GDPR Compliance  Securitain (Cloudain LLC)

Last Updated: September 2, 2025

Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives EU residents control over their personal data. Securitain, provided by Cloudain LLC, is committed to GDPR compliance and protecting the privacy rights of all our users, regardless of their location.

Our Commitment to GDPR

As a cloud security platform, we understand the importance of data protection. Our GDPR compliance includes:

  • Implementing privacy by design principles in all our systems and processes
  • Ensuring lawful basis for all personal data processing activities
  • Providing transparency about how we collect, use, and protect personal data
  • Maintaining comprehensive data protection impact assessments
  • Regular training of our staff on data protection requirements
  • Working with GDPR-compliant third-party processors and vendors

Legal Basis for Processing

We process personal data under the following lawful bases as defined by GDPR:

Contract Performance (Article 6(1)(b))

Processing necessary for the performance of our service contract, including account management, security scanning, and platform functionality.

Legitimate Interests (Article 6(1)(f))

Processing for our legitimate business interests, such as platform security, fraud prevention, and service improvement, balanced against your privacy rights.

Consent (Article 6(1)(a))

Where we have obtained your explicit consent for specific processing activities, such as marketing communications or optional analytics.

Legal Obligation (Article 6(1)(c))

Processing required to comply with legal obligations, such as tax requirements, regulatory compliance, or law enforcement requests.

Your Rights Under GDPR

If you are an EU resident, you have the following rights regarding your personal data:

Right of Access (Article 15)

Request access to your personal data and information about how we process it.

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Request deletion of your personal data under certain circumstances ("right to be forgotten").

Right to Restrict Processing (Article 18)

Request limitation of processing of your personal data under certain conditions.

Right to Data Portability (Article 20)

Request your personal data in a structured, machine-readable format for transfer to another service.

Right to Object (Article 21)

Object to processing of your personal data based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Article 7)

Withdraw consent for processing activities that require your consent, without affecting prior processing.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the information below. We will:

  • Respond to your request within 30 days (or explain why we need more time)
  • Verify your identity before processing the request
  • Provide the requested information or action free of charge in most cases
  • Explain any limitations or reasons if we cannot fulfill your request

Data Protection Measures

We implement comprehensive technical and organizational measures to protect your personal data:

Technical Measures

  • AES-256 encryption for data at rest and in transit
  • Multi-factor authentication and access controls
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery systems
  • Network security and intrusion detection systems

Organizational Measures

  • Staff training on data protection and GDPR compliance
  • Data protection impact assessments for new processing activities
  • Clear data retention and deletion policies
  • Vendor management and due diligence processes
  • Incident response procedures for data breaches

International Data Transfers

As a US-based company serving international customers, we may transfer personal data outside the EU. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Due diligence on data protection laws in destination countries
  • Additional safeguards where required by GDPR
  • Regular review of transfer mechanisms and adequacy decisions

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

  • Account data: Retained while your account is active and for 30 days after closure
  • Security scan data: Retained for 12 months for security and compliance purposes
  • Billing records: Retained for 7 years as required by accounting and tax regulations
  • Support communications: Retained for 3 years for quality assurance and legal purposes

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware
  • Notify affected individuals without undue delay if there is a high risk
  • Provide clear information about the breach and recommended actions
  • Take immediate steps to contain and remediate the breach

Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where the alleged infringement occurred.

We encourage you to contact us first so we can address your concerns directly, but this does not affect your right to file a complaint with a supervisory authority.

Contact Our Data Protection Officer

For all GDPR-related inquiries, questions about your rights, or to make a data subject request, please contact:

Data Protection Officer
Email: support@securitain.com
Subject Line: GDPR Request - Securitain
Mail: Cloudain LLC DPO
Fontana, CA, USA

Please include your full name, email address associated with your account, and a detailed description of your request.

Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures to ensure continued protection of your personal data. Any material changes to our GDPR practices will be communicated through our Privacy Policy updates and direct notifications where required.