs: For Google Analytics, you can install the official opt-out add-on. For Google Ads or other ad networks, use the opt-out links mentioned above.
  

Cookies on our Hosting Services: If you host with us, note that this section is about cookies on Thamara Cloud’s own websites (like our homepage, dashboard, etc.). The cookies your own website sets for your visitors are under your control. If you’re in the EU, you should have your own cookie notice for your site if it uses cookies (we can help with guidance but it’s your responsibility as the site owner). We don’t inject any tracking cookies into your end-user websites except what’s needed for service (like maybe a load-balancer cookie or something purely technical). If we ever did for our own analytics of server usage, we would inform you, but generally we don’t track your site visitors ourselves.

For a detailed list of specific cookies we use and their purposes, please see our Cookie Policy page

11. Children’s Privacy

Thamara Cloud’s services and website are not directed to children under 16 (or the relevant age of digital consent in your country, which might be 13 in some places). We do not knowingly collect personal data from children. Our Terms of Service require customers to be at least 18 (with minors using services under a parent/guardian’s agreement).

If you are a parent or guardian and believe that your child under 16 (or relevant age) has provided us with personal information, please contact us immediately at contact@thamara.cloud We will take steps to delete such information as soon as possible. If we do inadvertently get information from a child (say a support ticket comes from someone who identifies as under 16), we will only use it to respond directly to that child (or their parent/guardian) and then delete it.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us. We’re here to help and committed to resolving any privacy issues:

• Email: support@thamara.cloud
• Postal Mail: 1111B S Governors Ave STE 28253, Dover, DE, United States, 19904
• Phone: +44 7426 420193
  

We will respond to your inquiries as soon as possible, typically within a few business days. Your trust is important to us, and we welcome feedback on how we can improve our privacy practices.

Thank you for reading our Privacy Policy. By keeping you informed, we hope to build a lasting and trustworthy relationship as your hosting provider.