Privacy Policy

Last Updated: March 16th, 2025

CloudSurf ("we," "us," or "our") respects your privacy and is committed to protecting it through this Privacy Policy. This document outlines the types of information we collect, how we use it, the circumstances under which we may share it, and the choices available to you regarding your data.

By installing and using our Chrome extension and related services (collectively, the "Service"), you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with this policy, please discontinue use of the Service.

1. Information We Collect

When you use the Service, we collect the following types of information:

A. Information You Provide to Us Directly

• Account Information: When you sign up for our Service, we collect your email address.
• User Communications: When you interact with our AI-powered assistant, we collect and store the messages you send and the responses generated by the assistant.

B. Information Collected Automatically

• Device and Log Information: We may collect information about your device, including your IP address, browser type, operating system, and other technical details.
• Browsing Data (Limited Scope): Our Service processes webpage URLs, titles, and content (including the DOM and screenshots) only when necessary to complete user-initiated tasks.

C. Local Storage Data

Our Chrome extension may store certain data locally on your device, including authentication tokens and recent conversation history, to improve user experience and minimize unnecessary data retrieval from our servers.

2. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Improve the Service: We use user-provided and automatically collected information to deliver the functionalities of our AI assistant, process tasks, and improve service quality.
• To Maintain User Conversation History: We store your interactions so that you can access past conversations with the AI assistant.
• To Ensure Service Performance and Security: We use certain technical data (such as IP addresses and device logs) to diagnose issues, enhance security, and prevent abuse.
• For Payment Processing: If you choose to purchase a paid plan, we collect basic user details (such as your email) and share them with our payment provider, Stripe, for billing purposes.
• To Comply with Legal Requirements: In some cases, we may need to process personal data to comply with applicable legal obligations.

3. Data Retention and Deletion

We retain your data for as long as necessary to fulfill the purposes outlined in this policy unless a longer retention period is required by law. Our retention policies are as follows:

• Conversation History: Messages exchanged between you and the AI assistant, along with webpage metadata (URL and title), are retained indefinitely unless you request deletion.
• Webpage Content and Screenshots: Any webpage content or screenshots collected for task execution are automatically deleted after 30 days.
• Account and Personal Data: If you wish to delete your account and associated data, you may request deletion by contacting us at hello@cloudsurf.ai. Upon request, we will remove your personal information and stored data from our systems, except where retention is required by law.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. However, we share data with third-party service providers that enable us to operate and enhance the Service. These include:

• AI Processing Partners: To generate AI responses, we send user queries to third-party AI providers, including OpenAI. In the future, we may also integrate services from Anthropic, Google, or similar providers.
• Infrastructure and Hosting: We use Railway as our cloud infrastructure provider, which stores and processes your data securely.
• Payment Processing: If you subscribe to a paid plan, we share basic user information (such as email address) with Stripe, our payment processor. Stripe does not receive or process browsing data.

We may also share data when legally required, such as in response to court orders, legal processes, or law enforcement requests.

5. Data Security

We take reasonable measures to safeguard your information:

• Encryption: All data is transmitted using HTTPS encryption to protect against interception.
• Secure Storage: Data is stored on secure cloud servers with industry-standard protections.
• Limited Access: While we are a small team, we restrict access to personal data within our organization to only those employees or contractors who require it for operational purposes.

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Users are encouraged to take precautions, such as using strong passwords and keeping their credentials private.

6. Your Rights and Choices

You have the following rights regarding your data:

• Access and Correction: You may request a copy of the personal data we hold about you and request corrections if necessary.
• Deletion Requests: You can request that we delete your account and all associated data by contacting hello@cloudsurf.ai.
• Opt-Out of Certain Processing: While we do not provide granular opt-outs for data collection, we only collect data necessary for the Service’s functionality.

7. Cookies and Local Storage

Our Chrome extension uses local storage instead of traditional browser cookies. Local storage is used to:

• Maintain authentication tokens to keep you logged in.
• Store recent conversations locally for faster access.

Local storage data is kept on your device and not shared with third parties.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on our website, and the "Last Updated" date at the top will be revised accordingly. We will not send direct notifications about updates, and continued use of the Service after updates constitutes acceptance of the revised policy.

9. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, you may contact us at:

📧 hello@cloudsurf.ai

📍 CloudSurf

Jurisdiction-Specific Provisions

A. Additional Rights for EU Users (GDPR Compliance)

If you are a resident of the European Union (EU) or a country that follows the General Data Protection Regulation (GDPR), you may have additional rights, including:

• The right to request data portability, meaning you can obtain your data in a structured format.
• The right to restrict processing of your personal data under certain circumstances.
• The right to object to certain types of data processing (such as marketing).
• The right to lodge a complaint with your country’s data protection authority if you believe we have violated your privacy rights.

B. Additional Rights for California Users (CCPA Compliance)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, and share.
• The right to request deletion of your personal data.
• The right to opt out of data sales (though we do not sell personal data).

To exercise any of these rights, please contact us at hello@cloudsurf.ai.