Clients Privacy Policy

Effective from 11 February 2025. Archived versions | Download PDF

Welcome to CloudLinux.
At Cloud Linux Software, Inc., Doing Business As TuxCare (hereinafter – “CloudLinux,” “We,” “Us,” or “Our”), we prioritize your privacy and are dedicated to protecting your personal information. This Privacy Policy outlines how we collect, use, share, and safeguard client personal data in compliance with relevant data protection laws, such as the General Data Protection Regulation (GDPR).

Our goal is to provide clear information about the types of personal data we collect, why we process it, and your rights as a CloudLinux client. This Privacy Policy applies to all personal information gathered directly or through our online platforms in relation to all products and services under CloudLinux, Imunify, and TuxCare brands (“Service” or collectively “Services”).

CloudLinux may update this Privacy Policy at any time, at our sole discretion. Any changes will become effective immediately upon posting. For significant updates, we will make reasonable efforts to notify you via a website banner, email, or other methods. Your continued use of our Services after any update constitutes acceptance of the revised Privacy Policy. Should you find any terms unacceptable, you are advised to discontinue use of our Services.

As used in this Policy, “Personal Data” or “Personal Information” refers to any information that relates to, identifies, or can reasonably be used to identify an individual, directly or indirectly. This Policy applies to our customers and end-users and does not cover our current and former employees, candidates, or website users.

Data Processing Roles:

• Data Controller: When you sign up for our products and Services, CloudLinux acts as the controller of your personal data. We process this data to deliver our services, communicate relevant content, and enhance and promote our offerings.
• Data Processor: When our customers use our products and Services for their sales, marketing, or other business operations, CloudLinux acts as a processor (or service provider) of personal data on behalf of these customers, who are the data controllers, in line with the CloudLinux Data Processing Agreement.

Cloud Linux Software, Inc. is registered at 20791 Three Oaks Pkwy, #980, Estero, FL 33929, USA, is a technology company dedicated to developing and delivering innovative software solutions that enhance server stability, security, and performance across various environments. With a focus on empowering service providers, data centers, and web hosting companies, we design products to deliver increased reliability and security, tailored to meet the unique needs of our clients.

We operate under the following  primary brands:

• CloudLinux: The foundational brand under which we offer products such as CloudLinux OS, a leading operating system for hosting providers that improve stability, density, and security in multi-tenant server environments.
• Imunify: Imunify is a leading brand in web security, offering a comprehensive suite of security solutions tailored for hosting providers to protect Linux-based web servers. The Imunify suite includes features like malware scanning, proactive defense, and advanced firewall protection, specifically designed to safeguard websites against evolving threats.
• TuxCare: Under the TuxCare brand, we deliver a suite of advanced security and support products, including KernelCare Enterprise, which provides automated live patching of Linux kernels; Endless Lifecycle Support (ELS), enabling extended security for end-of-life Linux systems, software languages, and software development frameworks; and Enterprise Support for AlmaLinux, which helps ensure optimal performance, security, and reliability of AlmaLinux systems. TuxCare is known for offering solutions that enhance the security and longevity of enterprise Linux systems.

As a global remote company, CloudLinux serves a diverse, worldwide client base, from hosting providers to enterprises, all while maintaining a strong commitment to data privacy and security in all of our operations. Whether acting as a data controller or processor, we adhere to stringent data protection practices and implement cutting-edge technologies to secure and manage data responsibly.

Our mission is not only to equip our clients with powerful, scalable tools but also to foster trusted relationships by respecting and protecting their personal information. Through this Privacy Policy, we aim to clearly communicate our privacy practices, provide transparency, and uphold the rights of individuals regarding their personal data.

3.1. Information you provide to CloudLinux

When you interact with us via our websites or any sites or Services that link to this Privacy Policy or use the CloudLinux products, we may collect Personal Data and other information from you, as further described below.

