Legal documents · Privacy Policy

How we
handle your information

This policy applies to business users and teams who register an account with ZavCloud, place orders for cloud hosting, and use the associated console. To deliver the service, process billing, ensure security, and handle disputes, we process your information to the extent necessary. Continuing to use the service constitutes your acknowledgment and acceptance of this policy. For service boundaries, suspension, termination, and limitation of liability, see theTerms of Service.

Last updated April 9, 2026
Scope ZavCloud website, console, and all associated products
Related documents Terms of Service →

1. Scope and User Types

1.1 This policy applies to individuals, companies, and teams (collectively "users" or "you") who register an account, submit orders, manage instances, or conduct any business with ZavCloud via the website, console, or API. ZavCloud primarily serves developers, technical teams, and enterprise customers, providing dedicated Mac mini M4 compute rental at data center grade along with related value-added services.

1.2 This policy is used alongside theTerms of Service. Where a separate order confirmation, enterprise agreement, or feature-specific statement conflicts with this policy, the specific document takes precedence; where it is silent, this policy applies.

1.3 If you register on behalf of a company or team, you confirm that you have the appropriate authority to accept this policy on behalf of that entity, and that you bear management responsibility for information processing activities arising from your internal members (sub-accounts, collaborators) accessing the service.

2. Information We Collect

2.1 Account and order information.When registering, logging in, and placing orders, you provide an account name, contact email, and login credentials. Enterprise users may also provide a company name, business registration number, invoicing details, and corporate payment account information. You are responsible for the accuracy and completeness of the information you submit; any invoicing failures, order cancellations, or subsequent disputes resulting from inaccurate information are your own responsibility.

2.2 Service operation data.When you use the console, connect via SSH/VNC, or submit tickets, we automatically record operation logs, device and browser information, approximate location based on IP, instance identifiers and status, resource usage snapshots, and network session summaries required for anti-fraud and security audit purposes. This data is a necessary component of our ability to fulfill our contractual obligations, maintain service stability, and conduct security operations.

2.3 Payment and billing information.Transaction amounts, payment gateway receipts, and reconciliation records are processed jointly by us and licensed payment institutions. Sensitive payment data such as full card numbers is collected directly by the licensed institution; we typically retain only transaction status and essential summaries. For chargebacks, refund disputes, or tax audits, we may retain complete transaction records and identity verification results within the applicable compliance period.

2.4 Customer communications.Communications submitted through tickets, email, or online support — including technical issue descriptions, error screenshots, and business requirement details — are recorded for follow-up and review purposes. Please do not transmit passwords, private keys, full payment card numbers, or other unnecessarily sensitive content through these channels; any information exposure risk arising from doing so is your own responsibility.

3. How We Use Your Information

3.1 In compliance with applicable law, we use the information we collect for the following business operations (limited to what is necessary to achieve each purpose):

  • Service delivery and account management:instance provisioning, network configuration, IP assignment, console access authorization, and account lifecycle management;
  • Billing, reconciliation, and invoicing:generating invoices, processing renewals, issuing VAT invoices or receipts, and clearing and settling funds with payment institutions;
  • Customer support and ticket handling:responding to technical issues, troubleshooting, and conducting written communication and record-keeping with you regarding service matters;
  • Security operations and risk management:account anomaly detection, DDoS mitigation coordination, overdue payment collection, abuse identification, and Terms of Service enforcement;
  • Product operations and quality improvement:aggregated usage statistics, performance analysis, and new feature planning (used after de-identification or aggregation);
  • Legal compliance:complying with applicable data protection regulations, responding to lawful requests from regulators or judicial authorities, and processing necessary to protect legitimate rights and interests.

3.2 We do not sell your information to third parties for commercial purposes unrelated to ZavCloud services. Where significant changes to our use of your information occur, we will notify you via in-site notices or email.

4. Cookies and Session Technology

4.1 We use cookies, local storage, and similar technologies in the console and on the website to maintain login sessions, save language and UI preferences, perform necessary security checks, and compile anonymous traffic statistics. These technologies are core components of the B2B console's operation, not optional features.

4.2 You may configure your browser's cookie policy yourself. Rejecting or clearing session-related essential cookies may prevent login, order completion, or normal console functionality. Such limitations do not constitute a breach by us, nor do they automatically trigger refund obligations (governed by theTerms of Serviceand order terms).

5. Sharing, Transfer, and Disclosure

5.1 Commissioned business partners.To fulfil service delivery, we may share necessary information with the following categories of business partners: licensed payment and settlement institutions, data center infrastructure providers, cloud communications and ticket system providers, and cybersecurity and anti-fraud service providers. We bind these partners through contracts or data processing agreements, requiring them to maintain protection standards no lower than this policy, and to use the information only to the extent necessary to perform their contractual obligations.

