ClouBay Privacy Policy

We collect only what is necessary to deliver the Service:

We use your personal information for:

We use essential cookies (login session, CSRF protection, language preference) and analytics cookies (in-site analytics, behavior stats) to improve your experience. You can refuse or delete cookies in your browser settings, but some features (login, draft autosave) will not work if essential cookies are disabled. We do not share your browsing behavior with ad networks, nor track you cross-site for third-party advertising.

We share your information with third parties only in these circumstances, and only the minimum necessary: 1) With your explicit consent or at your request (e.g. delegating us to apply for an Apple Developer account on your behalf); 2) With subcontractors / processors who help deliver the Service (Aliyun / Tencent Cloud as storage processors, Stripe / banks as payment processors), subject to legally-binding data processing agreements; 3) When required by law or regulation (e.g. ICP filing to MIIT); 4) In M&A, reorganization, or insolvency proceedings as part of assets transferred — we will notify you and ensure the assignee continues to honor this Policy. We do not sell your personal information to any third party.

Your personal information is stored by default on servers within China (Aliyun / Tencent Cloud, East / South China regions). When cross-border services require it (incorporation, cross-border payments, AI top-up), we may transfer relevant information to overseas recipients (Stripe / overseas banks / Apple Inc.). We comply with PIPL Article 38 requirements including impact assessment and separate consent. Retention: We retain basic account information for the lifetime of your account; data is deleted or anonymized within 6 months of account closure. Where law requires longer retention (e.g. 10 years for electronic invoices and contracts), we retain accordingly.

Under PIPL, you have the following rights regarding your personal information. Submit requests via the contact below or your customer portal; we respond within 15 business days:

We apply industry-standard safeguards: full-site HTTPS / TLS 1.2+ in transit, AES-256 at rest for sensitive fields, tiered server access with 12-month audit logs, dual-control for critical operations (e.g. KYC document export). No measure can guarantee 100% security. If a personal information breach occurs, we will notify you within 72 hours via portal message, email, or phone — including incident details, possible impact, and remediation steps — and report to the regulator.

The Service is intended for business operators and natural persons aged 18 or older. We do not knowingly collect personal information from minors under 14. If we discover such data was collected, we will delete it promptly. Minors aged 14-18 may use the Service only with written guardian consent.

This Policy may be updated as our business, the law, or technology evolves. Material changes will be announced 30 days in advance via prominent site notice, email, or SMS. Continued use of the Service after the update means you accept the updated Policy. If you disagree, you may stop using the Service and request account closure.