Effective date: May 7, 2026
This Privacy Policy explains how REDU CLOUD LTD (“we”, “us”, “our”) collects, uses, stores, shares, and protects personal data when you access or use redu.cloud.redu.cloud is a cloud infrastructure service operated by Redu Cloud Ltd.
If you have questions or requests related to privacy, contact us at office@redu.cloud.
The Data Controller for account, billing, website, support, security, and business relationship data is:
For account, billing, website, support, security, and business relationship data, REDU CLOUD LTD acts as the Data Controller.
Where a business customer uses the Services to host, store, transmit, or process personal data about its own users, customers, employees, or other individuals, the customer is generally the Controller and REDU CLOUD LTD may act as a Processor or service provider, depending on the circumstances.
We have not appointed a Data Protection Officer. Privacy requests can be sent to office@redu.cloud.
This Policy applies to our website, platform, and cloud services, including account registration and authentication, billing and invoicing, customer support, security monitoring, platform usage, startup program applications, and other interactions with us.
This Policy also explains how we handle personal data connected to customer use of cloud infrastructure resources. Customers are responsible for the content, applications, and data they choose to deploy, host, transmit, or process through the Services.
B2B / professional use: redu.cloud is intended for business customers, including startups, development teams, companies, freelancers, and registered entrepreneurs or sole proprietors acting in a professional capacity. We do not target the Services to consumers acting purely in a personal capacity.
Accounts may be created by users in the UK, Serbia, the EU, and other countries, subject to applicable law and any sanctions, export control, fraud prevention, or compliance restrictions described in our Terms of Service.
Registration and authentication are provided through an identity and access management system. Depending on your configuration and usage, we may process:
We may allow you to create an account or sign in using third-party identity providers, such as Google or GitHub. When you use third-party sign-in, we typically receive basic account information from the provider, such as:
We do not receive your password for the third-party account. We use this information to authenticate you and create or link your redu.cloud account.
Because the Services are offered for business and professional use, we may request or process business profile details for invoicing, accounting, compliance, fraud prevention, and customer support, such as:
Payments are processed by Stripe. We do not store full card numbers or full payment card details on our servers. Payment details are submitted directly to Stripe.
We may collect or receive billing-related data necessary for invoicing, accounting, fraud prevention, payment support, and customer support, such as:
To protect the platform, prevent abuse, reduce fraud, and meet legal or compliance obligations, we may collect or request additional information in limited cases, such as:
Payment processing, fraud prevention, abuse detection, and security checks may involve automated risk analysis by us, Stripe, or other service providers. These checks may affect whether a payment, account, or transaction is accepted, reviewed, restricted, or rejected.
We process technical and security data to operate the platform, calculate usage, improve reliability, troubleshoot issues, and protect the service:
If you apply to the redu.cloud Startup Program, we may process the information you provide through the application form, including founder contact details, startup name, website or demo links, product description, traction, current infrastructure setup, expected usage, requested support level, and any additional information you choose to submit.
We may process cookie identifiers, consent status, website usage data, pages visited, referral sources, and basic device/browser information to operate, secure, analyze, and improve our website, subject to your consent settings where required.
Customers may store, process, transmit, or host data using virtual machines, volumes, backups, snapshots, networks, load balancers, and other cloud resources provided through the Services. This data is controlled by the customer.
We do not routinely access customer content, except where necessary to provide support, maintain security, comply with legal obligations, investigate abuse, enforce our Terms, or operate requested service features.
Customers are responsible for ensuring they have the necessary rights, permissions, notices, and legal bases for any personal data they process using the Services.
Where applicable, we process personal data under one or more of the following legal bases: performance of a contract, legitimate interests, compliance with legal obligations, and consent.
