Privacy Policy
LibreCloud doesn't pretend to care about your data. We do.
Date Effective: 13 March 2025
I. Introduction & Who We Are
LibreCloud (”LibreCloud”, “We”, “Us”) is operated by individual volunteers and is not a business.
Our members include:
- Aidan Honor (operator and privacy contact)
- Lucas Gabriel (lucmsilva)
- Giovani Finazzi
We are based around the principle of freedom and privacy and make every effort possible to ensure you have complete control over your data.
For users in the EU, this policy aligns with GDPR requirements.
LibreCloud is not intended for users under 16. We do not knowingly collect data from minors.
II. Data We Collect
LibreCloud does not collect extra data beyond what is strictly necessary to operate. Data collected only applies to registered LibreCloud users, as we do not collect data from un-authenticated users.
A user (”User”, “You”, “Your”) refers to an individual who has created an account with LibreCloud and agreed to this policy.
We collect:
- Account Information: Name, email address.
- Services You Use (if applicable): Information and data from LibreCloud services (e.g. Gitea username, Vaultwarden login history).
- Logs: Technical data (e.g. your IP address, user agent, error logs) generated from your usage of our services, used strictly for debugging and functional purposes only. No effort has been made to associate logs with a user’s account.
Third-Party Services
LibreCloud uses open-source tools like Gitea and Vaultwarden. These tools may collect data to function, but we do not add extra tracking. Their data practices are governed by their own documentation (e.g. Gitea Docs, Vaultwarden Docs).
III. How Your Data Is Used
LibreCloud does not use data for any other purpose than delivering functional services to you. We do not profit from or share your data with anyone outside of LibreCloud.
We use your data to:
- Improve Services: If a service goes down, we might use data generated by your client to diagnose an error in our code.
- Reduce Support Waiting Time: We may use your account data to provide faster support to you.
- Legal Compliance: We will only comply with legally valid requests for data disclosure, such as court orders or subpoenas.
- Prevent Abuse: We may view or use your data to identify patterns of abuse.
Legal Basis for Processing (GDPR)
- Consent: You provide consent when creating an account and agreeing to this policy.
- Legitimate Interest: We process data to maintain service security and functionality.
IV. Your Data: Protection and Management
LibreCloud stores data on servers which are rented from several hosting providers (e.g. Namecheap), which may change at any time. All users are notified of any change in location of their data.
Data Storage
- Your data can only be accessed by administrators of LibreCloud.
- Your data is stored in formats intended to be usable and compatible with other platforms.
- Backups of your data are stored on consumer-grade HDDs. See below for security practices.
Data Security
- While we take reasonable steps to protect data, we cannot guarantee 100% security.
- We actively monitor for data breaches and unauthorized access.
- If we suspect a compromise of your data, we will notify you through the methods you have provided us with.
- Backups are encrypted at rest with LUKS and in cold storage. We have physical possession of these drives. If these drives are ever physically moved to another location, you will be notified of the time frame of their transfer. These drives are never connected to the Internet.
- While maximum effort has been made to ensure data on all services provided by us is encrypted, not all services have their data encrypted (e.g. Gitea) due to technical limitations.
Data Retention
- Data not required for operating your user account or LibreCloud (e.g. logs, outdated profile data) is regularly deleted from our servers.
- We retain logs for three months, unless required by us to provide stable services. Logs are deleted on a regular basis, either manually or automatically.
- We will retain your user data until you request for it to be deleted, and for a maximum duration of the lifetime of the associated service or services, should it cease operation at any point.
Data Processing
We process data based on your consent (for account creation) and our legitimate interest in maintaining service security and functionality.
V. Your Rights As A User
LibreCloud is proud to offer maximum user control over their data. If you choose to make a request to exercise one of these rights, we will fulfill it within 48 hours.
Additional rights not listed above may be requested through LibreCloud's support system, though their approval cannot be guaranteed.
You have the right to:
- Request the deletion of all of your user data at any time, and for any reason.
- Correct inaccuracies or modify account information, data, and history. You may also be provided with the option to additionally remove records of this data change request.
- Opt out of non-essential communications.
- Request a copy of your data in a portable format (e.g. JSON, CSV).
- Object to automated decision-making (though we do not use it).
VI. Cookies And Tracking
We do not use cookies or tracking tools beyond what is required for the services we operate. Review their respective documentation for details on their practices.
VII. Policy Changes
We may update this policy to reflect changes in our services, organization, or other reasons. Updates will be posted on this page with a revised effective date.
Large changes to policies will be announced via email and addressed to your LibreCloud account email.
By continuing to use LibreCloud after these changes have been made, you agree to the updated policy.
VIII. Contact LibreCloud
If you have further comments or questions, you may use the support options provided in the user dashboard on LibreCloud, or through the methods provided below:
Email: support@librecloud.cc
You may reach our privacy contact, Aidan Honor, at the above address or aidan@p0ntus.com.
Mailing address available upon request.