Privacy Policy

CLI>_ Privacy Policy

This policy explains how CLI>_ processes personal data when operating the website, shop, customer accounts, orders, and cloud services.

Privacy Policy

CLI & Open LLC
Effective date: [insert date]
Version: 1.1
Website: https://cliopen.com

This Privacy Policy explains how CLI & Open LLC, 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801, United States (“CLI & Open”, “we”, “us”, or “our”) collects, uses, stores, protects, and shares personal data when you use our website, account interfaces, hosting, cloud infrastructure, managed services, support channels, billing systems, and related services (the “Services”).

CLI & Open provides privacy-first cloud and hosting products for customers that want practical infrastructure, operational control, and reduced vendor lock-in.

This Privacy Policy should be read together with our Terms of Service, Cookie Policy, Data Processing Agreement, Subprocessors list, and Security Measures documentation where applicable.

1. Who we are

The data controller for account, website, billing, support, sales, security, and operational data is:

CLI & Open LLC
1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801
United States
Website: https://cliopen.com
Privacy contact: [privacy@cliopen.com]
Security/abuse contact: [security@cliopen.com] / [abuse@cliopen.com]

If you are a customer using CLI & Open to host your own websites, applications, databases, files, logs, or other content, you may be the controller of personal data contained in that hosted content. In that case, CLI & Open generally acts as a processor for that customer content under our Data Processing Agreement.

2. Our role under data protection law

Depending on the context, CLI & Open may act either as a controller or as a processor.

2.1 CLI & Open as controller

CLI & Open acts as controller when we process personal data for our own business purposes, including:

  • account creation and administration,
  • billing and payment management,
  • customer communication,
  • service provisioning,
  • security monitoring,
  • abuse prevention,
  • legal compliance,
  • website operation,
  • support handling,
  • internal performance measurement after consent where required.

2.2 CLI & Open as processor

CLI & Open acts as processor when we process customer-hosted data on behalf of a customer, including data stored or processed inside customer websites, applications, databases, object storage, backups, VPS environments, Kubernetes workloads, or managed application environments.

For processor activities, the customer is responsible for having an appropriate legal basis, providing privacy notices to its own users, handling data subject requests, and ensuring that the hosted application or content complies with applicable law.

CLI & Open processes such customer data only according to the customer’s documented instructions, the applicable service configuration, the Terms of Service, and the Data Processing Agreement.

3. Personal data we collect

We collect different categories of personal data depending on how you interact with us.

3.1 Account and identity data

This may include:

  • name,
  • company name,
  • email address,
  • username,
  • account ID,
  • billing profile,
  • country or region,
  • login and authentication information,
  • role or permissions inside the account.

3.2 Billing and payment data

This may include:

  • billing address,
  • tax or VAT information,
  • invoice data,
  • payment status,
  • transaction references,
  • prepaid credit balance,
  • subscription or service plan information,
  • payment provider metadata.

We do not intentionally store full payment card numbers. Card and payment processing is handled by payment providers such as Stripe or other payment processors where applicable.

3.3 Service and usage data

This may include:

  • services ordered,
  • allocated resources,
  • bandwidth usage,
  • storage usage,
  • CPU, memory, I/O, and network metrics,
  • object storage usage,
  • backup status,
  • VPS, container, Kubernetes, or managed application metadata,
  • IP addresses,
  • domain names,
  • reverse proxy routing metadata,
  • system-generated service identifiers.

We use this data for service delivery, billing, capacity planning, abuse detection, security, and operational reliability.

3.4 Security and log data

This may include:

  • IP addresses,
  • login timestamps,
  • authentication events,
  • administrative actions,
  • access logs,
  • error logs,
  • API activity,
  • abuse indicators,
  • firewall, proxy, or network events,
  • security alerts,
  • incident records.

Security logging is necessary to protect the Services, our customers, and the integrity of our infrastructure.

3.5 Support and communication data

This may include:

  • support tickets,
  • email communication,
  • chat or contact form messages,
  • troubleshooting notes,
  • screenshots or logs provided by you,
  • technical details related to support requests,
  • records of actions taken to resolve issues.

You should avoid sending sensitive personal data to support unless it is necessary for troubleshooting.

3.6 Website and cookie data

When you visit our website, we may process:

  • IP address,
  • browser and device information,
  • pages visited,
  • security events,
  • required cookies or local storage,
  • consent choices,
  • optional first-party internal performance measurement after consent where required.

Details are provided in our Cookie Policy.

3.7 Customer-hosted data

Customer-hosted data may include any data uploaded, stored, transmitted, or processed by customers through the Services, including websites, application data, databases, files, backups, object storage, logs, and end-user data.

CLI & Open does not control the content of customer-hosted data. The customer is responsible for the legality, accuracy, privacy compliance, and security of the data they choose to process through the Services.

4. Why we process personal data

We process personal data for the following purposes:

4.1 Service delivery

To create accounts, provision services, operate infrastructure, provide hosting, VPS, Kubernetes hosting, object storage, backups, reverse proxy services, and selected managed services.

