Privacy Policy

99Stack Cloud is a privacy friendly cloud. We don't collect more information than needed

GDPR Compliance

We are dedicated to GDPR compliance, ensuring robust protection of users privacy rights. Our commitment encompasses meticulous data handling practices, stringent security measures, and transparent policies. Upholding the highest standards, we prioritize user privacy, fostering trust and confidence in our services while adhering to regulatory requirements.

Minimal data collection

99Stack Cloud meticulously minimizes user data collection to prioritize personal information protection. By gathering only essential data necessary for service provision, we uphold stringent privacy standards, fostering trust and security. Our commitment to minimal data collection ensures user confidentiality and adherence to privacy regulations.

Anonymization

To safeguard user privacy, we anonymize data through stringent protocols, removing personally identifiable information. This ensures confidentiality while allowing for effective analysis and service improvement. By anonymizing data, we uphold privacy standards, prioritizing user trust and security in all our operations.

Data stored in EEA

99Stack Cloud adheres to strict data storage policies, exclusively retaining information within the European Economic Area (EEA) to uphold privacy standards. Furthermore, no data is shared with anyone, ensuring complete confidentiality and compliance with regulatory requirements for user data protection and privacy preservation.

Data retention

99Stack Cloud maintains data retention practices aligned with service needs, ensuring information is kept only for the duration necessary to provide services effectively. This approach promotes efficiency, minimizes data storage, and underscores the commitment to safeguarding user privacy and adhering to regulatory standards.

Privacy payments

We prioritize your privacy by providing cryptocurrency payment options, ensuring anonymous transactions. By accepting cryptocurrencies like Bitcoin and Monero, 99Stack Cloud offer enhanced confidentiality, safeguarding your financial information and preserving your anonymity throughout the payment process.

The complete version

When using our services. 99Stack Cloud handles the following data

Customer: Information that is associated with our customers contract, and their service with us. Including but not limited to name, e-mail address, country of residence and the IP-address used to interact with our servers.

Resources: Information about services and active subscriptions associated with your account, including but not limited to servers, storage volumes, software licenses, snapshots and addon services.

Traffic data: Information about which services you interact with and when, via our servers at *.99stack.com. Please note, traffic data does not include direct connections to your servers or other resources.

Analytics: Automatically collected information via the open-source Matomo analytics software: (matomo.org). Information collected includes but is not limited to Country, IP-address, Operating system, Browser and version. Informatio is used to better understand where our visitors are located, you may opt out at any time by using an ad blocker such as Ublock Origin or a privacy respecting browser such as Brave.

Customer data is gathered from

  1. Any information customers provide when they order a service, or when they submit a support ticket.
  2. When you visit our website, or interact with our APIs
  3. IP-address used to login to your account, (automatically deleted after 6 months).
  4. Matomo open source analytics software hosted on our own servers (matomo.org).

What customer data is needed for

Some data is required in order for the service to operate. Most collected data is required for legal reasons. GDPR's rules for lawful handling of personal data are as follows:

  1. The data subject has given his/her consent to the processing of his/her personal data for one or more specific purpose(s).
  2. Processing is necessary for the performance of a contract in which the data subject is party or to take action at the request of the data subject prior to the conclusion of such an agreement.
  3. Processing is necessary for the performance of a legal obligation which is the responsibility of the Controller.
  4. Processing is necessary to protect interests that are of fundamental importance to the data subject or to another person.
  5. Processing is necessary for the performance of a task carried out in the public interest or as part of the exercise of the Controller authority.
  6. Processing is necessary for purposes relating to the legitimate interests of the Controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject are heavier and require the protection of Personal data.

Delivery of service

We need our customers personal information in order to deliver the service that they have ordered from us, or to complete our agreement regarding the delivery of services and products and to ensure the operation and support of our services. We also need customers information for billing services, credit information purposes (crypto currency payments excluded).

Without access to customers personal information in this regard, we may not be able to provide our services to them.

How long do we keep customer data

We will save our customers data as long as they arecustomers, and we will send it to our authorized subcontractors to deliver service as well as for debugging. Some data is kept longer depending on what the data needs to be used for and our obligations under the law.

Once a customer has ended their customer relationship with us, their information will remain with us for 6 months. In order for the information to be as secure as possible during this time, we will archive the customer profile and limit access to it, and after the time runs out, we will delete all remaining information we have about the customer.

