MamuteCloud Privacy Policy

Information We Collect

Account Information

When you register for a MamuteCloud account, we collect information necessary to create and manage your account, including your full name, email address, encrypted password, and company information if applicable. For payment processing, we collect billing information such as credit card details, billing addresses, and tax identification numbers where required by law. We use industry-standard PCI-DSS certified payment processors to handle all payment card information securely.

Service Usage Data

To provide and improve our services, we collect detailed logs of your service usage. This includes CDN traffic metrics, DNS query logs, Object Storage access patterns, bandwidth consumption, request counts, and geographic distribution of traffic. We monitor cache hit rates, origin server response times, and error rates to optimize service delivery and troubleshoot technical issues.

Technical Information

Our systems automatically collect technical data to operate and secure our infrastructure. This includes IP addresses of origin servers and end users, HTTP headers and user agents, SSL/TLS certificate information, and timestamps of service access. We log purge requests, configuration changes, and API calls to maintain system integrity and provide audit trails.

Communications and Support

When you contact our support team, we retain records of your communications, including emails, chat transcripts, support tickets, and any files or screenshots you share. This information helps us resolve issues efficiently and improve our support services.

Activity and Timeline Data

Our platform maintains an activity log that records account events, configuration changes, resource creation and deletion, and notes or tasks created within the system. This timeline helps you track your account activity and provides transparency in service operations.

How We Use Your Information

Service Delivery and Operations

We use your information primarily to deliver, maintain, and improve our CDN, DNS, Object Storage, and related services. This includes processing your content through our global network, resolving DNS queries, managing SSL/TLS certificates, and storing objects in our distributed storage system. We monitor service performance to ensure optimal delivery and reliability.

Billing and Account Management

Your billing information enables us to process payments, calculate usage charges, apply promotional credits, and generate invoices. We implement a credit-based system where usage thresholds and notification preferences may vary by account. Our billing system tracks ongoing charges that are still accumulating and paid amounts already deducted from your account balance. When your account balance reaches configured thresholds or becomes negative, we send automated notifications and may temporarily pause services until payment is received.

Security and Fraud Prevention

We analyze usage patterns and access logs to detect and prevent fraudulent activity, abuse, and security threats. This includes monitoring for distributed denial-of-service (DDoS) attacks, unauthorized access attempts, and violations of our Acceptable Use Policy. We maintain detailed audit logs to investigate security incidents and comply with legal requirements.

Service Improvement and Analytics

We aggregate and anonymize usage data to analyze service performance, identify optimization opportunities, and develop new features. This aggregated data cannot be used to identify individual users and helps us improve our infrastructure and service offerings.

Communications

We send transactional emails related to your account and service usage, including account verification, payment confirmations, service notifications, and security alerts. We also send administrative notices about changes to our services, terms, or policies. Marketing communications are sent only with your explicit consent, and you can opt out at any time.

Data Sharing and Disclosure

Third-Party Service Providers

We engage trusted third-party service providers to support our operations. Payment processors handle credit card transactions securely under PCI-DSS compliance. Infrastructure providers host our services under strict Data Processing Agreements (DPAs). These providers access only the minimum data necessary to perform their functions and are contractually obligated to protect your information.

Legal Requirements and Compliance

We may disclose your information when required by law, such as in response to valid court orders, subpoenas, or government requests. We cooperate with law enforcement agencies to investigate illegal activities, enforce our policies, and protect the rights and safety of our users and services. Before disclosing information, we carefully review each request to ensure it meets legal requirements.

Business Transfers

If MamuteCloud undergoes a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control and provide options regarding your information if legally required.

Whitelabel and Reseller Relationships

For accounts operating under whitelabel arrangements, we share relevant account and usage data with the authorized reseller. Each reseller operates under a separate commercial agreement and is responsible for their relationship with end customers. Data shared with resellers is limited to information necessary for account management and billing within their tenant.

Aggregate and Anonymized Data

We may share aggregated, anonymized statistics about our services, such as traffic patterns, geographic distribution, and service performance metrics. This data cannot be used to identify individual users or accounts.

Data Storage and Security

Security Measures

We implement comprehensive security controls to protect your data. All data transmission occurs over TLS 1.3 encrypted connections. Sensitive data at rest is encrypted using AES-256 encryption. Our infrastructure undergoes regular security audits and vulnerability assessments. We employ intrusion detection systems, network monitoring, and access controls to prevent unauthorized access.

Data Center Infrastructure

Your data is stored in SOC 2 Type II and ISO 27001 certified data centers with redundant power, cooling, and network connectivity. We maintain geographically distributed backups to ensure data durability and disaster recovery capabilities. Access to physical data centers is strictly controlled and monitored.

Access Controls

Access to customer data is restricted to authorized personnel who require it to perform their job functions. All access is logged and regularly audited. We enforce multi-factor authentication for administrative access and maintain strict role-based access control policies.

Data Retention

We retain your account information and service data for as long as your account remains active. Usage logs and CDN access logs are retained for 90 days for operational and security purposes. Billing records and invoices are maintained for seven years to comply with tax and accounting regulations. Audit logs related to security and compliance are retained for 12 months.

When you close your account, we delete your account information and content within 30 days, subject to legal retention requirements. Backup systems may retain data for up to 90 days before permanent deletion.

Your Rights and Choices

Access and Portability

You have the right to access the personal information we hold about you. You can export your account data, including configurations, usage reports, and stored content, through your dashboard or by contacting our support team at support@mamutecloud.com with subject line "Data Access Request".

Correction and Deletion

You may update your account information at any time through your account settings. If you wish to delete your account, you can initiate account closure through your dashboard. Upon account deletion, we will remove your personal information and content, subject to legal retention obligations.

Data Protection Rights (GDPR/LGPD/CCPA)

Depending on your location, you may have rights under applicable data protection laws including GDPR (European Union), LGPD (Brazil), or CCPA (California), including the right to rectification, erasure, restriction of processing, data portability, and objection to processing. You may also withdraw consent where processing is based on consent. To exercise these rights, contact us at support@mamutecloud.com with subject line "Privacy Rights Request".

Marketing Communications

You can unsubscribe from marketing emails by clicking the unsubscribe link in any marketing message or by updating your communication preferences in your account settings. Transactional and service-related communications cannot be opted out of while your account remains active.

Cookies and Tracking Technologies

Essential Cookies

We use essential cookies to enable core functionality, including user authentication, session management, security features, and preference storage. These cookies are necessary for our services to function properly.

Analytics Cookies

We use analytics services to understand how users interact with our platform. These analytics tools collect information about page views, feature usage, and navigation patterns. We configure analytics services to anonymize IP addresses and respect user privacy settings.

Cookie Management

Most web browsers allow you to control cookies through their settings. You can configure your browser to refuse cookies or alert you when cookies are being sent. Note that disabling essential cookies may affect your ability to use certain features of our services.

International Data Transfers

MamuteCloud operates a global infrastructure to provide low-latency services worldwide. Your data may be processed and stored in multiple jurisdictions, including locations outside your country of residence. We ensure that international data transfers comply with applicable data protection laws through appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission for transfers to and from the EU.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify you by email at least 30 days before the changes take effect. We will also update the "Last Updated" date at the top of this policy. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

MamuteCloud Support Team

Email: support@mamutecloud.com

• For privacy-related inquiries: Use subject line "Privacy Inquiry"
• For data access requests: Use subject line "Data Access Request"
• For privacy rights requests: Use subject line "Privacy Rights Request"
• For general support: Use subject line "General Support"
• For billing inquiries: Use subject line "Billing Inquiry"
• For abuse reports: Use subject line "Abuse Report"