4.2 Billing and payments

To issue invoices, process payments, maintain prepaid credit balances, manage subscriptions, calculate usage, prevent payment fraud, and comply with tax and accounting obligations.

4.3 Security and abuse prevention

To protect infrastructure, detect unauthorized access, prevent spam, malware, phishing, botnets, DDoS activity, credential stuffing, crypto mining abuse, illegal content, and other harmful or prohibited activity.

4.4 Support and troubleshooting

To respond to support requests, investigate incidents, troubleshoot service problems, and provide managed service support where purchased.

4.5 Usage metering and capacity management

To measure bandwidth, storage, CPU, memory, network, backup, and service usage for billing, technical operations, fair-use enforcement, capacity planning, reliability, and abuse detection.

4.6 Legal and contractual compliance

To comply with legal obligations, enforce our Terms of Service, respond to lawful requests, maintain business records, and defend legal claims.

4.7 Internal performance measurement

Where enabled only after consent, to understand page speed, technical errors, and interface usability for CLI & Open websites and interfaces. We do not use this for external advertising profiles.

5. Legal bases for processing

Where the GDPR or similar law applies, we rely on the following legal bases:

Purpose Legal basis
Account creation and service delivery Performance of a contract
Billing, invoicing, payments, tax records Performance of a contract; legal obligation
Security monitoring and abuse prevention Legitimate interests; legal obligation where applicable
Usage metering and capacity planning Performance of a contract; legitimate interests
Support communication Performance of a contract; legitimate interests
Required cookies and local storage Legitimate interests; performance of a contract
Optional internal performance measurement Consent where required
Legal claims and enforcement Legitimate interests; legal obligation
Compliance with lawful requests Legal obligation

When we rely on legitimate interests, we do so only where we believe our interests are not overridden by your rights and freedoms. Our legitimate interests include securing the Services, preventing abuse, maintaining reliable infrastructure, enforcing contractual terms, and operating a sustainable hosting business.

6. Cookies and local storage

We use only cookies and local storage needed for secure site operation, sign-in, cart handling, form protection, and basic security settings unless optional functionality is accepted.

Optional internal performance measurement is enabled only after consent where required.

We do not use cookies for external advertising profiles, and we do not sell cookie-derived data.

For details, see our Cookie Policy.

7. EU-first privacy commitments

Although CLI & Open LLC is registered in the United States, our hosting operations are designed around an EU-first infrastructure and operations model.

For standard hosting services, unless explicitly stated otherwise for a specific service, customer order, or written agreement:

  • customer production hosting data is processed and stored in the European Union,
  • customer backups are stored in the European Union,
  • customer support operations are provided from the European Union,
  • administrative access to customer production systems is restricted to authorized personnel operating from the European Union,
  • access to customer environments is limited to what is necessary for service delivery, support, security, abuse prevention, or legal compliance.

CLI & Open also follows these privacy-first principles:

  • no sale of personal data,
  • no use of customer data for external advertising profiles,
  • no external advertising tracking on customer hosting data,
  • minimal operational telemetry,
  • security-focused logging,
  • role-based access where technically available,
  • deletion of terminated customer data according to defined retention rules,
  • transparent subprocessors and service locations where practical.

Limited account, billing, payment, tax, security, communication, or operational metadata may be processed by selected providers where necessary to operate the business. These providers are described in our Subprocessors list where applicable.

These commitments do not limit necessary processing for service delivery, billing, security, legal compliance, abuse prevention, support, or enforcement of the Terms of Service.

8. Data hosting and international transfers

CLI & Open LLC is incorporated in the United States, while its standard hosting operations are designed to keep customer production hosting data, backups, support operations, and administrative access within the European Union unless a specific service, order, or written agreement states otherwise.

This approach is intended to reduce unnecessary international data transfers and provide a privacy-focused hosting environment for customers who prefer European data residency and European operations.

Because CLI & Open is a US company and may use selected international providers, limited personal data may still be processed outside the EU/EEA in specific cases, including:

  • account administration,
  • billing and payment processing,
  • tax and accounting records,
  • support communication metadata,
  • security and abuse handling,
  • provider operations,
  • legal compliance,
  • services explicitly ordered or approved by the customer.

Where required, international transfers are protected using appropriate safeguards such as:

  • Standard Contractual Clauses,
  • data processing agreements,
  • EU-US Data Privacy Framework participation where applicable to a provider,
  • contractual, technical, and organizational safeguards,
  • minimization of transferred data.

Customers requiring strict EU-only handling should contact us before ordering to confirm whether the requested service can meet that requirement, including any limitations caused by billing, support, payment, domain, DNS, email, or security subprocessors.

9. Subprocessors and service providers

We use selected third-party providers to deliver infrastructure, billing, support, communication, security, monitoring, and operational services.

Subprocessors may include providers for:

  • data center and server infrastructure,
  • payment processing,
  • email delivery,
  • DNS or network services,
  • monitoring and logging,
  • support tools,
  • accounting and invoicing,
  • code hosting or operational tooling.

