Privacy Policy
Last updated: 2026-05-04 Effective date: 2026-05-04
This Privacy Policy explains how PivoCloud, a service operated by EURL PivoSide ("PivoCloud", "we", "us", or "our"), collects, uses, shares, and protects your personal data when you use our website, services, and platform (together, the "Service").
PivoCloud is committed to operating in compliance with Algerian data protection law, including:
- Law no. 18-07 of 10 June 2018 on the protection of natural persons in the processing of personal data;
- Law no. 25-11 of 24 July 2025 on data sovereignty and the local hosting of personal data of Algerian citizens;
- the rules and decisions of the National Authority for Personal Data Protection (Autorité Nationale de Protection des Données à Caractère Personnel — ANPDP).
By using the Service, you acknowledge that you have read and understood this Policy.
1. Who is responsible for your data
The data controller is:
EURL PivoSide Registered office: E1 S6 Station 13, premier étage, Incubateur du Cyber Parc de Sidi Abdellah, Rahmania, Alger, Algeria Commercial Register (RC): 16/00 - 1022334 B26 Tax ID (NIF): 002616102233482 Statistical ID (NIS): 0 026 1648 00155 48 Share capital: 2,000,000 DA
For any privacy-related question or to exercise your rights: Email: legal@pivocloud.com Postal: EURL PivoSide — Privacy Officer, E1 S6 Station 13, premier étage, Incubateur du Cyber Parc de Sidi Abdellah, Rahmania, Alger, Algeria
2. What we mean by "personal data"
"Personal data" means any information relating to an identified or identifiable natural person, as defined in Article 3 of Law 18-07. This includes things like your name, email, phone number, IP address, or any data that can be reasonably used to identify you.
3. What personal data we collect
We collect only what we need to deliver the Service.
3.1 Information you give us
- Account information: email address, password (stored encrypted), full name (optional), phone number (optional).
- Billing information: billing name, billing address, payment method details (BaridiMob references, card metadata — full card numbers are handled by our payment provider and never stored on our systems).
- Support and communication: any content you send us by email, contact form, chat, or messaging channel (including WhatsApp).
3.2 Information we collect automatically
- Usage data: pages viewed, features used, timestamps, errors, and technical logs needed to operate and secure the Service.
- Device and connection data: IP address, browser type and version, operating system, language preference, referrer URL.
- Cookies and similar technologies: see Section 11.
3.3 Information about resources you deploy
When you deploy applications or databases on the Service, we collect operational metadata (resource size, deployment status, container logs, database snapshots) needed to run, monitor, and back up your workload. We do not access the content of your databases or your application data unless strictly necessary for support, and only after we ask for your permission, except when required by law or to prevent harm to the platform.
4. Why we process your data and the legal basis
We process personal data only for specific, explicit, and legitimate purposes, in line with Articles 7 to 9 of Law 18-07.
| Purpose | Legal basis |
|---|---|
| Creating and managing your account | Performance of the contract you have with us |
| Operating, monitoring, and securing the Service | Legitimate interest in keeping the Service available, fast, and secure |
| Billing, payment processing, and accounting | Performance of the contract; compliance with Algerian tax and accounting law |
| Customer support | Performance of the contract |
| Sending service-related notifications (incidents, billing, security alerts) | Performance of the contract; legitimate interest |
| Sending marketing emails or product news | Your prior consent (you can withdraw it at any time) |
| Detecting fraud and abuse | Legitimate interest |
| Complying with legal obligations (tax, court orders, ANPDP requests) | Legal obligation |
We do not sell your personal data. We do not use your data to train any AI model.
5. Who we share your data with
We share data only with the following categories of recipients, and only to the extent strictly necessary.
5.1 Sub-processors
We work with a limited number of carefully selected sub-processors to deliver the Service. The current list is:
| Sub-processor | Role | Location |
|---|---|---|
| OVH SAS | Infrastructure hosting (current) | France / European Union |
| BaridiMob (Algérie Poste) | Payment processing in Algerian Dinar | Algeria |
| Plausible Insights OÜ | Anonymous web analytics | European Union |
| PostHog (self-hosted) | Product analytics | Algeria — self-hosted on our infrastructure |
| Self-hosted email server | Transactional email delivery | Algeria — operated by PivoCloud on its own infrastructure |
Roadmap commitment: PivoCloud is migrating its production infrastructure to bare-metal servers located in Technoparc de Sidi Abdellah, Alger, Algeria. Until that migration is complete, infrastructure is hosted by OVH SAS in the European Union, and a Data Processing Agreement is in place between PivoCloud and OVH. Customers will be notified before any change to this list.
5.2 Other recipients
We may disclose your data to:
- Public authorities and courts when we are legally required to (court order, tax audit, ANPDP request).
- Professional advisors (lawyers, auditors, accountants) under confidentiality.
- Acquirers in the event of a merger, sale, or restructuring — only after prior notice and only under equivalent privacy commitments.
We never sell, rent, or trade your personal data to advertisers or data brokers.
