Privacy Statement


Who is Cloud Under?

Cloud Under® is a trading name of Cloud Under Ltd, a company based in Manchester and registered in England and Wales (United Kingdom) under number 9089772 and its registered office address at Kemp House, 152-160 City Road, London, EC1V 2NX, United Kingdom. References to “we”, “us”, “our” etc. on this website or other communications usually refer to the company Cloud Under Ltd and references to “I”, “me”, “my” etc. usually refer to the company’s director, André Nicolaj Zahn (nicknamed “Nick”).

Our principles of data protection

Data protection has always been a core value of Cloud Under, whether it’s to protect our own customers’ data or the data of their customers. Some of the measures we take include:

  • Our office computers and devices and their operating systems are always updated. Access to all computers and other devices containing sensitive data are fully encrypted with strong passwords and locked immediately when left. Only software from trusted sources is installed. Fully encrypted backups are made regularly.
  • We use extremely secure passwords and multi-factor authentication wherever possible. We never use the same password for different services or accounts. We never share our passwords, cryptographic keys and accounts with third parties.
  • Sensitive data, such as personal user data or login credentials, is only transmitted over encrypted connections such as HTTPS or SSH and also encrypted at rest. We encourage our customers to do the same and proactively make recommendations whenever we become aware of a potential security risk. For example, by default, we do not use FTP and we would not send our client a copy of their user database via email attachment.

An essential part of our services around full-stack web development is our expertise in internet security. We’re always trying our best to apply internet security best practices to the work for our clients, our own products as well as the workflows.

Explaining the legal bases we rely on

  • Consent: In specific situations, we can collect and process your data with your consent.
  • Contractual obligations: In certain circumstances, we need your personal data to comply with our contractual obligations. For example, when you order a product or service, we’ll collect contact and billing information and process the data in our accounting system.
  • Legal compliance: If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement.
  • Legitimate interest: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may contact you occasionally to make you aware of how we could improve your website or other services, or when we become aware of potential security risks that could affect your online presence, services or software.

Changes to our privacy policy

We may change this Privacy Policy from time to time, to reflect how we are processing your personal information. This Privacy Policy was last updated on 25 May 2018.

Visitors to our website

You’re not required to provide any personal information on this website. However, you may choose to do so by completing the forms on various pages of the site. We’ll only use the information you provide to us on these pages in order to process the relevant form. Please see the privacy wording on the relevant form for a more detailed explanation of how your information will be used.


When you visit, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make and do not allow Google to make any attempt to find out the identities of those visiting our website.


We keep the use of cookies and similar technologies to a minimum. As stated above, we use Google Analytics, which may place a number of cookies, but identifiers are not linked to any personal data.

We may also use cookies and similar technologies for security purposes and other essential website features.

Cookies are not used to target you with online advertising.

Contact forms

Data captured through contact forms will be used to contact you in order to respond to your enquiry. Only authorised individuals will be able to access your data, and it will not be disclosed to third parties.

If you downloaded or purchased one of our apps

If you downloaded or purchased one of our apps from the Apple App Store, you may find the applicable privacy policy on the product page of the App Store or within the app itself.

If there is no specific privacy policy, this means we do not collect any personal data directly from you or your device. For example, if you’re playing Piece It, Apple may collect very basic and anonymous usage statistics and crash reports and share those with us in a totally anonymised way, if you have opted in for this in the settings of your device, but the app will never track you, your behaviour and it will never communicate with one of our servers or any marketers.

If you contact us or do business with us

Transferring data internationally

In order to provide our services we may need to transfer your personal information to another country in the usual course of our business. By dealing with us and submitting your personal information, you agree to the transfer, storage, and processing of your personal information in the United Kingdom as well as other countries inside and outside of the European Economic Area (EEA).

Cloud Under only transfers your personal information to those third parties where we can be sure that we can protect your privacy and your rights, for example the third party is located in a country which the EU has deemed to have adequate data protection laws in place, where that third party is certified on the EU-US Privacy Shield or where we have a contract in place which includes the European Commission’s standard data protection clauses.

For example, when we send you a quote or invoice, we use the services of Xero, with which we have a data processing agreement in accordance with the EU General Data Protection Regulation (GDPR) in place, which stipulates the standards they must follow at all times.

Retention period

The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it. For example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements.

We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.

Your rights

As an individual you have a number of rights regarding your personal data, including the following:

  • Right to be informed about what we do with your information: This Privacy Policy and any details provided when we capture your personal information will keep you informed about how we will use this information.
  • Right to access your information: You can request access to the personal information we hold about you. In most cases this is free of charge.
  • Right to correct your information: If you believe that the personal information we hold about you may be incorrect, you can ask for us to update your information.
  • Right to object to, or restrict, Cloud Under using your information: In certain circumstances you can ask us to stop processing your information or ask for us to limit the ways in which we process this information. However, we can refuse a request in some cases, in which case we will provide you with information explaining why we have refused your request.
  • Right to delete your personal information: Unless we have a reason for keeping your personal information (for example, for tax purposes, to provide a service to you or deal with an ongoing complaint), you can request for us to stop holding your personal information. If we need to hold on to your information we will tell you why we need to do this when we respond.
  • Right to withdraw your consent: Where Cloud Under is using your personal information based on your express consent to this, you have the right to withdraw your consent at any time.

How to contact us

If you would like to make a request for any of the rights detailed above, please send us a request by email to

Please be aware that we will need to verify your identity before providing any personal data to you. We do this to protection your information. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.