Privacy Policy

1. Introduction

Kumo ("we," "our," or "us") operates a decentralized cloud platform that connects deployers and providers of computing resources. This Privacy Policy describes how we handle your information when you use our Service.

By using Kumo, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Full Name: Minimum 6 characters, maximum 100 characters
• Email Address: Used for account verification, notifications, and communication
• Password: Securely stored (minimum 6 characters), optional if using Google Sign-In
• Authentication Method: Whether you use password or Google OAuth
• Account Creation Date: For account management and security purposes

2.2 Google Account Information

If you sign up with Google, we receive:

• Your Google account email address
• Your Google profile name
• Google account identifier (via OAuth)

2.3 Billing and Financial Information

To process payments and manage your account, we collect:

• Account Balance: Charge Account and Reward Account balances
• Bank Details: Bank name, account number, and account holder name (for withdrawals to supported Indonesian banks)
• Transaction History: Top-ups, spending, earnings, and withdrawals
• Usage Data: Hours deployed, resource consumption, and associated costs
• Payment Method: QRIS and other Indonesian payment methods

2.4 Application and Deployment Data

For deployers, we process:

• Container Images: References to your Docker images
• Deployment Configuration: Template sizes, replicas, environment variables
• Domain Information: Custom domains and SSL certificates
• Registry Credentials: Access tokens for private container registries
• Volumes and Secrets: Persistent storage and sensitive configuration data

2.5 Provider and Hardware Information

For providers, we collect:

• Hardware Specifications: CPU, memory, and disk capacity
• Benchmark Results: CPU scores, disk performance, and network speed tests
• Location Data: ISP, ASN, city, region, and country (from IP geolocation)
• Datacenter Information: Node name, location, and capacity settings
• Provider Agent Token: Secure token for node authentication

2.6 Waiting List Data

For our waiting list, we collect:

• Email address
• Timestamp of submission

3. How We Use Your Information

We use your information for:

• Account Management: Creating and maintaining your account
• Service Provision: Deploying and hosting your applications
• Payment Processing: Processing top-ups, billing, and withdrawals
• Platform Operations: Matching deployers with providers, load balancing
• Security: Detecting fraud, preventing abuse, and protecting the platform
• Communication: Sending service updates, billing notifications, and support responses
• Improvement: Analyzing usage patterns to enhance our services
• Legal Compliance: Complying with legal obligations and regulatory requirements

4. Third-Party Services and Integrations

We use the following third-party services:

5. Data Security

We implement multiple layers of security to protect your data:

Important: While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for the following periods:

• Account Information: Retained while your account is active
• Transaction Records: Retained for 7 years for tax and legal compliance
• Deployment Data: Retained while your deployments are active
• Waiting List Emails: Retained until you subscribe or request removal
• Provider Node Data: Retained while your node is registered

7. Your Rights and Choices

You have the following rights regarding your personal data:

To exercise these rights, please contact us at [email protected]

8. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: HttpOnly cookies for authentication and session management (required for the Service to function)
• Security Cookies: Cookies that help maintain security and prevent fraud

We do not currently use marketing or analytics tracking cookies. However, this may change in the future, and we will update this policy accordingly.

9. International Data Transfers

Kumo primarily operates in Indonesia. Your data is processed and stored within Indonesia, except when:

• Using third-party services (Google OAuth) that may process data outside Indonesia
• Your deployments are hosted on provider nodes located in other countries

We take appropriate safeguards to ensure your data remains protected when transferred internationally.

10. Children's Privacy

The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify users of material changes via email
• Post a notice on the platform

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Feedback and Contact

If you have questions, concerns, or feedback about this Privacy Policy or our data practices, please reach out to us through our feedback form:

We value your privacy and will respond to your inquiries within a reasonable time frame.