GDPR & Your Rights
Effective: March 2026 · Last updated: March 11, 2026
Data Controller: Ritsea SRL — Registered in Romania, European Union
Your personal data rights are protected under Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and Romanian Law no. 190/2018 on the implementation of GDPR. Ritsea SRL, as the data controller for Cloudverest, is committed to upholding these rights fully and transparently.
This page explains what rights you have, the legal basis for our processing activities, how to exercise your rights, and how to contact the supervisory authority. For full details on what data we collect and how we use it, see our Privacy Policy.
Your Rights Under GDPR
You have the following rights with respect to your personal data. We will respond to all requests within 30 calendar days of receipt — extendable by a further 2 months for complex requests, with prior notice.
Right of Access
Art. 15Request a complete copy of all personal data we hold about you — what it is, why we process it, how long we keep it, and who we share it with.
How to exercise: Email privacy@cloudverest.com
Right to Rectification
Art. 16Request correction of any inaccurate or incomplete personal data we hold about you. You can update your display name and email directly in Settings.
How to exercise: Settings → Profile, or email us
Right to Erasure
Art. 17"Right to be forgotten." Request deletion of your account and all associated personal data. Exceptions apply where retention is required by law or for dispute resolution.
How to exercise: Settings → Delete Account, or email us
Right to Restriction
Art. 18Request that we temporarily pause processing your data while a dispute is being resolved — for example, while you contest the accuracy of data we hold.
How to exercise: Email privacy@cloudverest.com
Right to Data Portability
Art. 20Receive your personal data in a structured, machine-readable format (JSON) to transfer to another service. Applies to data you provided to us and that we process by automated means.
How to exercise: In-app export, or email us
Right to Object
Art. 21Object to processing based on our legitimate interests. We must stop unless we can demonstrate compelling grounds that override your interests, rights, and freedoms.
How to exercise: Email privacy@cloudverest.com
Right to Withdraw Consent
Art. 7(3)Withdraw your consent at any time for processing activities based on consent (such as optional analytics). Withdrawal does not affect the lawfulness of prior processing.
How to exercise: Settings → Privacy
Right to Lodge a Complaint
Art. 77Lodge a complaint with the national supervisory authority if you believe your rights have been violated. In Romania, this is ANSPDCP. We encourage you to contact us first.
How to exercise: Contact ANSPDCP (see below)
How to Submit a Request
To exercise any of the rights listed above, contact our privacy team at privacy@cloudverest.com. Please include:
- Your registered email address
- A clear description of your request and the right you wish to exercise
- Any relevant context (e.g., specific data, date range, project name)
We may ask you to verify your identity before processing the request. Requests from authorized representatives are accepted with valid proof of authorization. We will not charge a fee for reasonable requests.
Legal Basis for Processing
Under GDPR Art. 6, every processing activity must have a legal basis. Here is a complete summary of ours:
| Processing Activity | Legal Basis | Article |
|---|---|---|
| Account creation, file storage, versioning, sync, collaboration | Contract performance | Art. 6(1)(b) |
| Device data collection for desktop workspace sync | Contract performance | Art. 6(1)(b) |
| Transactional email (invitations, security alerts, notifications) | Contract performance | Art. 6(1)(b) |
| Usage metering and billing | Contract performance | Art. 6(1)(b) |
| Security audit logging, rate limiting, abuse detection | Legitimate interests | Art. 6(1)(f) |
| Storing IP addresses and approximate geo-location in audit logs | Legitimate interests | Art. 6(1)(f) |
| Language preference persistence across devices | Legitimate interests | Art. 6(1)(f) |
| Support ticket processing and dispute resolution | Legitimate interests | Art. 6(1)(f) |
| Optional analytics / telemetry | Consent | Art. 6(1)(a) |
International Data Transfers
Ritsea SRL is registered in Romania (EU). Our service providers Cloudflare and Google operate infrastructure globally, including in the United States. All transfers of personal data outside the European Economic Area are protected by Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Art. 46(2)(c).
Compute, storage, CDN, real-time infrastructure
Cloudflare DPA + EU SCCs
Authentication only
Google Cloud DPA + EU SCCs
You may request a copy of the relevant transfer agreements by contacting privacy@cloudverest.com.
Automated Decision-Making
Cloudverest does not use automated decision-making or profiling under GDPR Art. 22 that produces legal or similarly significant effects on users. No algorithmic or AI-driven decisions are made about you without human involvement. We do not train machine learning models on your file contents.
Supervisory Authority
Romania's national data protection supervisory authority, competent for complaints about Ritsea SRL.
Website: www.dataprotection.ro
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania
Phone: +40 318 059 211
Data Processing Agreements (DPA)
If your organisation processes personal data using Cloudverest and requires a Data Processing Agreement under GDPR Art. 28, contact privacy@cloudverest.com with your organisation's name and jurisdiction. We will respond within 5 business days.
Questions about your data?
Our privacy team is here to help. Reach out directly — we'll respond within 2 business days.