| Data / activity | Main purpose | Typical legal basis |
|---|---|---|
| Account registration | Create and manage your account | Contract |
| Third-party sign-in | Authenticate and create/link your account | Contract |
| Business profile and billing details | Invoicing, account administration, billing | Contract / legal obligation |
| Payment and Stripe billing data | Payment processing, invoicing, disputes, fraud prevention | Contract / legal obligation / legitimate interests |
| Authentication and security events | Security, abuse prevention, audits | Legitimate interests |
| Usage metadata | Operate service, calculate usage and billing | Contract |
| Invoices and accounting records | Billing, accounting, tax obligations | Legal obligation |
| Fraud prevention and risk controls | Prevent abuse, chargebacks, account misuse, and policy violations | Legitimate interests / legal obligation where applicable |
| Support communications | Respond to requests and troubleshoot issues | Contract / legitimate interests |
| Startup Program applications | Review eligibility and contact applicants | Legitimate interests / consent where applicable |
| Marketing emails | Product updates, offers, newsletters | Consent or legitimate interests where permitted |
| Non-essential cookies, analytics, and advertising | Analytics, session replay, and marketing measurement | Consent where required |
| Customer content | Operate requested cloud infrastructure services | Customer-controlled processing; contract / processor role where applicable |
Payments are processed by Stripe. Payment details are submitted directly to Stripe and are not stored on our servers.
We may receive limited billing-related information such as Stripe customer identifiers, payment status, transaction identifiers, dispute or chargeback references, invoice identifiers, limited payment method metadata, and accounting-related data needed to operate the service, prevent fraud, provide support, and comply with legal obligations.
Stripe may process payment data, billing data, fraud prevention data, dispute data, and related transaction information in accordance with its own legal and privacy terms. You can learn more in Stripe's Privacy Center at https://stripe.com/legal/privacy-center.
Payment processing, fraud prevention, abuse detection, and security checks may involve automated risk analysis by us, Stripe, or other service providers. These checks may affect whether a payment, account, or transaction is accepted, reviewed, restricted, or rejected.
redu.cloud operates production cloud infrastructure primarily in Germany.
We may also use infrastructure, backup environments, administrative systems, development environments, testing environments, or operational tooling in other locations where needed to operate, secure, improve, and maintain the Services.
Customer virtual machine data is not backed up to external third-party cloud storage unless explicitly configured by the customer or required for a specific service feature. Platform metadata, configuration, logs, and operational backups may be backed up securely, including through encrypted backup storage.
We use cookies and similar technologies to operate and secure our website, remember preferences, understand general usage patterns, improve user experience, and measure marketing performance.
Where required by applicable law, we use a consent management platform, CookieYes, to request and manage user consent for the use of non-essential cookies, including analytics, advertising, and similar technologies. You can update your preferences through the cookie consent banner where available.
We use Google Analytics to better understand how visitors interact with our website. For more information, please review Google's Privacy Policy and Google Analytics data collection and processing.
We may use Microsoft Clarity and Microsoft Advertising to understand how visitors use and interact with our website through behavioral metrics, heatmaps, and session replay, and to improve and market our services. For more information, visit Microsoft Privacy Statement.
We may also use advertising pixels or similar measurement tools where permitted and subject to your cookie consent choices.
We may create aggregated statistics and, where feasible, anonymized reports about use of our website and Services, such as overall traffic trends, product usage trends, platform reliability trends, or capacity planning information. These reports are used for service improvement, capacity planning, security, and analytics and are not intended to identify you.
We share personal data only when necessary to operate the platform, provide support, process payments, prevent fraud or abuse, review applications, or comply with legal obligations. We do not sell personal data.
We may use third-party service providers, also called processors, to support our operations. Processors process personal data on our behalf and under our instructions, subject to confidentiality, security, and data protection obligations.
We may also disclose personal data to authorities, regulators, courts, law enforcement, or professional advisers when legally required or where necessary to protect our rights, users, platform, or legal position.
We use a limited number of trusted third-party service providers, called subprocessors, to help operate our website and cloud platform. Subprocessors process personal data only on our behalf and under our instructions, subject to confidentiality, security, and data protection obligations.
