Cloudwise MaaS Privacy Policy

1. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to personal information that Cloudwise collects, uses, discloses, and processes when you:

• Access or use the MaaS website (maas.cloudwise.ai);
• Register for, authenticate, or utilize the MaaS API platform;
• Purchase, subscribe to, or consume model services and compute resources;
• Interact with our dashboards, developer tools, or infrastructure services;
• Communicate with our sales, support, or partnership teams via email, chat, or other channels;
• Participate in webinars, events, marketing programs, or beta testing initiatives.

For purposes of this Privacy Policy, "Services" encompasses our website, API gateway, model access endpoints, compute orchestration services, user dashboards, and any related functionality linked to this policy.

Controller vs. Processor Roles:

• Data Controller: Cloudwise acts as the data controller for account registration data, billing information, platform usage analytics, and communication records. We determine the purposes and means of processing this information.
• Data Processor: For content submitted by customers or their authorized users via our API or platform interfaces (“Customer Content”), Cloudwise acts as a data processor. We process such content solely on behalf of our customers, pursuant to our agreements. Customers retain full responsibility for ensuring they possess the necessary rights to submit Customer Content and for complying with applicable data protection laws regarding such content.

2. PERSONAL INFORMATION WE COLLECT

The categories of personal information we collect depend on how you interact with the Services.

(a) Information You Provide Directly

• Account & Registration Data: Name, company name, job title, email address, phone number, billing address, account credentials, and unique account identifiers.
• Billing & Payment Information: We utilize third-party payment processors to handle transactions. We do not directly store full credit card numbers or sensitive financial instrument details. We may receive transaction IDs, billing history, and payment method types from our processors.
• API & Usage Credentials: API keys, secret tokens, project identifiers, and configuration settings.
• Communications: Records of your interactions with our support team, sales inquiries, feedback submissions, and survey responses.
• Event & Marketing Data: Information provided when registering for webinars, conferences, or opting into newsletters.

(b) Information Collected Automatically

When you access or use the Services, certain information is automatically collected:

• Device & Log Data: IP addresses, browser type and version, operating system, device identifiers (e.g., IMEI, MAC address where applicable), time zone settings, and crash reports.
• Usage Analytics: Clickstream data, pages visited, features accessed, session duration, request timestamps, API call volumes, token consumption metrics, and error logs.
• Location Data: Approximate geographic location derived from IP addresses.
• Cookies & Tracking Technologies: We use cookies, pixels, and similar technologies for authentication, security monitoring, fraud detection, performance analytics, and personalization. You may manage cookie preferences through your browser settings, though disabling certain cookies may impact Service functionality.

(c) Information from Third Parties

We may receive personal information from external sources, including:

• Payment processors and identity verification services;
• Analytics and infrastructure providers (e.g., cloud hosting partners);
• Security and fraud prevention vendors;
• Business partners for joint marketing or lead generation activities;
• Publicly available sources or data enrichment providers.

3. How We Use Your Information

We use the information we collect for various purposes:

• Service Delivery: To provide, maintain, and operate the MaaS platform, including routing API requests and executing model inference.
• Account Management: To create and manage user accounts, authenticate users, and provide access controls.
• Transaction Processing: To process payments, issue invoices, and manage subscriptions.
• Support & Communication: To respond to inquiries, provide technical support, and send service-related announcements (e.g., maintenance notices, security alerts).
• Platform Optimization: To monitor API usage patterns, optimize resource allocation, debug issues, and improve overall platform performance and reliability.
• Security & Fraud Prevention: To detect, prevent, and mitigate fraudulent activities, abuse, security vulnerabilities, and unauthorized access.
• Product Development: To conduct research and analytics for developing new features, models, and services.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Marketing: To send promotional communications (subject to your consent and opt-out preferences) and tailor marketing efforts.

We do not sell personal information.

4. MODEL ECOSYSTEM AND INFRASTRUCTURE INTEGRATION

Cloudwise MaaS operates as a sophisticated Model-as-a-Service platform, providing seamless access to a diverse array of artificial intelligence models and compute capabilities. To deliver these services, we maintain integrations with a global network of model developers, infrastructure operators, and technology providers (“Model & Infrastructure Partners”).

