Privacy Policy

CUCU ("cucu", "we", "us", or "our") provides AI infrastructure deployment and management services on Kubernetes and OpenShift. This Privacy Policy explains how we handle information during our service engagements.

1. Information We Collect

1.1 Information You Provide

• Contact and business information (name, email, company name, role)
• Payment information (processed securely via Stripe — we never store card details)
• Infrastructure requirements and technical specifications
• Access credentials for deployment purposes (managed securely, revocable at any time)
• Support inquiries and correspondence

1.2 Information Collected Automatically

• Website usage data (pages visited, browser type, IP address)
• Cookies and similar tracking technologies (minimal, see Section 8)

1.3 Infrastructure Data

Important: During infrastructure deployments, we may temporarily access system configurations, logs, and metrics for the purpose of deployment and troubleshooting. We do not access, store, or process your business data, AI model data, customer data, or any data processed by the applications we deploy. Your data stays on your infrastructure.

2. How We Use Your Information

• Deploy, configure, and manage AI infrastructure on your behalf
• Process payments and send invoices
• Provide technical support and troubleshooting
• Communicate about service updates, maintenance, and security advisories
• Improve our deployment processes and tooling
• Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Stripe (payments), cloud providers (only when provisioning infrastructure on your behalf)
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with any merger, acquisition, or sale of company assets

We do NOT share your infrastructure configurations, access credentials, or technical details with any third party.

4. Data Security

• All communications encrypted in transit (TLS 1.3)
• Access credentials encrypted at rest with customer-specific keys
• Secrets managed via secure vault systems with automatic rotation
• Role-based access control (RBAC) for all internal systems
• Infrastructure access is scoped and time-limited per engagement
• Multi-factor authentication required for all team members

5. Data Retention

We retain engagement records and contact information for as long as we have an active business relationship or as required by law. Access credentials are deleted or rotated immediately upon completion of each deployment task. Technical documentation and configurations created during engagements are handed over to you and deleted from our systems within 30 days after engagement completion.

6. Your Rights (GDPR & Global)

Depending on your jurisdiction, you may have the right to:

• Access — Request a copy of your personal data we hold
• Rectification — Correct inaccurate or incomplete data
• Erasure — Request deletion of your data ("right to be forgotten")
• Portability — Receive your data in a structured, machine-readable format
• Restriction — Limit how we process your data
• Objection — Object to processing based on legitimate interests
• Withdraw Consent — Where processing is based on consent

To exercise any of these rights, contact us at [email protected].

7. International Data Transfers

We operate globally and may transfer contact and business data across borders. When transferring data outside your jurisdiction, we ensure appropriate safeguards are in place. Infrastructure deployments are performed on your chosen infrastructure (your hardware or your cloud accounts) — your operational data does not leave your control.

8. SMS and Messaging Communications

We may send transactional SMS messages and messaging communications (via WhatsApp, Telegram, or SMS) related to your service engagement. These include payment confirmations, billing notifications, invoice delivery, service alerts, and responses to your inquiries.

• We collect your phone number when you provide it during onboarding, initiate a conversation via our messaging channels, or include it in your service agreement
• Phone numbers are used exclusively for transactional communications — we do NOT send marketing or promotional messages
• Message frequency depends on your account activity (typically 1-5 messages per month)
• You may opt out at any time by replying STOP to any SMS or contacting [email protected]
• For help, reply HELP to any message
• Message and data rates may apply depending on your carrier
• We do not share your phone number with third parties for marketing purposes

9. Cookies

We use minimal cookies:

• Essential: Session management, security
• Preferences: Theme (dark/light)

We do not use advertising cookies or analytics trackers.

10. Children's Privacy

Our services are business-to-business and not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before the changes take effect.

12. Contact Us

For privacy-related inquiries:

• Email: [email protected]
• Data Protection Officer: [email protected]