Privacy policy

Account data: full name, email, phone, store name, postal address, and tax registry — collected at signup and when issuing invoices.

Operational data: products, customers, invoices, inventory movements, and POS entries logged by your staff while using the system.

Technical data: IP address, browser type, device, OS, and usage logs — collected automatically for security and error diagnostics.

Billing data: we pass your card data to the payment gateway (Paymob, Fawry, or Fawaterak) and don't store it on our servers.

Service operation: signing in, displaying data in the dashboard, sending notifications, and issuing invoices.

Operational communication: invoice notifications, subscription confirmations, security alerts, and core updates — via email or WhatsApp.

Security and fraud: monitoring suspicious sign-in attempts, detecting abuse, and complying with Egyptian Data Protection Law 151/2020.

Product improvement: aggregate, anonymous analytics to understand feature usage. We do not sell or rent your data to any third party for marketing.

Database hosting and authentication: Supabase (US-headquartered, with servers in Europe or the nearest AWS region).

Infrastructure and CDN: Cloudflare for DDoS protection and faster delivery.

Payment gateways: Paymob, Fawry, and Fawaterak — we don't have your card data directly.

Transactional email: Resend for sending registration confirmations and password resets.

Every sub-processor is bound by data-protection contractual standards, and the list is updated on this page whenever it changes.

Essential cookies: keep you signed in and remember language and dark-mode preferences — these can't be disabled because they're critical to the service.

Analytics cookies: we use Google Analytics 4 to measure performance in aggregate. You can disable them via browser settings or tracking blockers without affecting site functionality.

Affiliate cookies: when visiting via an affiliate link we save the referral code for 30 days so the subscription is correctly attributed.

Access: download a full copy of your data as Excel or CSV from your dashboard.

Correction: edit account and store data directly in Settings.

Deletion: to permanently delete your account and all associated data, email privacy@cloudmarkit.com from the registered address — we'll act within 14 business days.

Objection to processing: you can request that we stop processing your data for purposes not essential to the service.

These rights are guaranteed by Egyptian Data Protection Law 151/2020.

Active account data: kept as long as the account is active.

After cancellation: we keep a backup for 30 days to allow comeback, then it's permanently deleted from production databases.

Billing records: retained for 5 years to comply with Egyptian tax requirements.

Security logs (sign-in attempts, audit logs): retained for 12 months and then archived.

Encryption: TLS 1.2+ in transit, and data encryption at rest on Supabase.

Isolation: we use Row-Level Security to ensure each merchant's data is isolated from others within the database.

Backups: automatic daily backups with point-in-time recovery for the last 7 days.

Admin access: limited to the founding team, fully logged in an auditable trail.

We don't currently hold ISO 27001 and don't claim to. We continuously improve our security practices in a documented way.

If we make a substantial change (e.g. adding a new sub-processor or changing the purpose of processing), we'll send an email notice 14 days before the change takes effect.

Minor editorial changes (typo fixes, wording clarifications) don't require a separate notice.

You can track the last updated date at the top of this page.