3.1.1. Account and Sign-up Information

We collect Personal Data when you sign up for a CloudLinux/TuxCare account, create or modify user information, set preferences, or provide any other related information to access or utilize our Services. This Personal Data including names, addresses, telephone numbers, fax numbers, physical addresses, email addresses, credit card numbers, and, if applicable, company names, addresses, telephone numbers, fax numbers, physical addresses, email addresses, credit card numbers, or tax ID numbers as well as similar information concerning technical contacts, marketing contacts, and executive contacts within your company or organization.

3.1.2. Payment Information

We collect billing and payment information when you register for any paid products or services with CloudLinux. This may include details like your billing address and designated billing contact for your account. If you choose to provide payment information, such as a credit card or bank account number, we handle it in accordance with this Privacy Policy and solely as authorized by you.

To process payments, we use secure, PCI-DSS-compliant third-party payment providers who manage payment transactions through encrypted and secure methods. Your payment information is collected and processed directly by these providers, ensuring the highest standards of data security and protection.

3.2. Information we process on behalf of customers when they use our Services

3.2.1 CloudLinux OS

Only if you use CloudLinux OS Shared PRO and/or CloudLinux OS Solo, CloudLinux OS may indirectly collect information about visitors of any site hosted on a server that is using CloudLinux OS Shared PRO or CloudLinux OS Solo. One of the features of both Services (the feature`s name is X-Ray) tracks the time of the SQL request execution. To track the time and analyze the SQL request execution, the feature processes in an encrypted manner and stores the SQL requests in a depersonalized format. The SQL requests can consist of Personally Identifiable Information of the visitors of any hosted site. For more details please read and sign our CloudLinux OS Data Processing Agreement in the relevant License Agreement.

3.2.2. Imunify360

Only if you use Imunify360, Imunify360 collects information about visitors of any site hosted on a server protected by Imunify360. That information includes visitors’ IP addresses, URI, browser information, screen resolution as well as other location & browser metadata. We might also collect HTTP/HTTPs query parameters, encrypted using one-way encryption (irreversible encryption used for comparison & analysis). If an attack is detected, we will collect HTTP parameters without using one-way encryption. We will still encrypt it to transfer it to our servers. For more details please read and sign our Imunify360 Data Processing Agreement in the relevant License Agreement.

3.2.3. ImunifyEmail

Only if you use Imunify Email, Imunify Email collects information about mail senders and recipients of any MTA agent protected by Imunify Email. That information includes sender/recipient mail addresses, IP addresses, message content, and SMTP headers. Arbitrary email message content may be used to enhance machine learning input data. The data is never stored outside customer premises but can be temporarily accessed by CloudLinux antispam engineers. It is never stored or transmitted in non-encrypted form and can be unencrypted to be loaded in RAM for processing purposes. For more details please read and sign our Imunify360 Data Processing Agreement in the relevant License Agreement.

3.2.4. Tuxcare

Only if you use Tuxcare products, specifically KernelCare, and/or ELS (Endless Lifecycle Support), and/or Enterprise Support for AlmaLinux, Tuxcare does not collect Personally Identifiable Information about end users on behalf of customers.

3.2.5. Server Information

If you use one of our products such as CloudLinux OS, KernelCare, Imunify360, or TuxCare™ products and services, we may collect certain non-Personally Identifiable Information concerning such software, its use, and the server upon which the software operates. This information includes (a) the licensed or unlicensed status of the software; (b) the source from which the license for the software was obtained (CloudLinux or CloudLinux reseller or partner); or (c) information about the server upon which the software is installed including (i) the public IP address, (ii) the operating system and (iii) the use of any virtualization technologies on such server ((a) through (c) collectively, “Server Information”), server uptime and server hardware information including CPU, memory, disks, motherboard. Additionally, “Server Information” may also include (x) information collected by CloudLinux from time to time concerning which features of the software are most often used to improve and make adjustments to the software; and (y) information collected from you by CloudLinux if you request technical support services including without limitation, IP addresses, usernames and passwords necessary to login to SSH, list of running processes and content of configuration files.

