Privacy Policy
Effective date: 1 June 2026
This Privacy Policy explains how Tyga.Cloud Ltd ("Company", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our platform, websites, and services. We are committed to protecting your privacy and handling your data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable.
1. Data Controller
The data controller responsible for your personal information is:
Company number: 14643275
Registered in England and Wales
Ground Floor, Unit 2 Mallard Court
Mallard Way, Crewe Business Park
Crewe, Cheshire, CW1 6ZQ
United Kingdom
Data Protection Officer: dpo@tyga.cloud
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, company name, and password when you create an account.
- Billing information: Payment card details and billing address, processed and stored securely by Stripe. We do not store full card numbers on our servers.
- Communications: Any information you provide when you contact us for support, send us feedback, or otherwise communicate with us.
- Profile information: Optional information you add to your profile, such as job title, organisation details, or avatar.
- API and platform data: Configuration data, API keys, and settings you create within the platform.
2.2 Information Collected Automatically
- Usage data: Information about how you interact with our services, including pages visited, features used, API calls made, and timestamps.
- Device and browser information: IP address, browser type, operating system, device identifiers, and screen resolution.
- Log data: Server logs that record requests made to our services, including request URLs, response codes, and timestamps.
- Cookies and similar technologies: As described in our Cookie Policy.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing our services: To operate, maintain, and improve the Tyga.Cloud platform.
- Account management: To create and manage your account, authenticate your identity, and process your transactions.
- Communication: To send you service-related notifications, security alerts, and support messages.
- Billing: To process payments, send invoices, and manage your subscription.
- Security: To detect, prevent, and respond to fraud, abuse, and security incidents.
- Analytics: To understand how our services are used and to improve user experience.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data on the following legal bases:
| Legal Basis | Purpose |
|---|---|
| Contract performance (Art. 6(1)(b)) | To provide our services, manage your account, and process billing. |
| Legitimate interests (Art. 6(1)(f)) | To improve our services, ensure security, prevent fraud, and conduct analytics. Our legitimate interests do not override your fundamental rights. |
| Legal obligation (Art. 6(1)(c)) | To comply with tax, accounting, and regulatory requirements. |
| Consent (Art. 6(1)(a)) | Where we rely on your consent (e.g., for marketing communications), you may withdraw consent at any time. |
5. Data Sharing
We do not sell your personal data. We share your information only in the following circumstances:
5.1 Service Providers
- Stripe: Payment processing. Stripe receives your billing information to process transactions securely. See Stripe's Privacy Policy.
- SendGrid (Twilio): Email delivery. SendGrid processes email addresses and message content for transactional emails. See Twilio's Privacy Policy.
- Cloud infrastructure providers: We use third-party hosting and infrastructure services to operate our platform. These providers process data on our behalf under strict contractual obligations.
5.2 Other Circumstances
- Legal requirements: When required by law, regulation, or legal process.
- Protection of rights: To protect our rights, privacy, safety, or property, or that of our users or the public.
- Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.
6. Tenant Isolation
As a multi-tenant SaaS platform, we implement strict tenant isolation measures to ensure that your data is logically separated from other customers' data. This includes:
- Scoped database queries that prevent cross-tenant data access.
- Tenant-specific API key authentication and authorisation.
- Isolated data processing pipelines per tenant.
- Regular security audits of our isolation mechanisms.
7. International Transfers
Your data may be processed in countries outside the United Kingdom or the European Economic Area (EEA). Where we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Transfers to countries with an adequacy decision from the UK Secretary of State or the European Commission.
- Standard Contractual Clauses (SCCs) approved by the relevant authority.
- Other lawful transfer mechanisms as required by applicable data protection law.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account data: Retained for the duration of your account and for 30 days after account closure to facilitate data export.
- Billing data: Retained for 7 years to comply with UK tax and accounting regulations.
- Log data: Retained for up to 12 months for security and operational purposes.
- Marketing consent records: Retained for as long as the consent is valid, plus a reasonable period thereafter.
After the applicable retention period, data is securely deleted or anonymised.
9. Your Rights Under GDPR
Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
- Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
- Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
- Right to object: Object to the processing of your data based on legitimate interests or for direct marketing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
- Right to lodge a complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or your local supervisory authority.
To exercise any of these rights, contact us at dpo@tyga.cloud. We will respond within one month of receiving your request.
10. CCPA Rights (California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to opt-out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" option.
- Non-discrimination: We will not discriminate against you for exercising your CCPA rights.
11. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us at dpo@tyga.cloud and we will promptly delete it.
12. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS 1.2+) and at rest.
- Secure authentication mechanisms including password hashing and API key management.
- Regular security assessments and penetration testing.
- Access controls limiting data access to authorised personnel on a need-to-know basis.
- Monitoring and alerting for suspicious activity.
- Incident response procedures for data breaches.
While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Effective date" at the top of this page.
- Notify you via email or through an in-platform notification.
We encourage you to review this policy periodically. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.
14. Contact
For any questions about this Privacy Policy, or to exercise your data protection rights, please contact:
Tyga.Cloud Ltd
Company number: 14643275
Registered in England and Wales
Ground Floor, Unit 2 Mallard Court
Mallard Way, Crewe Business Park
Crewe, Cheshire, CW1 6ZQ
United Kingdom
Email: dpo@tyga.cloud