Last Updated: October 27, 2025
This Privacy Policy describes how Proof of Cloud ("Proof of Cloud," "we," "us," or "our") collects, uses, and shares information when you visit proofofcloud.org, engage with associated subdomains, APIs, or developer sandboxes, or interact with our documentation and community resources (collectively, the "Services"). By using the Services, you consent to the practices described in this policy.
1. Information We Collect
Information you provide directly
- Contact details such as name, email address, organization, and role when you sign up for updates, request sandbox access, or contact us.
- TEE attestation artifacts, registry metadata, or other technical submissions you provide for verification or evaluation.
- Feedback, support requests, and other communications you send to Proof of Cloud.
Automatically collected information
- Log data including IP address, browser type, operating system, referring URLs, and pages viewed.
- Usage analytics such as feature interactions, timestamps, and performance metrics.
- Cookie identifiers or similar technologies that help us understand site usage patterns.
Sensitive attestation material
Attestation quotes and related cryptographic evidence may contain hardware identifiers, provisioning data, or cloud instance metadata. You should only submit such materials if you have proper authorization and understand that we process them for verification, auditing, and registry purposes. We treat these materials as confidential and apply heightened safeguards, but we cannot guarantee that they are free of personal data.
2. How We Use Information
We use the information we collect to:
- Operate, maintain, and improve the Services.
- Verify TEE attestations, manage registry entries, and produce transparency reports.
- Respond to inquiries, provide support, and communicate with you about updates or new features.
- Monitor security, detect abuse, and enforce our Terms of Service.
- Analyze usage trends to guide product development and alliance governance decisions.
- Comply with legal obligations and defend our legal rights.
3. Legal Bases for Processing (EEA/UK)
If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:
- Contractual necessity when we provide Services you request.
- Legitimate interests such as improving the Services, ensuring security, and preventing fraud.
- Consent when you opt in to receive communications or submit optional data.
- Legal obligations where processing is required by applicable law.
4. How We Share Information
We do not sell personal information. We may share information in the following limited circumstances:
- With service providers and contractors that help us operate the Services (e.g., hosting, analytics, security tooling) under confidentiality obligations.
- With member organizations of the Proof of Cloud alliance when necessary to perform joint verification, audits, or governance duties.
- In connection with a merger, acquisition, or other corporate transaction involving Proof of Cloud, subject to appropriate safeguards.
- If required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Proof of Cloud, our users, or others.
5. Cookies and Similar Technologies
We use cookies and similar technologies to remember preferences, understand usage patterns, and improve site performance. You can adjust your browser settings to refuse cookies or alert you when cookies are served. Note that disabling cookies may affect certain features of the Services.
6. Data Retention
We retain information for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Attestation materials and registry records may be retained to maintain auditability and historical integrity unless you request deletion and we are able to accommodate it without compromising alliance obligations.
7. Security
We implement administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction. These measures include access controls, encrypted storage for sensitive materials, and regular security reviews. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
8. International Data Transfers
Proof of Cloud operates globally and may process information in the United States and other countries. When transferring personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.
9. Your Rights and Choices
Depending on your location, you may have the right to:
- Access, correct, update, or delete personal information we hold about you.
- Object to or restrict certain processing activities.
- Withdraw consent where processing is based on consent.
- Receive a copy of your personal data in a portable format.
- Lodge a complaint with a supervisory authority.
To exercise these rights, contact us at privacy@proofofcloud.org. We may request verification of your identity before responding.
10. Communications Preferences
You can opt out of marketing emails by using the unsubscribe link included in those communications. Even if you opt out, we may still send transactional or service-related messages.
11. Children's Privacy
The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can take appropriate action.
12. Changes to This Privacy Policy
We may update this policy to reflect changes in our practices or applicable laws. When we do, we will revise the "Last Updated" date and, if changes are material, provide additional notice. We encourage you to review this policy regularly.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices, reach out to privacy@proofofcloud.org or contact@proofofcloud.org.