Privacy Policy

Cloud Halo Ltd is a company registered in England and Wales and is the controller responsible for the personal data described in this policy. You can contact us about privacy at privacy@cloud-halo.io. Our registered company details are available on request.

We collect the following categories of personal data:

• Account data — your name, work email, company, password (stored hashed by our authentication provider), and workspace role.
• Billing data — plan, subscription status, and trial dates. Card details are collected and stored by Stripe, not by Cloud Halo.
• Azure cost & resource metadata — read-only cost, usage, and resource metadata retrieved from the Azure subscriptions you connect. This can include resource names, resource groups, and tags that you or your organisation have defined, which may contain identifiers.
• Usage & device data — log data, approximate location from IP, and aggregate product analytics used to operate and improve the service.
• Communications — messages you send us, including sales and support enquiries.

We process personal data on the following lawful bases under the UK GDPR:

• Performance of a contract — to provide, secure, and support the service, manage your account, and handle billing.
• Legitimate interests — to keep the service secure, prevent abuse, understand product usage, and communicate about features and service changes (balanced against your rights).
• Consent — where required, for example non-essential analytics or marketing email; you can withdraw consent at any time.
• Legal obligation — to meet tax, accounting, and other legal requirements.

Cloud Halo connects to your Azure environment with read-only access only. We do not request permission to create, modify, or delete resources in your tenant. We process the Azure cost data you connect on your behalf and under your instructions as a processor; details and safeguards are set out in our Data Processing Addendum.

We do not sell personal data. We share data with vetted service providers who process it on our behalf to run the service — including hosting, database, payments, and email providers. The current list is maintained in our DPA sub-processor list. We may also disclose data where required by law or to protect our rights.

Some of our providers operate outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Addendum, or the EU Standard Contractual Clauses.

We keep personal data only as long as needed to provide the service and meet legal obligations. When you delete your account, we remove workspace data and cancel active subscriptions, while retaining billing, audit, and incident records only where required for security, legal, tax, or dispute-handling purposes.

We use technical and organisational measures including encryption in transit, tenant-isolated workspaces with row-level security, least-privilege access, and audit logging. No system is perfectly secure, but we work to protect your data and maintain incident response procedures.

Subject to conditions, you have the right to:

• Access a copy of your personal data
• Rectify inaccurate data
• Erase data (the right to be forgotten)
• Restrict or object to processing
• Data portability
• Withdraw consent where processing is based on consent

To exercise these rights, email privacy@cloud-halo.io. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

We use strictly necessary cookies to run the application (for example, to keep you signed in) and limited analytics to understand usage and performance. We do not use advertising cookies.

Cloud Halo is a business product and is not directed to anyone under 16. We do not knowingly collect their data.

We may update this policy from time to time. We will change the "Last updated" date above and, for material changes, provide additional notice.

Questions about privacy? Email privacy@cloud-halo.io or visit our contact page.