CloudPort
EN登录开通 Pro
当前是 staging 环境:注册开启,支付开启;Stripe 测试模式不会产生真实扣款。
返回

Privacy Policy

Effective Date: May 4, 2026

Apeonwheels Inc., a Delaware corporation, operates CloudPort and related websites, panels, support channels, and billing flows. This policy explains what personal information we collect, how we use it, how long we keep it, and what choices and rights users may have.

This is a production draft for launch preparation, not a substitute for legal advice. Before public launch, replace bracketed placeholders and have counsel review the final policy for your exact markets, payment flows, tax setup, and infrastructure.

Contact

Controller / business: Apeonwheels Inc.

Mailing address: [Apeonwheels Inc. mailing address]

Privacy contact: privacy@apeonwheels.com

Support contact: support@apeonwheels.com

Delaware consumer privacy complaint contact: privacy@delaware.gov

Scope

This policy covers CloudPort account registration, user panel, order and subscription management, support tickets, service status, diagnostics, and legal/compliance operations.

It does not cover third-party websites, apps, payment processors, client software, or services that have their own privacy notices.

Information We Collect

  • Account information: email address, display name, password hash, role, account status, plan, device limit, traffic limit, subscription token, and login timestamps.
  • Billing information: order IDs, plan, amount, currency, payment status, Stripe customer, Checkout Session, subscription, invoice, refund, dispute, and webhook identifiers. We do not store full card numbers.
  • Usage and diagnostic metadata: total traffic volume, node selected, node status, approximate latency, device count, connection timestamps where needed for abuse prevention, and operational logs.
  • Support information: ticket subject, message, priority, status, replies, attachments if enabled later, and related account metadata.
  • Security information: IP address, user agent, authentication events, failed login attempts, administrative changes, audit logs, and abuse signals.
  • Communications: emails or other messages you send to us and messages we send to you.

Information We Do Not Intentionally Collect

  • We do not intentionally collect Social Security numbers, government ID numbers, health data, biometric data, precise geolocation, or children's data.
  • We do not intentionally inspect, store, or sell the content of user traffic.
  • We do not intentionally log browsing history, DNS queries, destination URLs, message contents, or application payloads as part of ordinary service operation.
  • We do not use traffic metadata for advertising or cross-context behavioral profiling.

Operational reality matters. Network providers, payment processors, operating systems, firewalls, and security tools may process technical metadata to keep the service secure and available. We design the service to minimize and segregate that data.

How We Use Information

  • Provide accounts, subscriptions, service status, support, and customer communications.
  • Process orders, renewals, refunds, disputes, invoices, taxes, and payment risk checks.
  • Enforce device limits, traffic limits, abuse controls, fraud prevention, security monitoring, and acceptable use rules.
  • Maintain node availability, troubleshoot incidents, calculate costs, and improve reliability.
  • Comply with legal obligations, sanctions, lawful requests, tax requirements, accounting, and corporate recordkeeping.
  • Protect the rights, safety, property, and security of users, Apeonwheels Inc., and third parties.

Legal Bases for EU/UK Users

Where GDPR or UK GDPR applies, we rely on these legal bases:

  • Contract: account creation, subscription management, service delivery, support, and billing.
  • Legitimate interests: service security, abuse prevention, fraud prevention, diagnostics, business analytics, and product improvement.
  • Legal obligation: tax, accounting, lawful requests, sanctions, and regulatory obligations.
  • Consent: optional marketing, non-essential cookies, or optional diagnostics if enabled later.

How We Share Information

We share personal information only as needed for the purposes above:

  • Payment processors, including Stripe, for billing, subscriptions, fraud controls, refunds, and disputes.
  • Hosting, infrastructure, CDN, DNS, email, logging, monitoring, and support vendors.
  • Professional advisers, including legal, accounting, security, compliance, and insurance providers.
  • Government, law enforcement, courts, regulators, or private parties when legally required or necessary to protect rights and safety.
  • Corporate transaction counterparties if we are involved in a merger, acquisition, financing, restructuring, or sale of assets.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising unless a future product change is disclosed and legally enabled with the required choices.

Cookies and Similar Technologies

The local service uses an essential session cookie for login and CSRF protection. Production may add analytics, performance, or support cookies only after they are disclosed in the Cookie Policy and configured with appropriate consent or opt-out controls where required.

Retention

  • Account records: kept while the account is active and for up to 3 years after closure unless a longer period is required for legal, tax, accounting, dispute, or security reasons.
  • Billing records: generally kept for 7 years for accounting, tax, dispute, and audit purposes.
  • Support tickets: generally kept for 3 years after closure.
  • Security and access logs: generally kept for 30 to 180 days, unless needed for investigation, abuse prevention, legal hold, or incident response.
  • Aggregated or de-identified metrics: may be kept longer if they cannot reasonably identify a user.

Users may request deletion, but we may retain information where required or permitted by law, including billing records, fraud prevention data, security logs, and records needed to resolve disputes.

Security

We use administrative, technical, and organizational safeguards designed to protect personal information, including password hashing, session protection, role-based access, audit logs, limited administrative access, encryption in transit for production, and secret management practices.

No service can guarantee perfect security. Users must protect their credentials, use strong passwords, and notify us promptly about suspected unauthorized access.

Your Rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict processing of personal information, opt out of certain uses, or appeal a denied request.

Delaware residents may have rights under the Delaware Personal Data Privacy Act. If we deny a Delaware consumer request, the consumer may contact the Delaware Department of Justice at privacy@delaware.gov.

California residents may have rights under the CCPA/CPRA, including rights to know, delete, correct, opt out of sale or sharing, limit certain sensitive personal information uses, and non-discrimination.

EU and UK users may have GDPR rights, including access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority.

To exercise rights, contact privacy@apeonwheels.com. We may need to verify your identity before fulfilling a request.

International Transfers

We are based in the United States and may process information in the United States and other countries where our providers operate. Where legally required, we use appropriate transfer mechanisms and contractual safeguards.

Children

CloudPort is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child provided personal information, contact privacy@apeonwheels.com.

Lawful Requests and Abuse

We may preserve or disclose information if required by law or if we believe disclosure is necessary to investigate abuse, protect users, maintain security, enforce our terms, or respond to lawful process.

Changes

We may update this policy. We will post the revised version with a new effective date and, where required, provide additional notice.

Sources Considered for This Draft

  • Delaware Department of Justice, Delaware Personal Data Privacy Act FAQ: https://attorneygeneral.delaware.gov/fraud/personal-data-privacy-portal/frequently-asked-questions/
  • Delaware Department of Justice, Data Security Breaches: https://attorneygeneral.delaware.gov/fraud/cpu/securitybreachnotification/
  • FTC Privacy and Security guidance: https://www.ftc.gov/business-guidance/privacy-security
  • California Attorney General CCPA page: https://oag.ca.gov/privacy/ccpa
  • European Commission GDPR information for individuals and organizations: https://commission.europa.eu/law/law-topic/data-protection_en