Any of the information we collect from you may be used for the following purposes and related lawful bases

5.1. Service Providers

We may share Personal Data with our third-party service providers to support our websites, products, and services. For example, we use service providers for data hosting, sales support, and customer support (Zendesk as a ticketing system, Zoom and Obsproject as the video calls providers) carrying out the Know Your Client process or processing your payment (Chargebee, Stripe, PayPal as a payment gateway). We may need to share your information with service providers to provide information about products or services to you. We also work with service providers that assist us in building data analytics and reporting capabilities (Snowflake, Looker). These providers help us aggregate, analyze, and interpret data to better understand user behavior, improve operational efficiencies, and enhance our decision-making processes. In the context of customer support, we may also share necessary data with specialized service providers who assist us in providing support, technical troubleshooting, and diagnostic services.

These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. In all cases where we share your information in this way, we explicitly require the third-party service providers to acknowledge and adhere to our privacy and data protection policies and standards.

5.2. Marketing Communications 

We may share personal data to support marketing communications related to our products and services, mentioned in this Privacy Policy, where you have opted in to receive such communications. This includes sharing limited personal data (e.g., email addresses and user engagement data) with our trusted third-party marketing partners who assist us in delivering relevant content, updates, and promotions. These partners are obligated to handle your data securely and solely for authorized marketing purposes in accordance with applicable privacy laws.

You always have control over your marketing preferences and may opt out of receiving marketing communications at any time by following the unsubscribe instructions in any marketing message or by contacting us directly. We respect your preferences and will promptly honor your request to opt out.

For additional details on how we process data for marketing purposes and share data with marketing partners, please refer to our Privacy Policy for Website Users, which provides more comprehensive information on data use for visitors and website users.

5.3. Legal Disclaimer

We may share your information as required by law, such as to comply with subpoenas, court orders, or other legal processes. We may also disclose information when we believe in good faith that it is necessary to protect our rights, your safety, or the safety of others, investigate suspected fraud or security issues, or respond to lawful government requests.

5.4. Corporate Transactions
If CloudLinux undergoes a merger, acquisition, or sale of all or part of its assets, your personal information may be transferred as part of that transaction. In such cases, we will notify you via email and/or by posting a prominent notice on our website, informing you of any changes in ownership, the potential new uses of your personal information, and the choices available to you regarding your data.

5.5. Third Parties with Your Consent
We may also disclose your personal information to third parties when you have provided explicit consent. This may include sharing data for specific services or additional functionalities you wish to access. You will have the option to review and authorize this disclosure before it occurs.

6.1. International Transfer to third parties

This Privacy Policy will apply even if we transfer Personal Data to third parties in other countries. We have taken appropriate safeguards to require that your Personal Data will remain protected wherever it is transferred. When we share the Personal Data of individuals in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), we make use of the Standard Contractual Clauses (which have been approved by the European Commission) and the UK International Data Transfer Addendum (as defined within our Data Processing Agreements mentioned in the License Agreements) as well as additional safeguards where appropriate (such as commercial industry-standard secure encryption methods to protect customer data at rest and in transit, TLS for hosted sites, web application firewall protection, and other appropriate contractual and organizational measures). We are also certified to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and the UK Extension to the EU-U.S. Data Privacy Framework (UK DPF) Principles to help safeguard the transfer of information we collect from the EEA, Switzerland, and UK. Please see our Data Privacy Framework notice below for more information.

