Privacy Policy

1. Introduction

Welcome to Oblien LLC ("Oblien," "we," "us," or "our"). We provide cloud hosting, application deployment, domain management, SSL provisioning, and developer tools to help you build, deploy, and scale your applications effortlessly.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our services, visit our website, or interact with our platform. By using Oblien's services, you consent to the practices described in this policy.

We are committed to transparency and protecting your privacy in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

We collect various types of information to provide and improve our services:

2.1 Personal Information

• Account Information: Name, email address, username, password (encrypted), and profile picture
• Billing Information: Payment card details, billing address, tax ID, and transaction history (processed securely through third-party payment processors)
• Communication Data: Support tickets, feedback, survey responses, and email correspondence
• Identity Verification: In certain cases, we may require government-issued ID or business registration documents to prevent fraud

2.2 Technical and Usage Data

• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Usage Logs: Pages visited, features used, time spent on platform, click patterns, and navigation paths
• Performance Metrics: API requests, response times, error rates, and service uptime statistics
• Referral Data: How you found our service (search engines, social media, partner referrals)

2.3 Deployment and Application Data

• Source Code & Repositories: Code you deploy, repository links (GitHub, GitLab, Bitbucket), branch information
• Build Logs: Deployment logs, build outputs, error messages, and debugging information
• Environment Variables: Configuration settings, API keys, and secrets you store on our platform (encrypted at rest)
• Domain Information: Custom domains, DNS records, SSL certificate details, and WHOIS data
• Application Content: Files, databases, media assets, and user-generated content hosted on our infrastructure

2.4 Cookies and Tracking Technologies

• Essential Cookies: Required for authentication, session management, and platform functionality
• Analytics Cookies: Used to understand user behavior, improve our services, and optimize performance
• Preference Cookies: Remember your settings, language preferences, and theme choices
• Third-Party Tracking: We use privacy-focused analytics tools and may integrate with services like Google Analytics

2.5 Information from Third Parties

• OAuth Providers: Profile information from GitHub, GitLab, Google, or other authentication services you connect
• Payment Processors: Transaction confirmation and payment status from Stripe, PayPal, or other payment partners
• Infrastructure Providers: Server performance data from AWS, Hetzner, OVH Cloud, and other hosting partners

3. How We Use Your Data

We use the information we collect for the following purposes:

3.1 Service Delivery and Platform Operations

• Provision hosting infrastructure, deploy applications, and manage your domains
• Process payments, manage subscriptions, and generate invoices
• Authenticate users, maintain sessions, and enforce access controls
• Monitor system performance, troubleshoot errors, and ensure service reliability
• Provide technical support and respond to your inquiries

3.2 Service Improvement and Development

• Analyze usage patterns to improve platform features and user experience
• Develop new products, tools, and integrations based on user needs
• Conduct A/B testing and performance optimization experiments
• Generate anonymized analytics and aggregate statistics for internal research

3.3 Security and Abuse Prevention

• Detect, prevent, and respond to fraud, abuse, and security incidents
• Identify suspicious activity, DDoS attacks, and unauthorized access attempts
• Enforce our Terms of Service and investigate violations
• Comply with legal obligations, court orders, and law enforcement requests
• Implement rate limiting, resource quotas, and fair usage policies

3.4 Communication and Marketing

• Send transactional emails (account notifications, deployment status, billing alerts)
• Provide product updates, feature announcements, and service changes
• Send promotional content and special offers (only with your consent, and you can opt out anytime)
• Conduct surveys and request feedback to improve our services

3.5 Legal and Compliance

• Fulfill legal and regulatory requirements (tax reporting, data retention laws)
• Protect our rights, property, and safety, and that of our users and partners
• Resolve disputes, enforce agreements, and defend against legal claims

4. How We Share Your Data

We do not sell your personal information to third parties. However, we may share data in the following circumstances:

4.1 Infrastructure and Cloud Service Providers

Your data is hosted and processed using trusted infrastructure providers. We use industry-leading providers to ensure reliability, security, and global availability:

• Amazon Web Services (AWS): US-based cloud infrastructure for compute, storage, and databases
• Hetzner Online GmbH: Germany-based and EU data center hosting for European deployments
• OVH Cloud (OVHcloud): France-based and EU infrastructure for additional European presence

These providers are bound by strict data processing agreements and comply with GDPR, SOC 2, ISO 27001, and other security standards.

4.2 Payment Processors

• Stripe: Handles credit card payments, subscriptions, and billing (PCI-DSS compliant)
• PayPal: Alternative payment processing for global transactions
• We do not store full credit card numbers on our servers; payment data is tokenized and secured by our processors

4.3 Analytics and Monitoring Tools

• Google Analytics: Website traffic analysis and user behavior tracking (anonymized IP)
• Sentry or Similar Tools: Error tracking and performance monitoring for debugging
• Logging Services: Centralized logging for security audits and compliance

4.4 Third-Party Integrations

• GitHub, GitLab, Bitbucket: Repository access for deployment automation (with your explicit authorization)
• DNS Providers: Domain registrars and DNS services for domain management
• CDN Providers: Content delivery networks for faster global asset distribution
• Email Services: Transactional email platforms (SendGrid, AWS SES, etc.) for notifications

4.5 Legal Requirements and Protection

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, subpoenas, or regulatory requests
• Protect and defend our rights, property, and safety, or that of our users
• Investigate fraud, abuse, or violations of our Terms of Service
• Prevent harm, illegal activity, or security threats

4.6 Business Transfers

If Oblien is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the successor entity. We will notify you of any such change and how it affects your data.

4.7 With Your Consent

We may share your information with other third parties when you give us explicit permission to do so.

