Privacy Policy

CloudFiles Technologies Inc.
Last Updated: 28 May 2026

This Privacy Policy describes how CloudFiles Technologies Inc. ("CloudFiles," "we," "our," or "us") collects, uses, stores, and shares information when you use our websites (cloudfiles.io, auth.cloudfiles.io), our Salesforce AppExchange applications, and our related products and services (collectively, the "Services").

CloudFiles is a Salesforce-native document automation platform that provides Document Management, Document AI, Document Generation, and Agentforce Actions. We process data on behalf of our customers ("Customers") and also collect data directly from visitors to our website ("Visitors").

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, organization name, and login credentials.

  • Customer Data: Documents, files, folders, templates, and other content you upload to or create within the Services. CloudFiles processes Customer Data on behalf of Customers as a data processor.

  • Payment Information: If you purchase a subscription, we collect billing details such as company name, billing address, and payment method. Payment card information is processed by our third-party payment processor and is not stored on CloudFiles systems.

  • Communications: Information you provide when you contact our support team, respond to surveys, or participate in webinars or events.

1.2 Information Collected Automatically

  • Usage Data: Information about how you interact with the Services, including features used, actions taken, pages visited, and session duration.

  • Device and Technical Data: Device type, operating system, browser type, IP address, and general location information derived from your IP address.

  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to operate the Services, analyze usage, and support marketing. See our Cookie Policy for details.

1.3 Information from Third-Party Integrations

When you connect third-party cloud storage services (such as Google Drive, OneDrive, SharePoint, Dropbox, or Box) to CloudFiles, we access your files and folder metadata on those platforms as necessary to provide the Services. When you create a link to a file from a connected storage service, we may download and store a copy of that file for reliability purposes. We access only the data necessary to provide the functionality you have enabled.

1.4 Information from the Salesforce Platform

When CloudFiles is installed as a Salesforce AppExchange application, we may process data within your Salesforce org as necessary to provide the Services, including Salesforce record data used in document generation, file management, and AI processing. This data is processed in accordance with your Salesforce configuration and our agreement with you.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Services: To operate, maintain, and deliver the features and functionality of the Services.

  • Account Management: To create and manage your account, authenticate your identity, and provide customer support.

  • Billing and Payments: To process transactions and manage subscriptions.

  • Product Improvement: To analyze usage patterns, diagnose technical issues, and improve the Services. For this purpose, we use de-identified and aggregated Usage Data only.

  • Communications: To send you transactional messages (account confirmations, billing notices, support responses) and, with your consent, marketing communications such as product updates and newsletters.

  • Security and Compliance: To detect, prevent, and respond to security incidents, fraud, and abuse, and to comply with legal obligations.

  • Legal Obligations: To comply with applicable laws, regulations, legal processes, or enforceable government requests.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

3.1 Service Providers (Sub-Processors)

We engage trusted third-party service providers to help us operate and improve the Services. These providers are contractually bound to process your data only on our behalf and in accordance with our instructions. Our current categories of sub-processors include:

  • Cloud infrastructure and hosting (e.g., Amazon Web Services)

  • Payment processing

  • Email delivery and communication tools

  • Analytics and product usage monitoring

  • Customer support platforms

  • Marketing and advertising platforms

A list of our current sub-processors is available upon request at privacy@cloudfiles.io.

3.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or enforceable government request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of CloudFiles, our customers, or the public.

3.3 Business Transfers

If CloudFiles is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent to or direct such sharing.

4. Data Processing Roles

4.1 CloudFiles as Data Processor

When Customers use the Services to process their end users' or clients' data (Customer Data), CloudFiles acts as a data processor on behalf of the Customer. The Customer is the data controller and is responsible for obtaining appropriate consents and providing privacy notices to their end users. CloudFiles processes Customer Data only in accordance with the Customer's instructions and our agreement with the Customer.

If you are an end user of a CloudFiles Customer and have questions about how your data is processed, please contact the Customer directly.

4.2 CloudFiles as Data Controller

CloudFiles acts as the data controller for information we collect directly, including account information, website visitor data, usage data, and marketing communications data.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Customer Data: Retained for the duration of the Customer's subscription. Upon termination or expiration, Customer Data is available for export for thirty (30) days, after which it is deleted in accordance with our data deletion policy.