6.2. Data Privacy Framework Notice

Cloud Linux Software, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and the UK Extension to the EU-U.S. Data Privacy Framework (UK DPF) as set forth by the U.S. Department of Commerce. Cloud Linux Software, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) concerning the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Cloud Linux Software, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) concerning the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. Cloud Linux Software, Inc. has certified to the U.S. Department of Commerce that it adheres to the UK Extension to the EU-U.S. Data Privacy Framework Principles (UK DPF Principles) concerning the processing of personal data received from the United Kingdom in reliance on the UK DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, and/or UK DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Concerning personal data received or transferred under the Data Privacy Frameworks, CloudLinux is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). The Federal Trade Commission has jurisdiction over CloudLinux’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Under the Data Privacy Frameworks, EU, Swiss, and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Data Privacy Frameworks, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

Cloud Linux’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Frameworks Principles. In particular, Cloud Linux remains responsible and liable under the Data Privacy Frameworks Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles unless Cloud Linux proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF, the Swiss-U.S. DPF, and the UK DPF, Cloud Linux Software, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the Swiss-U.S. DPF, and UK DPF to VeraSafe, an alternative dispute resolution provider based in the United States, and the European Union. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit VeraSafe Data Privacy Framework Dispute Resolution Procedure for more information or to file a complaint. The services of VeraSafe are provided at no cost to you. More information about VeraSafe, an alternative dispute resolution provider, is provided in section 10(c) below.

ACCESSING OR USING OUR SITES OR SERVICES, OR OTHERWISE PROVIDING INFORMATION TO US OR OUR CUSTOMERS, CONSTITUTES CONSENTING TO OUR POTENTIAL TRANSFER, PROCESSING, AND STORAGE OF SUCH INFORMATION IN THE UNITED STATES.

7.1. Data Storage and Security 

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive information is transmitted via Transport Layer Security (TLS) technology to and then stored in our database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential. Credit card information is transmitted directly to the payment processor and is not stored on our servers. If you have any questions about the security of your personal information, you can contact us at [email protected] or visit our Security and Compliance web section.

7.2. Retention of Personal Data

How long we keep the information we collect about you depends on the type of information and how we collect and store it. For example, audio and video, in-meeting messages are stored 1 year since the last video call between you and CloudLinux conducted for support services. After a reasonable period, we will either delete or anonymize your information or, if this is not possible, then we will identify your account in our database as “deleted” or “closed” and isolate it from any further use until deletion is possible.

We retain the Personal Data that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations, resolve disputes, and enforce our agreements).

When we have no ongoing legitimate business need to process your Personal Data, we securely delete the information or anonymize it or, if this is not possible, securely store your Personal Data and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request, as described in the section “Your Privacy Rights and Choices” below.

Just as we have our rights and obligations to process your personal information, you also have certain rights to process your personal data. These rights include:

• Right of access: In accordance with Art. 15 GDPR, you may have the right to obtain confirmation from us as to whether or not your personal data is processed by us, and, where that is the case, to request access to your personal data. The information about personal data processing includes the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom your personal data have been or may be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. Also, you may have the right to obtain a copy of your personal data undergoing processing. For additional copies requested, we may charge a reasonable fee based on administrative costs.
• Right to rectification: By Art. 16 GDPR, you may have the right to obtain from us the rectification of inaccurate personal data. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to erasure (right to be forgotten): By Art. 17 GDPR, you have the right to request that we delete your personal data. Please keep in mind that we may keep your personal data if it is still necessary for:

• fulfilling our legal obligation;
• archival, historical, or scientific research or statistical purposes; or
• determination, exercise, or defense of our legal claims.

• Right to restriction of processing: By Art. 18 GDPR, you have the right to request that we restrict the processing of your personal data. In this case, the respective personal data will be marked accordingly and may only be processed by us for certain purposes.
• Right to personal data portability: By Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and/or to request the transfer of this personal data to another entity.
• Right to object: If you have given your consent to the processing of your data by Art. 7 III GDPR, you may revoke your consent at any time in the future. The declaration of revocation must be addressed to us and must be presented in writing or delivered by email or fax.

Please note that to protect Personal Information, we may verify your identity by a method appropriate to the type of request you are making. You are entitled to exercise the rights described above free from discrimination.

We will respond to your request to change, correct, or delete your data within a reasonable timeframe and notify you of the action we have taken. In some instances, your rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.

If you are a customer, prospect, or otherwise interact with a CloudLinux customer who uses our Services and would like to access, correct, amend, or delete your data controlled by the customer, please contact the relevant customer directly. CloudLinux acts as a processor for our customers and will work with our customers to fulfill these requests when applicable.

