CloudForge
HomePrivacy Policy

Privacy Policy

Last updated: March 15, 2026

Effective for all users globally

1. Introduction

CloudForge Solutions sp. z o.o. ("CloudForge", "we", "us", or "our") is committed to protecting and respecting your privacy. We understand the importance of personal data and take our obligations under the General Data Protection Regulation (GDPR) and applicable Polish data protection laws seriously.

This Privacy Policy explains what personal data we collect when you visit cloudforge.solutions (the "Website") or engage our professional services, how we use that data, the legal grounds for processing, and your rights as a data subject. This policy applies to all users globally, though specific rights may vary based on your jurisdiction.

2. Data Controller

The data controller responsible for your personal data is:

CloudForge Solutions sp. z o.o. ul. Solidarności 171/215 00-877 Warszawa, Poland KRS: 0001111437 NIP: 5214065498

For all data protection inquiries, you may contact our Data Protection Officer at privacy@cloudforge.solutions. We aim to respond to all legitimate requests within 30 calendar days.

3. Information We Collect

We collect and process personal data through several channels, each serving a distinct purpose. The categories of data we collect are as follows:

Information You Provide Directly

  • Contact form submissions — your name, email address, company name, phone number (optional), and the content of your message
  • Inquiry and consultation requests — project requirements, technical specifications, budget ranges, and timeline preferences you share with us
  • Email correspondence — any personal data contained in emails you send to our business, legal, or privacy addresses
  • Phone and video calls — information discussed during discovery calls or consultations (calls are not recorded without explicit consent)
  • Recruitment applications — CVs, cover letters, portfolio links, and professional history submitted through our careers page or recruitment partners

Information Collected Automatically

  • IP address (anonymized for analytics purposes)
  • Browser type and version
  • Operating system and device type
  • Referring URL and exit pages
  • Pages visited, navigation path, and interaction patterns
  • Session duration and timestamps of visits
  • Screen resolution and viewport dimensions
  • Language preference detected from browser settings

Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience on our Website. For detailed information about the specific cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

Information from Third Parties

  • Google Analytics — aggregated and anonymized website traffic data
  • LinkedIn — professional profile information when you interact with our LinkedIn presence or apply through LinkedIn
  • Cloudflare — security and performance data related to website access
  • Recruitment platforms — candidate information submitted through third-party job boards

4. How We Use Your Information

We process your personal data only for specific, legitimate purposes. Each processing activity is tied to a lawful basis under GDPR Article 6:

  • Service delivery and contract performance (Art. 6(1)(b)) — to provide the cloud engineering, team augmentation, and managed operations services you have engaged us to perform
  • Responding to inquiries (Art. 6(1)(f) — legitimate interest) — to answer your questions, provide quotes, and facilitate pre-engagement communications
  • Website improvement and analytics (Art. 6(1)(f) — legitimate interest) — to understand how visitors use our Website, identify technical issues, and improve content and navigation
  • Marketing communications (Art. 6(1)(a) — consent) — to send newsletters, service updates, or promotional content, only when you have explicitly opted in
  • Security and fraud prevention (Art. 6(1)(f) — legitimate interest) — to protect our Website, systems, and users from malicious activity, unauthorized access, and abuse
  • Legal compliance (Art. 6(1)(c) — legal obligation) — to meet our obligations under Polish tax law, commercial law, and other applicable regulations
  • Recruitment (Art. 6(1)(a) — consent or Art. 6(1)(b) — pre-contractual measures) — to evaluate candidates for employment or contractor positions

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We share your data only with trusted service providers who process data on our behalf, and only to the extent necessary for the purposes described in this policy. All third-party processors are bound by Data Processing Agreements (DPAs) that ensure GDPR-compliant data handling.

  • Cloudflare, Inc. — website hosting, content delivery, DDoS protection, and security (data processed globally via Cloudflare's network; covered by EU Standard Contractual Clauses)
  • Google LLC (Google Analytics) — website analytics with IP anonymization enabled; data processed under Google's Data Processing Amendment
  • Email service providers — transactional and marketing email delivery, bound by DPA
  • Professional advisors — legal counsel, accountants, and auditors who are subject to professional secrecy obligations
  • Regulatory authorities — when required by law or in response to a valid legal process

7. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). However, some of our service providers are based outside the EEA, particularly in the United States.

For transfers to countries without an EU adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the primary transfer mechanism, supplemented by additional technical and organizational measures where appropriate. Cloudflare's global network processes certain traffic data at edge locations worldwide; this processing is covered by Cloudflare's DPA and SCCs.

