Privacy Policy

Klustr processes Customer Data, Partner Data and Service Data to provide Cloud Services. This Privacy Notice applies solely to Service Data and does not apply to Customer Data or Partner Data. We explain what we mean by “Service Data” below.

Customer Data and Partner Data are defined in the agreement(s) with our customers covering Cloud Services and represent the data that you and our customers provide for processing in Cloud Services.

Service Data is the personal information Klustr collects or generates during the provision and administration of the Cloud Services and related technical support, excluding any Customer Data and Partner Data.

Service Data consists of:

• Account information. We collect the data you or your organization provide when creating an account for Cloud Services or entering into a contract with us (username, names, contact details and job titles).

• Cloud payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.

• Cloud settings and configurations. We record your configuration and settings, including resource identifiers and attributes, and service and security settings for data and other resources.

• Technical and operational details of your usage of Cloud Services. We collect information about usage, operational status, software errors and crash reports, authentication details, quality and performance metrics, and other technical details necessary for us to operate and maintain Cloud Services and related software. This information includes device identifiers, identifiers from cookies or tokens, and IP addresses.

• Your direct communications. We keep records of your communications and interactions with us and our partners (for example, when you provide feedback, ask questions or seek technical support).

Klustr processes Service Data for the following purposes:

• Provide Cloud Services you request. We use Service Data primarily to deliver the Cloud Services that you and our customers request. This includes processing Service Data as needed to conduct checks before extending credit to certain customers, to bill for the Cloud Services used, to ensure those services are delivered or working as intended, to detect and avoid outages or other technical problems, and to secure your data and services.

• Make recommendations to optimize use of Cloud Services. We use Service Data to provide you and our customers with recommendations (for example, suggesting ways to better secure your account or data, reduce service charges or improve performance, or optimize your configurations), and providing information about new or related products and features. We also evaluate your responses to our recommendations and other feedback (if you choose to provide it).

• Maintain and improve Cloud Services. We evaluate Service Data to help us improve the performance and functionality of Cloud Services. As we improve Cloud Services for you, this will improve them for our customers, and vice versa.

• Provide and improve other services you request. We use Service Data to deliver and improve other services that you and our customers request, including Klustr or third-party services that are enabled via the Cloud Services, administrative consoles, application programming interfaces (APIs) or command line interfaces (CLIs), or the Klustr Workspace Marketplace.

• Assist you. We use Service Data to provide technical support for Cloud Services that you and our customers request, and to assess whether we have met your needs. We also use Service Data to improve our technical support, inform you and our customers about updates to Cloud Services and send other notifications relating to Cloud Services.

• Protect you, our users, customers, the public, and Klustr. We use Service Data to detect, prevent and respond to fraud, abuse, security risks, and technical issues that could harm you, other users, our customers, the public, or Klustr. This helps make our services safer, more reliable, and more secure.

• Comply with legal obligations. We use Service Data to comply with our legal obligations (for example, where we’re responding to legal process or an enforceable governmental request, or meeting our financial record-keeping obligations).

To achieve these processing purposes, we use algorithms to recognize patterns in Service Data, manual review of Service Data (such as when you interact directly with our billing or support teams), aggregation or anonymization of Service Data to eliminate personal information, and combination of Service Data with information from other Klustr products and services. We also use Service Data for internal reporting and analysis of applicable product and business operations.

We maintain data centers around the world, and provide Klustr Workspace and Cloud Identity from Japan, and Klustr Cloud Platform from Japan.

Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.

Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice. When transferring Service Data outside of the European Economic Area, the UK or Switzerland, we comply with certain legal frameworks.

We build Cloud Services with strong security features to protect your data. The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.

We work hard to protect the Service Data we hold from unauthorized access, alteration, disclosure, or destruction, including by:

• Encrypting Service Data at rest and while in transit between our facilities.

• Regularly reviewing our Service Data collection, storage, and processing practices, including our physical security measures, to prevent unauthorized access to our systems; and

• Restricting access to Service Data to Klustr employees, contractors, and agents who need it in order to process Service Data for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

We instruct our affiliates to process Service Data for the purposes listed under “Why We Process Service Data” above, in compliance with this Privacy Notice and appropriate confidentiality and security measures.

We do not share Service Data with companies, organizations, or individuals outside of Klustr except in the following cases:

• When you procure third-party services

We share Service Data outside of Klustr when you or our customer choose(s) to procure a third-party service through Klustr Cloud Platform, the Klustr Cloud Platform Marketplace or the Klustr Workspace Marketplace, or use a third-party application that requests access to your Service Data.

