Privacy Policy

99Stack Cloud is a privacy friendly cloud. We don't collect more information than needed

This privacy policy applies to you, (the customer using our service) and us (99Stack Cloud). This privacy policy applies to our use of data collected by us, or provided by you in relation to your use of the service.

The simple Version

  • 99Stack Cloud handles customer data according to the General Data Protection Regulation, also called GDPR.
  • 99Stack Cloud does not request more information than necessary for our customers to enter an agreement with us.
  • 99Stack Cloud does not request more information than necessary to deliver the service that our customers have ordered.
  • 99Stack Cloud only transfers customer information to subcontractors that are approved by us, and only for the purpose of being able to deliver the service.
  • 99Stack Cloud only keeps necessary information about customers as long as they are our customers. Billing and certain financial data are securely stored with us for a longer period when it is governed by the Accounting Act.

The complete version

When using our services. 99Stack Cloud handles the following data

Customer: Information that is associated with our customers contract, and their service with us. Including but not limited to name, e-mail address, country of residence and the IP-address used to interact with our servers.

Resources: Information about services and active subscriptions associated with your account, including but not limited to servers, storage volumes, software licenses, snapshots and addon services.

Traffic data: Information about which services you interact with and when, via our servers at *.99stack.com. Please note, traffic data does not include direct connections to your servers or other resources.

Analytics: Automatically collected information via the open-source Matomo analytics software: (matomo.org). Information collected includes but is not limited to Country, IP-address, Operating system, Browser and version. Informatio is used to better understand where our visitors are located, you may opt out at any time by using an ad blocker such as Ublock Origin or a privacy respecting browser such as Brave.

Customer data is gathered from

  1. Any information customers provide when they order a service, or when they submit a support ticket.
  2. When you visit our website, or interact with our APIs
  3. IP-address used to login to your account, (automatically deleted after 6 months).
  4. Matomo open source analytics software hosted on our own servers (matomo.org).

What customer data is needed for

Some data is required in order for the service to operate. Most collected data is required for legal reasons. GDPR's rules for lawful handling of personal data are as follows:

  1. The data subject has given his/her consent to the processing of his/her personal data for one or more specific purpose(s).
  2. Processing is necessary for the performance of a contract in which the data subject is party or to take action at the request of the data subject prior to the conclusion of such an agreement.
  3. Processing is necessary for the performance of a legal obligation which is the responsibility of the Controller.
  4. Processing is necessary to protect interests that are of fundamental importance to the data subject or to another person.
  5. Processing is necessary for the performance of a task carried out in the public interest or as part of the exercise of the Controller authority.
  6. Processing is necessary for purposes relating to the legitimate interests of the Controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject are heavier and require the protection of Personal data.

Delivery of service

We need our customers personal information in order to deliver the service that they have ordered from us, or to complete our agreement regarding the delivery of services and products and to ensure the operation and support of our services. We also need customers information for billing services, credit information purposes (crypto currency payments excluded).

Without access to customers personal information in this regard, we may not be able to provide our services to them.

How long do we keep customer data

We will save our customers data as long as they arecustomers, and we will send it to our authorized subcontractors to deliver service as well as for debugging. Some data is kept longer depending on what the data needs to be used for and our obligations under the law.

Once a customer has ended their customer relationship with us, their information will remain with us for 6 months. In order for the information to be as secure as possible during this time, we will archive the customer profile and limit access to it, and after the time runs out, we will delete all remaining information we have about the customer.

Customer data with our providers

We never share any personal data with our infrastructure providers or subcontractors. Information is referenced by a anonymous id used to link a resource to a account within our system only.

Infrastrucutre providers and subcontractors may keep logs over network activity in order to detect and prevent abusive usage or illegal activities. Subcontractors may share such information to us if deemed necessary.

Authorities

We are obliged to disclose data to authorities such as the police and other emergency services, at the request of law and government decisions.

How we protect customer data

We handle our customer data with extreme care. All interaction between us and our subcontractors that contains data is encrypted or made through TLS secured tunnels.

