Privacy Policy
Last updated: May 20, 2026
This Privacy Policy explains how Clouno Inc. ("SrvBot", "we", "us", "our") collects, uses, and protects personal information when you visit srvbot.io, sign up for our managed hosting service, or otherwise interact with us. By using our services you agree to the practices described below.
Who we are
The data controller for personal information processed under this policy is Clouno Inc., a Delaware corporation trading as SrvBot. You can reach us about privacy matters at [email protected].
Information we collect
Account and billing information. When you sign up at /get-started, we collect the email address you provide, an optional name, the domain you intend to host, your chosen site type and region, and your selected plan and billing period. Payment card details are entered directly into Stripe's Payment Element and are never seen, stored, or processed by us — we receive only a payment method reference, a subscription ID, and billing status from Stripe.
Content you host with us. Our managed hosting service stores and serves whatever content you upload (WordPress installations, static sites, Next.js apps, and any data they process). You remain the controller of that content; we act as a processor. Our Data Processing Agreement at /legal/dpa governs that relationship.
Analytics. We use PostHog (hosted in the EU) to understand how the marketing site is used. Our setup is intentionally minimal: no cookies (analytics state is held in memory and discarded when you close the tab), no automatic event capture, no session recording, and a random per-session identifier rather than a persistent one. We capture page views and a small number of explicit events such as which call-to-action button you clicked.
Server logs. Like any hosted service, our servers log basic request metadata — IP address, user agent, request path, response status, timestamp — for security, abuse prevention, and operational debugging. These logs are retained for a limited operational window and rotated.
How we use information
We use the information we collect to:
- provide and operate the hosting service you signed up for;
- process payments, send invoices and receipts, and manage subscriptions;
- send transactional emails about your account, service status, and security;
- prevent fraud, abuse, and unauthorised access;
- understand how the marketing site is used so we can improve it;
- comply with legal obligations.
We do not sell personal information, and we do not use your data to train machine-learning models.
Legal bases (GDPR / EEA users)
Where the GDPR applies, we rely on the following legal bases:
- Contract — to provide the hosting service you have signed up for, and to take steps you request before entering into a contract.
- Legitimate interests — to keep the service secure, prevent fraud, and analyse aggregated marketing-site usage. We weigh these interests against your rights and use minimal data.
- Legal obligation — to retain billing records and respond to lawful requests.
- Consent — where required, for example for any optional communications you opt into. You can withdraw consent at any time.
Sharing and subprocessors
We share personal information only with the providers that help us run the service:
- Stripe — payment processing, subscription billing, and customer records. Stripe receives your email, name (if provided), domain, site type, region, plan, and card details.
- PostHog (EU hosting) — privacy-conscious product analytics for the marketing site, as described above.
- Sanity — the CMS that stores marketing-site content; it does not receive end-user personal data.
- Cloud infrastructure providers — the servers that host srvbot.io and the customer hosting platform. Logs and operational metadata are processed here.
We do not sell or rent personal information, and we do not share it with third parties for their own marketing purposes.
International transfers
We are based in the United States and our hosting infrastructure spans multiple regions (EU, US, Asia). When you choose a hosting region for your site, your site's runtime data stays in that region. Administrative and billing data may be processed in the US or wherever our service providers operate. Where transfers leave the EEA or UK, we rely on Standard Contractual Clauses or equivalent safeguards.
Retention
We keep account and billing records for as long as your subscription is active and afterwards for the period required by tax, accounting, and legal obligations (typically seven years). Server logs are kept for a short operational window and then deleted or anonymised. Analytics events are retained in aggregate. When you cancel and request deletion, we will delete personal data that we are not required by law to keep.
Your rights
Depending on where you live, you may have the right to:
- access the personal information we hold about you;
- correct inaccurate information;
- delete your information;
- restrict or object to certain processing;
- export your information in a portable format;
- withdraw consent;
- complain to your local data protection authority.
To exercise any of these rights, email [email protected]. We will respond within the timeframe required by applicable law, typically within thirty days.
California residents have additional rights under the CCPA/CPRA, including the right to know what personal information we collect, request deletion, and opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information in the sense those terms are used in California law.
Cookies and tracking
The srvbot.io marketing site does not set tracking cookies. The checkout flow uses Stripe, which sets cookies inside its iframe necessary for fraud prevention and payment processing — these are essential to completing a payment. We do not use advertising cookies, cross-site trackers, or third-party tag managers.
Security
We protect personal information with industry-standard measures including TLS in transit, encryption of secrets and credentials at rest, restricted administrative access, and audit logging. No system is perfectly secure; if we ever experience a breach affecting your personal information we will notify you and the relevant authorities as required by law.
Children
Our service is not directed to children under sixteen, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.
Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of the page. Material changes will be announced via email or a notice on the site before they take effect.
Contact
Questions about this policy or your personal data can be sent to [email protected]. For data-processing matters that fall under the Data Processing Agreement at /legal/dpa, follow the contact instructions there.