Privacy Policy

Last updated: March 28, 2026

1. Data Controller

The data controller responsible for your personal data is:

Eastmotion Ltd.
Operating the website dcdncloud.com and providing decentralized cloud infrastructure services under the brand name DCDN Cloud.

For privacy-related inquiries, contact us through the dashboard support chat or the contact form on our website.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address, name, and password (stored as a bcrypt hash — we never store plaintext passwords). If you use Google Sign-In, we receive your Google profile email and name.

2.2 Billing Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers, CVV, or full card details. We may store your Stripe customer ID and subscription status. See Stripe's Privacy Policy.

2.3 Usage Data

We collect data about how you use our services, including domains configured, API requests, bandwidth usage, and feature interactions. This data is necessary to operate, bill, and improve the service.

2.4 Server Logs

Our servers automatically log IP addresses, request URLs, user agents, and timestamps for security, abuse prevention, and debugging purposes.

2.5 Cookies

We use cookies as described in our Cookie Policy. Essential cookies are used under the legal basis of legitimate interest; optional cookies require your consent.

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data under the following legal bases:

Processing Activity	Legal Basis	GDPR Article
Account registration & authentication	Performance of contract	Art. 6(1)(b)
Payment processing & billing	Performance of contract	Art. 6(1)(b)
Service operation (CDN, DNS, WAF, compute)	Performance of contract	Art. 6(1)(b)
Security monitoring & abuse prevention	Legitimate interest	Art. 6(1)(f)
Server logs & debugging	Legitimate interest	Art. 6(1)(f)
Service improvement & analytics	Legitimate interest	Art. 6(1)(f)
Optional cookies & analytics	Consent	Art. 6(1)(a)
Marketing communications	Consent	Art. 6(1)(a)
Legal compliance & tax records	Legal obligation	Art. 6(1)(c)

4. What We Don't Do

We do not sell your personal data to third parties
We do not use advertising trackers or pixels
We do not share your data with data brokers
We do not use Google Analytics or similar third-party tracking tools
We do not send marketing emails unless you explicitly opt in
We do not engage in profiling or automated decision-making that affects you (GDPR Art. 22)

5. Data Sharing & Third Parties

We only share your data with the following third parties, and only as necessary:

Third Party	Purpose	Data Shared	Privacy Policy
Stripe, Inc.	Payment processing	Email, billing info	stripe.com/privacy
Google (optional)	Google Sign-In authentication	Email, name (only if you use Google login)	policies.google.com/privacy
Let's Encrypt	SSL certificate issuance	Domain names	letsencrypt.org/privacy

We may also disclose data to law enforcement or regulatory authorities when required by law or valid legal process.

6. International Data Transfers (GDPR Art. 46)

DCDN Cloud operates a decentralized network with nodes in the EU, US, and South America. Your account data (email, credentials, billing) is stored on servers in the EU. However, cached content and traffic routing metadata may be processed by edge nodes in other regions.

For transfers outside the EU/EEA, we rely on:

Standard Contractual Clauses (SCCs) as approved by the European Commission
Adequacy decisions where applicable
Technical measures including encryption in transit (TLS 1.3) and at rest

Node operators process only cached content and routing metadata — they do not have access to your account data, credentials, or billing information.

7. Your Rights (GDPR Art. 15–22)

Under the GDPR, you have the following rights:

Right of Access (Art. 15) — Request a copy of all personal data we hold about you
Right to Rectification (Art. 16) — Correct inaccurate or incomplete data
Right to Erasure (Art. 17) — Request deletion of your account and personal data ("right to be forgotten")
Right to Restriction (Art. 18) — Request restricted processing of your data
Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format
Right to Object (Art. 21) — Object to processing based on legitimate interest
Right to Withdraw Consent (Art. 7) — Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us through the dashboard support chat or the contact form. We will respond within 30 days as required by GDPR.

8. Right to Lodge a Complaint (GDPR Art. 77)

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

A list of EU Data Protection Authorities can be found at: edpb.europa.eu/members

9. Data Retention

Data Type	Retention Period	Basis
Account data (email, name, settings)	Until account deletion + 30 days	Contract
Server/access logs	30 days	Legitimate interest
Billing/invoice records	Up to 7 years after last transaction	Legal obligation (tax law)
Support chat history	Until account deletion	Contract
Cookie consent preference	1 year	Consent

After account deletion, we anonymize or permanently delete your personal data within 30 days, except where retention is required by law.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption in transit (TLS 1.3) and at rest
Password hashing with bcrypt
Two-factor authentication (TOTP and SMS)
Regular security audits and penetration testing
Role-based access control
Automated threat detection and WAF protection

11. Automated Decision-Making (GDPR Art. 22)

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our WAF and DDoS protection systems make automated security decisions (e.g., blocking malicious IP addresses), but these are based on technical threat indicators and do not involve personal profiling.

12. Children's Privacy

Our services are not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via dashboard notification or email to your registered address. The "Last updated" date at the top reflects the most recent revision.

Continued use of the service after changes constitutes acceptance of the updated policy.

14. Decentralized Network — Privacy by Design

DCDN Cloud is built with privacy by design principles. Edge nodes in our decentralized network:

Process only cached content and routing metadata
Do not have access to user credentials, billing, or account data
Use encrypted communication channels with the coordinator
Cannot decrypt HTTPS traffic between you and origin servers