5. International Data Transfers

Oblien operates globally, and your data may be transferred to, stored, and processed in countries outside your own, including the United States and European Union.

When we transfer data internationally, we ensure appropriate safeguards are in place:

• GDPR Compliance: We use Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy Decisions: We transfer data to countries recognized by the EU as providing adequate protection
• Data Processing Agreements: All third-party processors sign agreements ensuring GDPR-level protection
• Encryption in Transit: All data transfers are encrypted using TLS 1.2+ protocols

By using our services, you acknowledge and consent to the international transfer of your data as described in this policy.

6. Data Retention and Deletion

6.1 How Long We Keep Your Data

We retain your data for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Active Accounts: Data is retained while your account is active
• Closed Accounts: Data may be retained for up to 90 days after account closure for backup and recovery purposes
• Billing Records: Retained for 7 years to comply with tax and accounting regulations
• Legal Requirements: Some data may be retained longer if required by law or to defend legal claims
• Anonymized Data: Aggregated and anonymized analytics may be retained indefinitely for research and improvement

6.2 How to Delete Your Data

You have the right to request deletion of your personal information:

• Account Deletion: Go to your account settings and select "Delete Account," or contact us at privacy@oblien.com
• Data Removal: Upon account deletion, we will permanently delete or anonymize your personal data within 30 days
• Backup Retention: Data in backups may persist for up to 90 days before being permanently erased
• Legal Exceptions: We may retain certain data if required by law or to resolve disputes

7. Security Measures

We take security seriously and implement industry-standard measures to protect your data from unauthorized access, disclosure, alteration, or destruction:

7.1 Technical Safeguards

• Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.2+)
• Access Controls: Role-based access controls (RBAC) and principle of least privilege
• Authentication: Multi-factor authentication (MFA) available for all accounts
• Password Security: Passwords hashed using bcrypt or Argon2 with salt
• API Security: Rate limiting, OAuth 2.0, and API key management
• Network Security: Firewalls, DDoS protection, and intrusion detection systems

7.2 Organizational Safeguards

• Employee Training: Regular security awareness and data protection training
• Access Audits: Logging and monitoring of all data access and administrative actions
• Third-Party Audits: Regular security assessments and penetration testing
• Incident Response: Defined procedures for detecting, responding to, and reporting security incidents

7.3 Your Responsibility

Security is a shared responsibility. You should:

• Use strong, unique passwords and enable MFA on your account
• Keep your API keys and access tokens confidential
• Regularly review account activity and report suspicious behavior
• Ensure your deployed applications follow security best practices

7.4 Security Disclaimer

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet or stored in cloud infrastructure. You use our services at your own risk.

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by law within 72 hours of discovery.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 GDPR Rights (European Economic Area)

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal information
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes (e.g., direct marketing)
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 CCPA Rights (California Residents)

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal data)
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your rights

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@oblien.com
• Subject Line: "Privacy Rights Request - [Your Name]"
• Include: Your account email, specific request, and proof of identity (if required)

We will respond to your request within 30 days for GDPR requests and 45 days for CCPA requests. In some cases, we may extend this period and will notify you of the extension.

9. Cookies and Tracking Technologies

9.1 What Cookies We Use

Cookies are small text files stored on your device that help us provide and improve our services:

• Strictly Necessary Cookies: Essential for platform functionality (login sessions, security, preferences)
• Performance Cookies: Help us understand how users interact with our platform (Google Analytics, Mixpanel)
• Functional Cookies: Remember your preferences (language, theme, dashboard layout)
• Targeting/Advertising Cookies: Currently not used, but may be implemented in the future with your consent

9.2 Analytics and Tracking

• Google Analytics: We use Google Analytics with IP anonymization to understand traffic and user behavior
• Session Recording: We may use tools like Hotjar or FullStory to replay user sessions for UX improvement (with notice)
• Error Tracking: Sentry or similar tools capture errors and stack traces to improve platform stability

9.3 Cookie Management

You can control cookies through:

• Browser Settings: Most browsers allow you to block or delete cookies
• Cookie Consent Banner: Manage your cookie preferences through our consent tool
• Opt-Out Tools: Use browser extensions or privacy tools to block tracking

Note: Disabling essential cookies may affect platform functionality and prevent you from using certain features.

9.4 Do Not Track (DNT)

We currently do not respond to "Do Not Track" signals from browsers. We will update this policy if our DNT practices change.

10. Children's Privacy

Oblien's services are not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@oblien.com, and we will delete the information within 30 days.

By using our services, you represent that you are at least 18 years old or have reached the age of majority in your jurisdiction, or that you have parental consent to use our services.

11. Third-Party Links and Services

Our platform may contain links to third-party websites, applications, or services (e.g., GitHub, GitLab, documentation sites). This Privacy Policy does not apply to those external services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you use.

When you authorize third-party integrations (e.g., connecting your GitHub account), you are subject to both our policy and the third party's privacy policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make changes, we will:

• Update the "Effective Date" at the top of this policy
• Notify you via email if the changes are material and affect your rights
• Post a notice on our website and dashboard for at least 30 days
• Request your consent for significant changes if required by law

Your continued use of Oblien's services after the effective date of the updated policy constitutes acceptance of the changes. If you do not agree with the updated policy, you may close your account.

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority.

14. Data Processing Addendum (DPA)

If you are a business customer processing personal data using Oblien's services, you may be acting as a data controller, and we may be acting as a data processor.

For enterprise customers requiring a formal Data Processing Agreement (DPA) to comply with GDPR Article 28, please contact us at legal@oblien.com to request our standard DPA template.

15. California Shine the Light Law

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. As stated in this policy, we do not share personal information with third parties for their direct marketing purposes.

If you have questions, please contact us at privacy@oblien.com.