Privacy Policy

Legal information regarding the collection, use, and protection of personal data.

Last updated: 13 February 2026

1. Introduction

XD's Cloud ("XD's Cloud", "we", "our", or "us") operates a cloud hosting platform (the "Services"). This Privacy Policy explains how we collect, use, store, and protect personal information in compliance with the Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), and applicable international privacy laws including GDPR and CCPA/CPRA where relevant.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We may collect the following categories of personal data:

  • Identifying information, such as name
  • Contact information, such as email address
  • Technical data, including IP address
  • Approximate geographic location derived from IP address
  • Service and system logs, including usage data, error reports, timestamps, and security-related records

3. Legal Basis for Processing

We process personal data based on the following legal bases, as applicable:

  • Performance of a contract (to provide the Services)
  • Compliance with legal obligations
  • Legitimate interests, including security, abuse prevention, and service improvement
  • User consent where required by law

4. Authentication and Account Management

We use Clerk as a third-party authentication provider for account management. Clerk processes identifying and contact information, including your name and email address, for authentication and account security purposes. XD's Cloud does not store or access user passwords.

The email address provided through Clerk may also be used by XD's Cloud to communicate important service-related information, including account notifications, billing updates, security alerts, and incident notices.

5. Database and Data Storage

We use Neon as our managed PostgreSQL database provider to securely store account-related data and service configuration information. Neon may process and store personal data such as names, email addresses, and service metadata on our behalf.

Data stored in Neon is protected using industry-standard security practices, including encryption in transit and at rest where supported.

6. Networking and Connectivity Services

We use Playit.gg to provide networking, tunneling, and connectivity for hosted services. Playit.gg may process IP addresses and connection metadata to route traffic and ensure service availability.

7. Use of Information

Collected information is used to:

  • Provide, operate, and maintain the Services
  • Authenticate users and manage accounts
  • Monitor performance, stability, and reliability
  • Detect, prevent, and respond to fraud, abuse, or security incidents
  • Comply with legal and regulatory obligations

8. Logs and Monitoring

Logs may include IP addresses, timestamps, and service activity. Logging is conducted solely for operational, security, and diagnostic purposes and is not used for advertising or profiling.

9. Data Sharing and Disclosure

We do not sell personal data. We may share data only with trusted third-party service providers when necessary to operate the Services, including:

  • Clerk (authentication and identity management)
  • Neon (database storage and infrastructure)
  • Playit.gg (network connectivity and tunneling services)
  • Mailtrap (email delivery services)

We use Mailtrap to send service-related emails using the email address associated with your account through Clerk.

We may also disclose information to comply with applicable law, legal process, or governmental requests. Data may be transferred or stored outside Australia for these purposes.

10. Data Retention

Personal data and logs are retained only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law.

11. User Rights

You may request access to, correction of, or deletion of your personal data, as well as restrict or object to certain processing activities. Exercising deletion will result in termination of your account and Services.

EU, UK, and California residents have rights under GDPR and CCPA/CPRA, including data portability and the right to withdraw consent where applicable.

12. Cookies and Tracking

We use minimal cookies and analytics for service functionality and performance monitoring. You may configure your browser to block cookies, which may impact certain Services.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes become effective upon posting. Continued use of the Services constitutes acceptance of the revised policy.

14. Contact Information

For questions, complaints, or to exercise your rights, contact us at contact@xdpxi.dev.