Where the European Commission has issued an adequacy decision for a recipient country (such as under the EU-U.S. Data Privacy Framework), we rely on that decision as the lawful basis for transfer.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are as follows:

  • Contact form submissions and inquiry data — 3 years after the last interaction, unless a contractual relationship is established
  • Client contractual data (invoices, SOWs, correspondence) — duration of the engagement plus 6 years, as required by Polish tax law (Ordynacja podatkowa, Art. 86 §1)
  • Website analytics data — 26 months (Google Analytics default retention period)
  • Marketing consent records — until consent is withdrawn, plus 1 year for record-keeping purposes to demonstrate compliance
  • Recruitment data — 12 months after the conclusion of the recruitment process, unless you consent to longer retention for future opportunities
  • Security logs (Cloudflare) — up to 72 hours for real-time threat data, up to 30 days for aggregated security analytics

9. Your Rights Under GDPR

As a data subject, the GDPR grants you the following rights. These rights are not absolute and may be subject to limitations and conditions under applicable law:

  • Right of Access (Art. 15) — You have the right to obtain confirmation of whether we process your personal data and, if so, to request a copy of that data along with information about the processing.
  • Right to Rectification (Art. 16) — You may request correction of inaccurate personal data or completion of incomplete data without undue delay.
  • Right to Erasure (Art. 17) — You may request deletion of your personal data where it is no longer necessary for the purpose it was collected, you withdraw consent, or data was unlawfully processed. This right does not apply where retention is required by law.
  • Right to Restriction of Processing (Art. 18) — You may request that we limit processing of your data while we verify its accuracy, resolve an objection, or if processing is unlawful but you prefer restriction over erasure.
  • Right to Data Portability (Art. 20) — You may request your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and have it transmitted to another controller, where technically feasible.
  • Right to Object (Art. 21) — You may object to processing based on legitimate interest at any time. For direct marketing purposes, we will cease processing immediately upon receiving your objection.
  • Rights Related to Automated Decision-Making (Art. 22) — You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. See Section 12 below.
  • Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

How to Exercise Your Rights

To exercise any of the above rights, please contact our Data Protection Officer at privacy@cloudforge.solutions. We will respond to your request within 30 calendar days. If your request is complex or we receive a high volume of requests, we may extend this period by an additional 60 days, in which case we will notify you of the extension and the reasons for it. There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.

10. Children's Privacy

Our Website and services are directed at businesses and professionals, not at children. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data. If you believe we may have collected data from a child, please contact us at privacy@cloudforge.solutions.

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit — all data transmitted between your browser and our Website is encrypted using TLS 1.3
  • Encryption at rest — stored personal data is encrypted using AES-256 encryption
  • Access controls — personal data access is restricted to authorized personnel on a need-to-know basis, with role-based access controls and multi-factor authentication
  • Regular security assessments — we conduct periodic reviews of our security practices and infrastructure
  • Employee awareness — all team members with access to personal data receive data protection training
  • Incident response — we maintain documented procedures for detecting, reporting, and responding to personal data breaches in accordance with GDPR Article 33 (72-hour notification requirement)

12. Automated Decision Making

We do not use automated profiling or make automated decisions that produce legal effects or similarly significant effects concerning you. All decisions that materially affect your relationship with CloudForge involve meaningful human oversight.

13. Supervisory Authority

If you are unsatisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the competent supervisory authority. For CloudForge Solutions sp. z o.o., the lead supervisory authority is:

Urząd Ochrony Danych Osobowych (UODO) ul. Stawki 2 00-193 Warszawa, Poland Website: uodo.gov.pl Phone: +48 22 531 03 00

You may also lodge a complaint with the supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or the place of the alleged infringement.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting a prominent notice on our Website or, where appropriate, by sending you an email notification.

We encourage you to review this policy periodically. Your continued use of the Website and our services after changes are posted constitutes your acknowledgment of the updated policy. The "Last updated" date at the top of this page indicates when the policy was last revised.

15. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us through the following channels:

  • Data Protection Officer: privacy@cloudforge.solutions
  • Legal inquiries: legal@cloudforge.solutions
  • Postal address: CloudForge Solutions sp. z o.o., ul. Solidarności 171/215, 00-877 Warszawa, Poland

Related Policies

This Privacy Policy should be read in conjunction with our Terms of Service and Cookie Policy, which together govern your use of our Website and services.