5.2 Legal requirements and law enforcement cooperation.Where required by applicable law, court order, or a competent regulatory authority, we may disclose relevant information to authorized parties within the necessary scope without prior notice to you (unless disclosure is prohibited by law). In cases of billing fraud, illegal abuse, or conduct that infringes the rights of other users, we may provide an evidentiary summary directly related to addressing such conduct to the affected party or competent authority.

5.3 Business reorganization and asset transfers.If information is transferred as a result of a merger, acquisition, business reorganization, or asset sale, the new holder must assume information processing obligations to the extent necessary to continue providing equivalent services, subject to protection standards no lower than this policy. We will provide advance notice of material changes via site announcements or email.

6. Cross-border Transfers and Storage Locations

6.1 ZavCloud provides services across multiple data center nodes in Hong Kong, Japan, Singapore, South Korea, the United States, and other locations. Your account information, order records, and service logs may be stored in our or our partners' infrastructure in those jurisdictions. By selecting a specific node when placing an order, you acknowledge and consent to the associated cross-border transfer and storage arrangements for the relevant data (where applicable law requires additional steps, we will separately obtain consent or implement alternative safeguards).

6.2 The jurisdiction governing compute and network data generated during instance operation is determined by theplan detailsand order confirmation. We cannot make jurisdiction-level commitments regarding individual public internet routing paths. Enterprise customers with compliance jurisdiction requirements are advised to confirm arrangements with us via ticket before placing an order.

7. Retention Periods

7.1 We retain information for the period necessary to fulfil the purposes described in this policy. For commercial operational records, we generally apply the following retention standards:

  • Billing and invoice records:retained in accordance with applicable tax regulations, generally no less than 5 years;
  • Order and contract records:at least 3 years from the date of contract termination, or until the relevant limitation period expires;
  • Service and operation logs:typically retained for 90 days to 1 year for fault diagnosis, security audits, and overdue payment recovery;
  • Payment dispute records:at least 18 months from the date of the dispute, or until the relevant chargeback process concludes.

7.2 Account cancellation does not automatically shorten retention periods required by law or contractual obligations. After retention periods expire, we will delete, anonymize, or archive the relevant information in a form that cannot identify individuals.

8. Your Rights

8.1 To the extent permitted by applicable law and without conflicting with our legitimate business interests, third-party rights, or legal obligations, you may exercise rights of access, copying, correction, deletion, restriction of processing, data portability, and withdrawal of consent (where applicable) with respect to your personal information. Enterprise account administrators may also manage access permissions and related data for sub-account members.

8.2 Rights requests should be submitted throughContact usor a console ticket, with sufficient proof of identity to enable verification. We will respond in writing within a reasonable period. For information requests relating to ongoing fraud investigations, billing disputes, litigation, or regulatory proceedings, we may defer our response until the relevant proceedings conclude or processing is permitted by law. For malicious, repetitive, or manifestly unfounded requests, we may refuse in accordance with applicable law and provide reasons.

9. Minors

This service is intended for users with full legal capacity and is not available to minors. Where a minor collaborator exists under an enterprise account, the account administrator must ensure that valid parental or guardian consent has been obtained. Upon discovering such a situation, we may suspend the service and take compliance measures in accordance with applicable law.

10. Information Security

10.1 We implement industry-standard technical and administrative measures to protect your information, including: TLS transport layer encryption, access control and permission segmentation, operation audit logs, and data center physical security controls. Billing and payment data storage complies with industry security requirements.

10.2 Please take account security equally seriously: use strong passwords, enable two-factor authentication where available in the console, and manage your API keys and SSH private keys carefully. We are not liable — absent willful misconduct or gross negligence on our part — for security incidents caused by compromised devices, credential leaks, or other factors outside our control. Where a security incident may affect your account or data, we will promptly notify you and assist with remediation in a reasonable manner and in compliance with applicable law.

11. Policy Updates

We may revise this policy due to business adjustments, regulatory changes, or product upgrades. Updated versions take effect upon publication on the website (material changes will be communicated in advance via site announcements or email, with the effective date clearly stated). Continued use of the service after the effective date constitutes acceptance of the revised policy. If you disagree, you should stop using the service and complete account closure and outstanding payment settlement.

12. Contact Us

For any enquiries, rights requests, or complaints relating to this policy, please use the following channels:

  • Console ticket:after logging in, submit a ticket from "My Dashboard" and note "Privacy Policy" in the subject;
  • Email:support@zavcloud.com— please include "Privacy Policy Request" in the email subject line;
  • For more contact options, visit theContact uspage.

After verifying your identity, we will respond in writing within a reasonable period. If you are unsatisfied with our response, you may file a complaint with the competent data protection authority in your jurisdiction.