CloudLinux is committed to protecting the privacy of children. Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal information from children under this age. If we learn that we have collected personal data from a child under 16 without parental consent, we will promptly delete that information.

Parents or guardians who believe their child has provided us with personal information can contact us as described below under the “How to contact us” Section. We will take appropriate steps to provide access to, correct, or delete the child’s data upon verification of your identity.

Within the scope of this Privacy Policy, if a privacy complaint or dispute relating to Personal Data received by CloudLinux in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through CloudLinux internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

If a complaint or dispute cannot be resolved through CloudLinux’s internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.

For any dispute arising under the EU-U.S. Data Privacy Framework (DPF) program, the UK Extension to DPF, and the Swiss-U.S. Data Privacy Framework program that is not resolved through the steps described in this section, under certain conditions you may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. See more details

https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

• Applicability

This section applies only to California individuals. It describes how we collect, use, and share California consumers’ Personal Information in our role as a business, and the rights applicable to such residents. If you are unable to access this Privacy Policy due to a disability or any physical or mental impairment, please contact us and we will arrange to supply you with the information you need in an alternative format that you can access. For purposes of this section “Personal Information” has the meaning given in the California Consumer Privacy Act (“CCPA”), as amended by the California Consumer Rights Act (“CCRA”).

• How We Collect, Use, and Share Your Personal Information

We might collect the following statutory categories of Personal Information:

• Identifiers, such as names, addresses, telephone numbers, physical addresses, and email addresses. We collect this information directly from you or third-party sources.
• Internet or network information, such as browsing and search history. We collect this information directly from your device.
• Geolocation data, such as IP address. We collect this information from your device.
• Other personal information, in instances when you interact with us online, by phone, or by mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests; or in providing the service.

The business and commercial purposes for which we collect this information are described in this Privacy Policy. The categories of third parties to whom we “disclose” this information for business purposes are described in this Privacy Policy.

• Sensitive Personal Information

We do not collect or process any categories of Sensitive Personal Information as defined under the California Consumer Rights Act (CCRA). In the event this practice changes, we will update this Privacy Policy and provide appropriate notice to ensure compliance with applicable laws.

• Your California Rights

You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law. Your rights include:

• The right of access: You may request that we disclose what Personal Information we have collected, used, and disclosed about you in the past 12 months.
• The right to deletion: You have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
• The right to correction: You may request that we correct inaccurate Personal Information we hold about you.
• The right to limit the use of Sensitive Personal Information: You may request to limit our use of your Sensitive Personal Information to specific business purposes.
• The right to opt-out of sharing or selling: While CloudLinux does not sell Personal Information to third parties, the CCRA also provides the right to opt-out of certain “sharing” of Personal Information for targeted advertising purposes.
• The right to non-discrimination: You will not receive any discriminatory treatment when you exercise one of your privacy rights.

CloudLinux does not sell Personal Information to third parties (under California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).

We are committed to transparent and secure handling of your personal information. We do not use artificial intelligence (AI) or automated decision-making processes that produce legal effects concerning you or otherwise significantly impact you. All decisions related to the processing, storage, and protection of personal data are made with human involvement, in accordance with our established privacy and security policies.

Automated decision-making occurs when an electronic system uses personal data to make decisions without human involvement. Under applicable data protection laws, you have the right not to be subject to decisions based solely on automated processing that have legal effects or significantly affect you. Should you have any concerns or require clarification, you are entitled to request the involvement of one of our representatives in any decision-making process related to your data.

If our approach to AI usage changes, we will promptly update this Privacy Policy to reflect new practices and ensure that you are informed.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website with a new effective date. We encourage you to review this policy periodically for any updates.

If you have any questions about this Privacy Policy, would like more information about how we manage your personal data or need to contact our Data Protection Officer (DPO), please reach out to us at:

Cloud Linux Software, Inc.
Email: [email protected]