6. International data transfers
Article 44 of Law 18-07 prohibits the transfer of personal data outside Algeria unless the destination country offers an adequate level of protection and the ANPDP has authorised the transfer, or unless one of the derogations of Article 45 applies (in particular, the data subject's explicit consent).
As of 2026-05-04, the ANPDP has not published a list of countries deemed adequate.
Until our migration to Algerian infrastructure is complete, parts of your data are processed by OVH SAS in the European Union. By creating an account, you give your explicit and informed consent to this transfer, in accordance with Article 45.1 of Law 18-07. You can withdraw this consent at any time by deleting your account; we will then export and erase your data within the time limits described in Section 8.
After the migration to Algerian infrastructure is complete, your personal data will be stored and processed on Algerian territory, in line with Law 25-11.
7. How long we keep your data
| Data type | Retention period |
|---|---|
| Account data (email, name, password) | For the lifetime of your account, plus 30 days after account closure |
| Billing and accounting records | 10 years after the end of the financial year, in line with Algerian commercial and tax law |
| Application and database content you deploy | For the lifetime of the resource; 30 days after you delete it (recovery window), then permanent deletion |
| Operational logs (errors, security events) | 12 months |
| Anonymous analytics | Up to 24 months in aggregate form |
| Support tickets and emails | 36 months after the last interaction |
| Marketing consent records | Until consent is withdrawn, plus 3 years for proof of consent |
When the retention period ends, data is deleted or irreversibly anonymised.
8. How we protect your data
We apply the security measures required by Article 31 of Law 18-07, including:
- Encryption in transit (TLS) on all public endpoints;
- Encryption at rest for databases and backups;
- Access controls: role-based access, two-factor authentication for staff, least-privilege principle;
- Network isolation of customer workloads;
- Continuous monitoring with public status page (status.pivocloud.com);
- Backup and disaster recovery procedures;
- Documented incident response procedure, including notification to the ANPDP and to affected users in case of a personal data breach, in line with Article 31 of Law 18-07.
No system is perfectly secure, but we work continuously to keep your data safe.
9. Your rights
Under Law 18-07 and Law 25-11, you have the following rights regarding your personal data:
- Right of access — obtain a copy of the personal data we hold about you;
- Right of rectification — correct inaccurate or incomplete data;
- Right of erasure — request that we delete your data, subject to legal retention obligations;
- Right to object — object to processing based on our legitimate interest, including direct marketing;
- Right of portability — receive your data in a structured, commonly used format;
- Right to withdraw consent — at any time, where processing is based on your consent;
- Right to lodge a complaint — with the ANPDP (see Section 14).
To exercise any of these rights, contact us at legal@pivocloud.com. We will respond within 30 days of receiving your request, in line with the time limits set by the ANPDP. We may need to verify your identity before acting on your request.
There is no charge for exercising your rights, except for manifestly unfounded or excessive requests.
10. Children
The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us at legal@pivocloud.com so we can delete it.
11. Cookies and similar technologies
We use a small number of cookies and similar technologies. You can manage your preferences from the cookie banner that appears on your first visit, or at any time from the cookie settings link in our footer.
| Category | Purpose | Examples | Consent required? |
|---|---|---|---|
| Strictly necessary | Authentication, session, security, load balancing | session, csrf_token | No (essential) |
| Analytics | Anonymous usage measurement | PostHog (self-hosted), Plausible | Yes |
| Functional | Remembering preferences (language, theme) | preference cookies | No (functional) |
| Marketing | We do not use marketing or advertising cookies | — | — |
Plausible is configured to collect only anonymous, aggregated metrics; it does not use persistent cookies and does not track individuals across sites.
PostHog is self-hosted on our own infrastructure (stats.pivocloud.com); no data is shared with third-party advertisers.
You can also block cookies through your browser settings; some parts of the Service may not function correctly if you do.
12. Automated decision-making
We do not use your personal data for automated decision-making that produces legal effects on you, including profiling.
13. Changes to this Policy
We may update this Policy to reflect changes in our practices or in the law. When we make a material change, we will notify you by email and on the Service at least 30 days before the new version takes effect. The "Last updated" date at the top of this page always reflects the current version.
We keep an archive of previous versions; you can request access at legal@pivocloud.com.
14. Authority and complaints
If you believe we have not handled your data properly, we encourage you to contact us first at legal@pivocloud.com so we can resolve the issue.
You also have the right to lodge a complaint with the ANPDP:
Autorité Nationale de Protection des Données à Caractère Personnel (ANPDP) Address: 15 Rue Yahia Omar Chérif, Hydra, Wilaya d'Alger, Algeria Website: https://anpdp.dz/
15. Governing law and jurisdiction
This Policy is governed by Algerian law. Any dispute relating to the processing of your personal data falls under the exclusive jurisdiction of the competent courts of Alger, without prejudice to your rights to lodge a complaint with the ANPDP or to bring a claim before the court of your place of residence where the law allows.
16. Contact
EURL PivoSide — Privacy Email: legal@pivocloud.com Postal: E1 S6 Station 13, premier étage, Incubateur du Cyber Parc de Sidi Abdellah, Rahmania, Alger, Algeria