Our current subprocessors include:
| Subprocessor | Purpose | Categories of data | Processing location |
|---|---|---|---|
| Google Gmail / Google Workspace | Customer support and business communications | Email address, support messages, attachments, correspondence metadata | EEA and/or other countries, including possible United States processing |
| Google Forms | Startup Program application collection | Founder contact details, startup details, product information, traction, infrastructure needs, and submitted application answers | EEA and/or other countries, including possible United States processing |
| Google Analytics | Website analytics and performance measurement | Cookie identifiers, IP address, device data, browser data, and usage data | EEA and/or other countries, including possible United States processing |
| Microsoft Clarity | Website analytics, heatmaps, and session replay | Cookie identifiers, device data, browser data, and website usage data | EEA, United Kingdom, United States, and/or other countries |
| CookieYes | Cookie consent management | Consent status, cookie identifiers, consent logs, and related metadata | EEA, United Kingdom, United States, and/or other countries |
| Google Drive | Encrypted backup storage and operational document storage | Encrypted configuration backups, metadata backups, operational documents | EEA and/or other countries, including possible United States processing |
| Stripe | Payment processing, billing, invoicing, fraud prevention, and disputes | Name, email, billing address, invoice data, payment status, Stripe customer identifiers, transaction identifiers, limited payment method metadata, and dispute/chargeback references where applicable | EEA, United Kingdom, United States, and/or other countries where Stripe processes data |
We may update this list from time to time as our Services evolve. Any new subprocessors will be required to provide appropriate contractual, technical, and organizational safeguards for the protection of personal data.
Personal data may be processed in Germany, Serbia, the United Kingdom, the European Economic Area, the United States, and/or other countries depending on the infrastructure, tools, and service providers used.
Where required for international transfers, we rely on appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, EU Standard Contractual Clauses where applicable, or other legally recognized transfer mechanisms.
We retain personal data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, prevent fraud or abuse, enforce agreements, and maintain platform security. Our current retention approach is:
| Data type | Typical retention |
|---|---|
| Account data | While the account is active and for a limited period after deletion requests to complete closure and security checks |
| Business profile and invoicing data | For as long as needed to manage the account and comply with accounting, tax, fraud prevention, and legal obligations |
| Billing records and invoices | Up to 10 years where required for legal/accounting obligations |
| Security, authentication, and audit logs | Up to 24 months unless longer retention is needed for security or legal reasons |
| Support communications | Up to 36 months unless longer retention is needed to resolve issues or disputes |
| Disputes and chargebacks | Up to 36 months or longer if required to resolve disputes, enforce agreements, or comply with legal obligations |
| Startup Program applications | Up to 24 months unless you become a customer, join the program, or longer retention is needed for legitimate business reasons |
| Cookie consent logs | As required to demonstrate consent and compliance |
| Customer content | For as long as the relevant customer resource, account, backup, snapshot, or service feature remains active, unless earlier deleted by the customer or longer retention is required by law, security, abuse prevention, dispute resolution, or backup lifecycle processes. |
You may request account deletion by contacting office@redu.cloud.
Upon deletion, we intend to:
Certain data may be retained where required or justified, such as invoices, accounting records, fraud prevention records, security logs, and legal records for the retention periods described above.
We implement security measures appropriate for a cloud infrastructure provider, including:
No system is completely secure. In the event of a personal data breach, we will take reasonable steps to contain and remediate the incident. Where required by applicable law, we will notify relevant authorities and affected individuals.
We may send registered users marketing emails and product updates where permitted by applicable law. Where required, you can opt out at any time through an unsubscribe link or by contacting office@redu.cloud.
Transactional messages, such as password resets, security notices, invoices, billing notices, service notices, and account-related messages, are sent as necessary to operate the Services.
Depending on your location and applicable law, you may have rights to:
To exercise your rights, contact office@redu.cloud. To protect your account and personal data, we may ask you to verify your identity before acting on your request, for example by requesting that the request be sent from the email address associated with your account or by using other reasonable verification steps.
We typically respond within 30 days, subject to applicable law and the complexity of the request.
Where required by applicable data protection law, business customers may request a Data Processing Agreement covering REDU CLOUD LTD's processing of personal data on behalf of the customer. To request a DPA, contact office@redu.cloud.
The Services are intended for business and professional users who are at least 18 years old or otherwise legally able to enter into a binding contract on behalf of a business. We do not knowingly provide the Services to children or collect personal data from children.
If you believe your rights have been violated, you may lodge a complaint with the relevant supervisory authority. For UK matters, the supervisory authority is:
This Privacy Policy is governed by the laws of England and Wales, without prejudice to any mandatory rights you may have under applicable data protection laws.
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date. If changes are material, we may take reasonable steps to provide notice.