Customer data with our providers

We never share any personal data with our infrastructure providers or subcontractors. Information is referenced by a anonymous id used to link a resource to a account within our system only.

Infrastrucutre providers and subcontractors may keep logs over network activity in order to detect and prevent abusive usage or illegal activities. Subcontractors may share such information to us if deemed necessary.

Authorities

We are obliged to disclose data to authorities such as the police and other emergency services, at the request of law and government decisions.

How we protect customer data

We handle our customer data with extreme care. All interaction between us and our subcontractors that contains data is encrypted or made through TLS secured tunnels.

All internal communication between our own servers are made over private network interfaces and secured by TLS. Data stored on disk is encrypted using AES with 256-bit keys or better.

All data is stored within the European Economic Area (EEA), including Switzerland and Norway. No data leaves this area. Backups are securely stored 25 meters below ground in Paris, France, as well as Stockholm, Sweden.

Customers rights

Right of access: Customers have the right to know what personal information we have about them and how we handle it, and they may access it free of charge. The data subject makes a request for information in electronic format, and the information shall be provided in an electronic format which is generally known.

Right to rectification: We are responsible to ensure that the personal information we handle about a customer is accurate and up-to-date. If a customer notices an error, they have the right to request rectification of this information.

Right to erasure: Under certain circumstances a customer has the right to have his/her personal data deleted. This is applied in the following situations:

  1. If the personal data is no longer needed for the purpose(s) for which they have been collected.
  2. If the data has been collected solely on the basis of consent from a customer and they wish to revoke that consent.
  3. If a customer believes that the personal data, after a balance of interests, does not meet legitimate reasons that outweigh the interest or fundamental rights and freedoms.

Right of objection: Right to object the processing of personal data provided by 99Stack Cloud on the basis of a balancing of interests. We need to receive the treatment a customer is opposed to. Then we will only continue to deal with the data if there are compelling legitimate reasons for the personal data to be processed and if these outweigh the customers interests. For marketing purposes, a customer is always entitled to oppose the processing of personal data.

Right of limitation: Our customers may limit our processing of their personal data if they dispute the accuracy of the data, if the processing is illegal or if the data is not required for the purpose of the processing.

Security of information and to prevent abuse of services

We process data in order to ensure the security of our services and communication networks, to detect or prevent any kind of illegal use or use that otherwise violates the terms of the service.

We also process this data to prevent misuse of networks and services and to detect and prevent fraud, spam, hacking & cracking, illegal activites, and other potential threats. Including but not limited to those listed in acceptable use policy.

Our use of cookies

99Stack Cloud does not utilize cookies on any of our websites. However, third-party cookies may be created during visits. The following third-party cookies are utilized:

  1. Cloudflare caching service will place a cookie to keep track of your session ID. This is because Cloudflare cache is used in front of our servers for static content, which serves images, CSS stylesheets, fonts, and scripts used on our websites. Please refer to the Cloudflare privacy policy for more details.
  2. Matomo (self-hosted & open-source) analytics software will place a cookie to keep track of your session ID and monitor your navigation within our websites to help us understand user behavior.

Third-party cookies are not necessary and can be blocked at any time. By exclusively interacting with the 99Stack API and never accessing our websites, no cookies will be placed at all.

Law and dispute

Agreements and disputes must be interpreted and applied in accordance with Swedish law.

In the event of a dispute between 99Stack Cloud and the customer, the parties shall seek to agree first. Disputes arising from interpretation and application shall ultimately be settled in the ordinary courts.

Changes to this privacy policy

99Stack Cloud reserves the right to modify this privacy policy as deemed necessary from time to time or as required by law. Any changes will be promptly posted on the website, and you are considered to have accepted the terms of the privacy policy upon your first use of the service following the revisions.

Recent changes
Updated on: 12 February 2024
  • Updated simplified version with a more extensive view.
  • Updated information about data shared with subprocessors
  • Removed international data processing segment as all data is now in EEA
Updated on: 25 November 2020
  • Added a simplified version
  • Updated information about data sources
  • Updated information about how we obtain data
  • Updated information about what data we collect
  • Updated information about what data is used for
  • Updated information about what data is shared to third subprocessors
  • Updated information about data protection
  • Added information about customer rights in accordance with GDPR regulation
  • Simplified information about cookies
Updated on: 29 December 2019
  • Reducing cookie usage, cookies are only used in dashboard to store your authentication token. Third party cookies store your session ID to allow usage of CDN services.
Created on: 17 September 2017
  • Document was created