  • Account Information: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations and resolve disputes.

  • Usage and Analytics Data: Retained in de-identified and aggregated form for product improvement purposes. Identifiable usage data is retained for no longer than twenty-four (24) months.

  • Marketing Data: Retained until you unsubscribe or request deletion.

6. Data Security

CloudFiles implements commercially reasonable technical and organizational security measures to protect your information, including:

  • Encryption of data at rest and in transit

  • Logical data separation per customer at the database level

  • Access controls with default-deny, approval-based, and time-limited production access

  • Continuous monitoring and alerting for suspicious activity

  • Regular security assessments and penetration testing

CloudFiles maintains SOC 2 Type II, ISO 27001, HIPAA, and GDPR compliance. For detailed security documentation, please visit the CloudFiles Trust Center.

While we take reasonable measures to protect your information, no method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

7. International Data Transfers

CloudFiles is based in the United States with engineering operations in India. Your information may be transferred to and processed in countries other than your country of residence. When we transfer personal data internationally, we implement appropriate safeguards, including standard contractual clauses approved by applicable regulatory authorities, to ensure that your data is protected in accordance with this Privacy Policy and applicable law.

8. Your Rights

8.1 Rights Under GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Request correction of inaccurate or incomplete personal data.

  • Erasure: Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.

  • Restriction: Request restriction of processing of your personal data in certain circumstances.

  • Data Portability: Request a copy of your personal data in a structured, commonly used, machine-readable format.

  • Objection: Object to processing of your personal data based on legitimate interests or for direct marketing purposes.

  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

The legal bases for our processing activities include: performance of a contract (providing the Services), legitimate interests (product improvement, security, marketing), consent (optional marketing communications), and legal obligations.

8.2 Rights Under U.S. State Privacy Laws

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or other states with comprehensive privacy legislation, you may have the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected about you.

  • Right to Delete: Request deletion of personal information we have collected about you.

  • Right to Correct: Request correction of inaccurate personal information.

  • Right to Opt-Out: Opt out of the sale or sharing of your personal information. CloudFiles does not sell personal information.

  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

8.3 Exercising Your Rights

To exercise any of the above rights, please contact us at privacy@cloudfiles.io. We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for U.S. state laws). We may need to verify your identity before processing your request.

If you are an end user of a CloudFiles Customer and wish to exercise your rights with respect to Customer Data, please contact the Customer directly, as they are the data controller for that data.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Services, remember your preferences, analyze usage, and support marketing efforts. You can manage your cookie preferences through your browser settings or through the cookie consent mechanism on our website. For detailed information, please see our Cookie Policy at cloudfiles.io/cookie-policy.

10. Children's Privacy

The Services are not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@cloudfiles.io.

11. Third-Party Links and Services

The Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the Services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on our website and update the "Last Updated" date. If we make material changes that affect how we process your personal information, we will provide notice via email or through the Services at least thirty (30) days before the changes take effect. Your continued use of the Services after the effective date constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

CloudFiles Technologies Inc.

38350 Fremont Blvd, Suite 203

Fremont CA 94536, United States

privacy@cloudfiles.io

Data Protection Officer

Ankit Gupta

ankit@cloudfiles.io

If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Features

Document GenerationDocument Management & SharingDocument AI

Use-Cases By Role

SalesMarketingService

Resources

BlogVideosWebinarsFree ToolsCase Studies

Support

PricingHelp DocsService StatusBecome our PartnerBook a demo

Solutions

CloudFiles for SalesforceCloudFiles for HubSpotUse-CasesIndustriesCloudFiles vs Others

Use-Cases By Industry

Financial ServicesHealthcare & Life-sciencesTechnology & ITReal Estate

Legal

Trust PortalPrivacy PolicyTerms of ServiceCookie PolicyAcceptable Use PolicyDisclosure PolicyGDPRDPA

Company

About UsLife at CloudFilesCareersContact Us

COMPLIANT & SECURE

HIPAASOCISO27001GDPR1

CloudFiles Technologies Inc.

38350 Fremont Blvd

Suite 203 Fremont

CA 94536

Terms of Service

© 2026 CloudFiles. All Rights Reserved.