Cloud Spectra is a self-hosted networking appliance: it is deployed by you, from the AWS Marketplace or a CloudFormation template, into your own AWS account and VPC. Production network traffic, configuration, logs, and TLS keys remain inside your AWS account. Cloud Spectra LLC operates no infrastructure in your data path and receives no telemetry from deployed appliances. This shapes everything below: most "customer data" in the traditional SaaS sense never reaches us.
1. Who we are
Cloud Spectra LLC ("Cloud Spectra", "we", "us") is the data controller for personal data we collect through this website and our sales process. Registered address: 1957 Limewood Dr, San Jose, CA 95132, USA. Privacy contact: privacy@cloudspectra.ai.
2. What we collect
2.1 Website visitors
- Technical data served by our edge provider (Cloudflare): IP address, user agent, request timestamps and basic security/anti-abuse logs.
- Third-party embeds: fonts and background imagery are self-hosted on this domain, so a normal page load contacts no third party other than our edge provider. The Calendly scheduler is loaded only after you consent via our cookie banner, or when you explicitly open a scheduling widget; it may then receive your IP address. See our Cookie Policy.
2.2 Prospects and customers
- Contact & scheduling data you submit via email or Calendly (name, email, company, meeting notes).
- Billing/entitlement data processed by AWS Marketplace when you subscribe; we receive limited subscription metadata from AWS, not your payment-card details.
2.3 The cost scanner (savings page)
Our optional read-only cost scanner uses an IAM role you create to read AWS Cost Explorer / billing aggregates in your account. It reads cost figures, not your network payloads. Results are returned to your browser; we describe its exact permissions on the Trust Center.
3. How we use it
- To respond to enquiries, schedule and conduct sales/onboarding conversations.
- To provision, support, and bill Marketplace subscriptions and licenses.
- To secure the website and prevent abuse.
- To meet legal, tax, and accounting obligations.
4. Legal bases (GDPR)
Where the EU/UK GDPR applies, we rely on: legitimate interests (running and securing our site, responding to B2B enquiries), performance of a contract (delivering and supporting a subscription you purchased), consent (non-essential cookies/embeds, where required), and legal obligation (tax/records).
5. Service providers / sub-processors
| Provider | Purpose | Data |
|---|---|---|
| Amazon Web Services | Marketplace billing/entitlement, software distribution | Subscription metadata |
| Cloudflare, Inc. | DNS, CDN, edge security, cost-scanner worker | IP, request metadata |
| Calendly, LLC | Meeting scheduling (after consent / on interaction) | Name, email, meeting details |
| GitHub, Inc. (Pages) | Static website hosting | IP, request metadata |
A current list is maintained here and in our DPA. We will give notice of material changes to sub-processors that process customer personal data.
6. International transfers
Our providers are primarily US-based. Where personal data is transferred out of the EEA/UK, we rely on the applicable Standard Contractual Clauses / UK IDTA offered by those providers. Counsel to confirm the transfer mechanism and any supplementary measures.
7. Retention
We keep personal data only as long as needed for the purpose it was collected, then delete or anonymize it. Indicative periods by category:
- Enquiry / prospect data (contact form, demo requests): up to 24 months after the last interaction, unless you ask us to delete it sooner.
- Customer-relationship records: for the duration of the relationship and up to 24 months after it ends.
- Billing and tax records: up to 7 years, as required by US tax and accounting law.
- Website security / edge logs (Cloudflare): typically up to 30 days.
DRAFT retention schedule for counsel review -- confirm the periods against your billing, tax, and records-management obligations before relying on them.
8. Your rights
Depending on your location (GDPR / UK GDPR / CCPA-CPRA and similar), you may have rights to access, correct, delete, port, or restrict processing of your personal data, to object to processing, and to withdraw consent. We do not sell or "share" personal information as those terms are defined under the CCPA/CPRA. To exercise any right, email privacy@cloudspectra.ai; we will respond within the timeframes required by applicable law.
9. Security
We apply appropriate technical and organizational measures to the limited personal data we hold. Security questions or reports: security@cloudspectra.ai (see also our responsible disclosure policy).
10. Children
The website and product are intended for businesses; they are not directed to children and we do not knowingly collect data from anyone under 16.
11. Changes & contact
We may update this policy; the "last updated" date above reflects the current version. Questions: privacy@cloudspectra.ai or 1957 Limewood Dr, San Jose, CA 95132, USA.