All internal communication between our own servers are made over private network interfaces and secured by TLS. Data stored on disk is encrypted using AES with 256-bit keys.

Data is stored in a globally distrubuted cluster of secured dedicated database servers. Servers are located in the following regions: Oregon - USA, Virginia - USA, Dublin - Ireland, Frankfurt - Germany, Mumbai - India, Seoul - South Korea.

Customers rights

Right of access: Customers have the right to know what personal information we have about them and how we handle it, and they may access it free of charge. The data subject makes a request for information in electronic format, and the information shall be provided in an electronic format which is generally known.

Right to rectification: We are responsible to ensure that the personal information we handle about a customer is accurate and up-to-date. If a customer notices an error, they have the right to request rectification of this information.

Right to erasure: Under certain circumstances a customer has the right to have his/her personal data deleted. This is applied in the following situations:

  1. If the personal data is no longer needed for the purpose(s) for which they have been collected.
  2. If the data has been collected solely on the basis of consent from a customer and they wish to revoke that consent.
  3. If a customer believes that the personal data, after a balance of interests, does not meet legitimate reasons that outweigh the interest or fundamental rights and freedoms.

Right of objection: Right to object the processing of personal data provided by 99Stack Cloud on the basis of a balancing of interests. We need to receive the treatment a customer is opposed to. Then we will only continue to deal with the data if there are compelling legitimate reasons for the personal data to be processed and if these outweigh the customers interests. For marketing purposes, a customer is always entitled to oppose the processing of personal data.

Right of limitation: Our customers may limit our processing of their personal data if they dispute the accuracy of the data, if the processing is illegal or if the data is not required for the purpose of the processing.

Security of information and to prevent abuse of services

We process data in order to ensure the security of our services and communication networks, to detect or prevent any kind of illegal use or use that otherwise violates the terms of the service.

We also process this data to prevent misuse of networks and services and to detect and prevent fraud, spam, hacking & cracking, illegal activites, and other potential threats. Including but not limited to those listed in acceptable use policy.

Our use of cookies

99Stack Cloud does not use cookies on any of our websites. Third party cookies will however be created during visits. The following third party cookies are used:

  1. Cloudflare caching service will place a cookie to keep track of your session id, this is because Cloudflare cache is used in front of our servers for static content, which serve images, css stylesheets, fonts and scripts used on our websites. Please refer to cloudflare privacy policy for more details.
  2. Matomo analytics software will palce a cookie to keep track of your session id and monitor your navigation within our websites to help us understand users behaviour.

Third party cookies are not required and may at any time be blocked. By solely interacting with 99Stack API only and never accessing our websites, no cookies will be placed at all.

Law and dispute

Agreements and disputes must be interpreted and applied in accordance with Swedish law.

In the event of a dispute between 99Stack Cloud and the customer, the parties shall seek to agree first. Disputes arising from interpretation and application shall ultimately be settled in the ordinary courts.

International transfers of data

Data which we collect from you may be stored and processed in and transferred to countries outside of the European Economic Area (EEA). For example, this could occur if our servers are located in a country outside the EEA or one of our service providers is situated in a country outside the EEA.

If we transfer Data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy. You expressly agree to such transfers of data.

Changes to this privacy policy

99Stack Cloud reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the website and you are deemed to have accepted the terms of the privacy policy on your first use of the service following the alterations.

Recent changes
Updated on: 25 November 2020
  • Added a simplified version
  • Updated information about data sources
  • Updated information about how we obtain data
  • Updated information about what data we collect
  • Updated information about what data is used for
  • Updated information about what data is shared to third subprocessors
  • Updated information about data protection
  • Added information about customer rights in accordance with GDPR regulation
  • Simplified information about cookies
Updated on: 29 December 2019
  • Reducing cookie usage, cookies are only used in dashboard to store your authentication token. Third party cookies store your session ID to allow usage of CDN services.
Created on: 17 September 2017
  • Document was created