Data Flow and Processing:

• Necessary Transmission: To fulfill your API requests and generate model outputs, Customer Content (including prompts and input data) may be transmitted to selected Model & Infrastructure Partners. This transmission is an essential technical component of the service architecture.
• Processing Scope: Partners process such data strictly for the purpose of executing the requested inference tasks and returning results to you via the Cloudwise platform.
• Contractual Safeguards: All Model & Infrastructure Partners are bound by rigorous contractual obligations requiring them to adhere to high standards of data protection, confidentiality, and security. Their processing activities are governed by their respective privacy policies and our master service agreements.
• Platform Independence: Cloudwise functions as an independent platform operator. We reserve the right to dynamically route requests, optimize partner selection, and expand our network of integrated providers to ensure optimal performance, latency, and service availability for our users.

5. DISCLOSURE OF PERSONAL INFORMATION

We may disclose personal information to the following categories of third parties:

• Service Providers: Vendors who assist in hosting, cloud infrastructure, analytics, payment processing, customer relationship management (CRM), email delivery, and security operations.
• Model & Infrastructure Partners: As described in Section 4, for the purpose of processing AI inference requests.
• Professional Advisors: Lawyers, auditors, consultants, and insurers who require access to perform their professional duties.
• Corporate Transactions: In connection with any merger, acquisition, restructuring, divestiture, bankruptcy, or sale of assets, where personal information may be transferred as part of the business assets.
• Legal & Regulatory Authorities: When required by law, subpoena, court order, or to protect the rights, property, and safety of Cloudwise, our users, or the public.
• With Consent: To third parties where you have explicitly consented to such disclosure.

6. DATA SECURITY

We implement reasonable and appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest (where applicable);
• Strict access controls and Role-Based Access Control (RBAC);
• Secure API authentication mechanisms and key management;
• Continuous security monitoring, logging, and regular vulnerability assessments;
• Employee training on data privacy and security practices.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to maintaining industry-standard safeguards.

7. DATA RETENTION

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Criteria for determining retention periods include:

• The duration of the active account relationship;
• Legal, tax, and accounting obligations;
• Requirements for dispute resolution and fraud prevention;
• Statutes of limitation for legal claims.

Upon expiration of the retention period or upon valid user request (subject to exceptions), we will securely delete or anonymize the data. Customer Content retention may vary based on specific service configurations and customer instructions.

8. INTERNATIONAL DATA TRANSFERS

Your personal information may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions where our Model & Infrastructure Partners operate. Data protection laws in these countries may differ from those in your jurisdiction.

Where required by applicable law (e.g., GDPR), we implement appropriate safeguards to ensure adequate protection, such as:

• Standard Contractual Clauses (SCCs) approved by relevant authorities;
• Binding Corporate Rules (BCRs);
• Other legally recognized transfer mechanisms.

9. YOUR RIGHTS AND CHOICES

• Right to Access: Request a copy of the personal information we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal information under certain circumstances.
• Right to Data Portability: Request transfer of your data in a structured, machine-readable format.
• Right to Restrict Processing: Request limitation of processing activities.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent where processing is based on consent.
• Opt-Out of Marketing: Unsubscribe from promotional communications at any time.

To exercise these rights, please contact us at maas@cloudwise.ai. We will respond to your request in accordance with applicable law and may require verification of your identity.

10. NOTICE TO CALIFORNIA RESIDENTS (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:

• Right to Know: Request details on the categories of personal information collected, sources, purposes, and third parties with whom it is shared.
• Right to Delete: Request deletion of personal information, subject to exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt-out of the “sale” or “sharing” of personal information for cross-context behavioral advertising. Cloudwise does not sell personal information. However, certain advertising technologies may constitute “sharing” under CCPA definitions.
• Right to Limit Sensitive Data: Limit the use of sensitive personal information.
• Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

Do Not Sell or Share My Personal Information: You may exercise your opt-out rights by contacting us or using recognized opt-out signals (e.g., Global Privacy Control).

11. NOTICE TO EUROPEAN AND NON-U.S. RESIDENTS (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, Switzerland, and other jurisdictions with comprehensive data protection laws:

• Legal Basis: We process data based on contract performance, legitimate interests, legal obligations, and consent.
• Data Subject Rights: You possess the rights detailed in Section 9, including the right to lodge a complaint with your local supervisory authority.
• Representative: If required, we will appoint a representative in the EEA/UK as per GDPR Article 27.

12. CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information.

13. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites or services not operated by Cloudwise. We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The “Last Updated” date at the top of this document will be revised accordingly. Material changes will be notified via email or prominent notice on our website. Continued use of the Services after such changes constitutes acceptance of the updated policy.

15. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: maas@cloudwise.ai
• Mailing Address:
  401 Lambert Ave
  Palo Alto, California 94306
  United States