Skip to content
CloudVNO

GDPR Compliance

How CloudVNO complies with the EU General Data Protection Regulation.

Last updated: March 1, 2026

Our Commitment

CloudVNO is committed to compliance with the EU General Data Protection Regulation (GDPR) as both a data controller (for customer account data) and a data processor (for data processed through our API on behalf of customers).

CloudVNO as Data Controller

When you create a CloudVNO account, we collect and process your personal data as a data controller. This includes account information, billing data, and usage analytics. Our lawful basis for processing is:

  • Contract performance: Processing necessary to provide the CloudVNO services you've subscribed to
  • Legitimate interests: Fraud prevention, security monitoring, and service improvement
  • Legal obligation: Compliance with telecommunications regulations and financial recordkeeping
  • Consent: Marketing communications (opt-in only)

CloudVNO as Data Processor

When you use the CloudVNO API to send messages, make calls, or verify phone numbers, you are the data controller for your end users' personal data, and CloudVNO acts as a data processor. Our Data Processing Agreement (DPA) governs this relationship.

Data Subject Rights

EU residents have the following rights under GDPR:

  • Right of access (Art. 15): Request a copy of your personal data
  • Right to rectification (Art. 16): Correct inaccurate data
  • Right to erasure (Art. 17): Request deletion ("right to be forgotten")
  • Right to portability (Art. 20): Receive your data in machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Right to restriction (Art. 18): Request limited processing

To exercise your rights, email privacy@cloudvno.com. We respond within 30 days.

International Transfers

CloudVNO processes data across geo-distributed infrastructure. Where data is transferred outside the EEA (e.g., to US-based sub-processors), we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission.

Data Retention

Data TypeRetention Period
Account dataDuration of account + 30 days after deletion
API request logs90 days
Message metadata90 days
Billing records7 years (legal requirement)
Support tickets3 years

Security

CloudVNO implements appropriate technical and organizational measures per GDPR Article 32:

  • Encryption of personal data at rest and in transit
  • Regular testing and evaluation of security measures
  • Access controls ensuring data access on need-to-know basis
  • Documented incident response procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, CloudVNO will notify the relevant supervisory authority within 72 hours of becoming aware. Affected customers will be notified without undue delay where the breach poses a high risk.

Supervisory Authority

EU customers may lodge complaints with their local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.

Contact our DPO

privacy@cloudvno.com CloudVNO, Dubai, UAE