• With your consent

We’ll share Service Data outside of Klustr where we have obtained your consent.

• With your administrators and authorized resellers

When you use Cloud Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:

• View account and billing information, activity and statistics

• Change your account password

• Suspend or terminate your account access

• Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request

• Restrict your ability to delete or edit your information or your privacy settings

• For external processing

We do not sell your Service Data to any third parties.

We share Service Data with trusted third party providers to process it for us as we instruct them and in compliance with this Privacy Notice and appropriate confidentiality and security measures. In particular, we share Service Data with our third party providers when you request technical support services (we share the information you provide in the support ticket, and those providers may communicate with you or your administrator in that ticket, including providing updates and closing the ticket) and professional services (we share your contact details to enable communication and collaboration).

• For legal reasons

We share Service Data outside of Klustr when we have a good-faith belief that access to, or disclosure that Service Data is reasonably necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request. We share information about the number and type of requests we receive from governments in our Transparency Report.

• Enforce applicable agreements, including investigation of potential violations.

• Detect, prevent, or otherwise address fraud, security, or technical issues.

• Protect against harm to the rights, property or safety of Klustr, our customers, users, and the public as required or permitted by law.

If Klustr is involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of Service Data and give affected users notice before Service Data becomes subject to a different privacy policy.

Your organization may allow you to access and export your data in order to back it up or transfer it to a service outside of Klustr. Some Klustr Cloud Services enable you to directly access and download the data you have stored in the services. As further described in our Klustr Workspace Data Subject Requests Guide, you or your organization may use various tools to access, control, and export your data.

You and your organization’s administrator can access several types of Service Data directly from Klustr Cloud, including your account information, billing contact information, payment and transaction information, as well as product and communication settings and configurations.

If you’re otherwise unable to access your Service Data, you can always request it by emailing us at [email protected]

If Japanese data protection law (the Act on the Protection of Personal Information, “APPI”) applies to the processing of your Service Data, we provide the following additional information for users of Cloud Services residing in Japan.

Controller of Service Data. Any Service Data provided to or gathered by Klustr is controlled primarily by Klustr LLC, located at 3-4-3 Azabujuban, Minato, Tokyo 106-0045, representative is Terrance Snyder, CEO.

Purpose of collection and use of personal information. Klustr collects and uses Services Data for the purposes set out here and here.

Measures undertaken to protect retained personal information.

Establishment of general policy

Klustr establishes and publishes this Privacy Notice outlining our general policy relating to Service Data.

Establishment of internal policy relating to handling of personal data

Klustr establishes internal policies about handling measures and persons in charge and their responsibility etc. with regard to the acquisition, utilization, records, provision, deletion etc. of personal data.

Internal organization as security control action

Klustr has large security and privacy teams responsible for developing, implementing, and reviewing internal personal data handling processes. Klustr employees are trained to report suspected incidents involving personal data, which may be done through various channels such as through dedicated email addresses or digital platforms. A dedicated team assesses reported incidents, and as appropriate a coordinated team is assigned to manage the overall incident, including liaising with Legal and the product team as part of the investigation and response. The team on-call for an incident is assigned on a daily rotation. Incident responses may follow either a standard or an expedited route, depending on the severity and priority assigned to the incident.

Personnel measures as security control action

Klustr conducts periodical training for its employees about matters to consider when handling personal data.

Physical measures as security control action

Klustr takes measures to prevent unauthorized persons from accessing personal data in any situation and to prevent theft or loss of devices and electronic media for handling personal data.

Technical measures as security control action

Please see here and here for further information on the security measures undertaken to secure, retain and delete Service Data.

Research of external environment

Data protection laws vary among countries, with some providing more protection than others. Klustr has established a personal information protection system to ensure your information is accorded protections equivalent to APPI, as described in the Privacy Notice. Regardless of where your information is processed, Klustr applies the same personal information protection measures globally. We also comply with certain legal frameworks relating to the transfer of data, such as the European frameworks. For more detail, please see Data transfer frameworks. Further, with regard to the location of our data centers storing Service Data, please see here. There may be cases where Klustr entrusts the processing of information to subprocessors or its subsidiaries or affiliates..

Contact information. For any inquiries or requests about your Service Data related rights under applicable law, please email [email protected].