We maintain a Subprocessors list describing relevant providers, their purpose, region, and type of data involved.

We require subprocessors to provide appropriate confidentiality, security, and data protection commitments where applicable.

10. Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical retention periods include:

Data category Typical retention
Account data While the account is active and for a reasonable period after closure
Billing and tax records As required by accounting and tax law
Support tickets As long as needed for support history, dispute handling, and service improvement
Security logs As long as needed for security, abuse prevention, investigation, and legal protection
Usage metering data As long as needed for billing, operations, capacity planning, and dispute handling
Customer-hosted data While the service is active, subject to service configuration and backup retention
Backup data According to the ordered backup retention or customer request
Terminated customer data Deleted within 30 days after termination or expiry, unless retention is legally required or technically delayed by backup cycles
Consent records As long as needed to demonstrate the consent choice and policy version

Backup retention may be configured or requested by the customer. Where the customer requests long-term backup retention, retention may range from 1 to 5 years depending on the purchased service or written agreement.

After termination or expiry of a service, CLI & Open aims to delete customer service data within 30 days, unless a longer retention period is required by law, needed to resolve disputes, needed for security investigation, or agreed with the customer.

Residual copies may remain temporarily in backups, logs, or disaster recovery systems until overwritten or deleted according to normal retention cycles.

11. Security measures

We use technical and organizational measures intended to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

Measures may include, depending on the service:

  • encryption in transit,
  • encrypted storage or backups where available,
  • access control,
  • administrator authentication controls,
  • monitoring and logging,
  • vulnerability patching,
  • infrastructure segmentation,
  • backup procedures,
  • incident response processes,
  • fair-use and abuse detection,
  • restricted operational access,
  • role-based permissions where technically available.

No service can be guaranteed to be completely secure. Customers are responsible for securing their own applications, credentials, configurations, users, software, and hosted content.

12. Customer responsibilities

Customers are responsible for:

  • the legality of their hosted content and workloads,
  • privacy notices for their own users,
  • obtaining required consents from their own users,
  • securing applications, accounts, passwords, keys, and administrative access,
  • keeping software updated where the service is unmanaged,
  • configuring backups and retention according to their needs,
  • responding to data subject requests concerning their own hosted data,
  • ensuring that their processing activities comply with applicable law.

For unmanaged VPS or infrastructure services, CLI & Open is not responsible for the customer’s operating system patching, application updates, database administration, application-level security, or application troubleshooting.

For managed APP or managed service plans, CLI & Open provides management only within the expressly purchased service scope.

13. Data subject rights

Where GDPR or similar laws apply, you may have rights including:

  • right of access,
  • right to rectification,
  • right to erasure,
  • right to restriction of processing,
  • right to data portability,
  • right to object,
  • right to withdraw consent where processing is based on consent,
  • right to lodge a complaint with a supervisory authority.

Some rights may be limited depending on the legal basis, technical context, security obligations, contractual obligations, or whether CLI & Open acts as controller or processor.

To exercise your rights, contact us at [privacy@cliopen.com].

If your request concerns data hosted by one of our customers, we may direct you to that customer, because the customer may be the controller of that data.

14. Requests from authorities and legal disclosure

We may disclose personal data where required by law, court order, lawful authority request, or to protect the rights, safety, security, or integrity of CLI & Open, our customers, users, infrastructure, or the public.

Where legally permitted and reasonably possible, we may notify affected customers before disclosing customer data. We may be prohibited from doing so by law or by the nature of the request.

15. Abuse, security, and prohibited use investigations

We may process account, usage, network, log, and customer metadata to investigate:

  • spam,
  • malware,
  • phishing,
  • DDoS activity,
  • botnets,
  • crypto mining abuse,
  • credential stuffing,
  • unauthorized scanning,
  • abusive automation,
  • illegal content,
  • child sexual abuse material,
  • excessive resource usage,
  • activity that degrades service for other customers,
  • violations of our Terms of Service or Acceptable Use rules.

We may suspend, throttle, isolate, or terminate services where necessary to protect the platform, other customers, third parties, or legal compliance.

16. Children

The Services are not directed to children. Customers must be at least 18 years old or have legal authority to enter into a binding agreement.

Customers may not knowingly use the Services to collect or process children’s personal data unless they have a valid legal basis and comply with all applicable child privacy laws.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we make material changes, we will update the effective date and may provide notice through the website, dashboard, email, or other reasonable means.

Continued use of the Services after the effective date of an updated Privacy Policy means the updated version applies to future processing.

We may keep previous versions internally for audit and legal purposes.

18. Contact

For privacy questions, GDPR requests, or data protection inquiries, contact:

CLI & Open LLC
1309 Coffeen Avenue STE 1200
Sheridan, Wyoming 82801
United States
Website: https://cliopen.com
Privacy contact: [privacy@cliopen.com]

For abuse or security reports, contact:

Abuse: [abuse@cliopen.com]
Security: [security@cliopen.com]

© 2026 CLI & Open LLC. Privacy-first cloud products for companies and individuals who want practical control and reduced vendor lock-in.