Account Deletion and Data Deletion Request

Your right to be forgotten

CloudPhysics recognizes the right to be forgotten and observes your right to delete all personal data which CloudPhysics holds. (GDPR “right to be forgotten” / “right to erasure”) EU individual citizens have a right to the erasure of their personal data, under the GDPR law. At CloudPhysics, we are happy to extend this right to all users, worldwide, as we believe it is based upon good principles. CloudPhysics also extends this right to some organizational data where the law requires.

Data that we process

Firstly, you may want to familiarize yourself with how CloudPhysics’ processes and data collection practices, which you can read about here. If you have not received a CloudPhysics account (e.g. to use https://app.cloudphysics.com) then we have no data that concerns you. You do not have a CloudPhysics account unless you created one (either manually or were invited by a strategic partner to process data). To be clear: if you have no login at http://app.cloudphysics.com, then we do not have, and cannot process, any of your data, and thus have nothing to delete.

On-Premises and Cloud Provider Data

If you deployed the CloudPhysics Observer, you will need to turn off and delete the observer to prevent your organization from sending data to CloudPhysics.

If you have a connection to CloudPhysics via Amazon AWS, Microsoft Azure, Google Cloud, or any other cloud provider, you will need to change your cloud access policies and roles to remove the access you have granted to CloudPhysics for data collection. CloudPhysics cannot remove policies from your organization. Cloud data collected by CloudPhysics and residing within the CloudPhysics systems that is identifiable to your organization will be deleted.

Limitations upon rights to delete data

There are other laws, except the GDPR, which touch upon the deletion of data. In particular, there is some data that we are legally required to maintain for a time. For example, VAT (sales tax) laws require us to keep purchase data for audit purposes for a minimum of 10 years after purchase. UK data retention laws require us to keep web server access logs for 6 months – after which they are automatically deleted. The GDPR also allows anonymization, instead of deletion of data, in some circumstances. Anonymization means that there is no way to trace the data back to you. Specific information follows.

What data we will delete or anonymize/scramble

  • All your support form entries will be deleted from our web site’s database.
  • Global aggregate hardware inventories (Server vendor, storage vendor, processors family, etc) and configurations will be anonymized and used as part of the global data lake to provide analysis of global trends. No data will correlate back to any organization.
  • If you are a premium customer, then your account will be locked to prevent future logins. If you are not a customer, then it will be deleted.
  • Any/all data in your CloudPhysics history will be deleted.
  • Any/all users within your organization will be deactivated and deleted upon confirmation of the users.

Things that are not deleted, or which are deleted later, with reasons

  • We do not delete information out of our website backups, because this is technically too difficult to accomplish. However, they are stored encrypted after a number of months (depending on our current policy). We also keep a log of deletion requests so as to be able to a) demonstrate compliance and b) re-run any deletion requests in the event of needing to restore a backup.

  • Sales records and data held by payment vendors are retained for a minimum of 10 years, to comply with taxation/auditing laws, and our own accountancy and auditing requirements.

Requesting deletion

To request the deletion of your personal data, please use this form. If you are not a paying customer, then you can leave the relevant fields empty, and explain in the message input area. If you are an EU citizen, then we are granted one month to respond to the request (usually, one month to carry it out). We will take steps to verify your identity, to prevent fraud/abuse (“social engineering” attacks).

By completing the account deletion request form provided, your personal data will be removed from CloudPhysics. If you requested your organization data also be removed, we will follow through with due diligence to notify all additional users and partners of the deletion request before the non-personal company data is removed. This is to ensure that all parties have approved the account deletion.

I understand that this process cannot be undone after data removal has been requested and confirmations have been received. I understand the impact on my account and data.

Note: All account users will also receive a notification of the account deletion upon an organization's deletion request. An organization will not be removed until all ADMIN accounts have confirmed the account deletion. All shared partners will be notified of the account and organization deletion requests. Individual non-admin user accounts may be deleted immediately upon confirmation.