Privacy Policy

1. Principles of Privacy

At CloudFam, we recognize that privacy is a fundamental human right and a cornerstone of the trust our publishers and end-users place in us. We are fully committed to maintaining the confidentiality, integrity, and security of every category of personal, financial, and technical data you entrust to our platform. This Privacy Policy ("Policy") governs all data practices of CloudFam Services, LLC ("CloudFam," "We," "Us," "Our") in connection with your use of cloudfam.io, our mobile applications, APIs, developer tools, and all associated services (collectively, the "Platform").

This Policy is intended to be read in conjunction with our Terms of Service and any additional product-specific privacy disclosures. Where a conflict exists between this Policy and a more specific disclosure, the more specific disclosure will govern. We encourage you to read this Policy carefully and in its entirety. If you do not agree with our data practices as described herein, you should discontinue use of the Platform immediately.

1.1 Privacy by Design

We adhere to a formal "Privacy by Design" philosophy, a framework originally developed by Information and Privacy Commissioner Ann Cavoukian that mandates data protection measures be embedded proactively into the architecture of our systems and business processes — not retrofitted as an afterthought. In practice, this means that every new feature, infrastructure change, and third-party vendor integration undergoes a documented privacy impact assessment before it is released into production. Our engineering and compliance teams work in tandem to ensure that data minimization, purpose limitation, storage limitation, and security-by-default are applied at every layer of our technology stack.

1.2 Our Core Privacy Commitments

We operate under the following foundational commitments that guide every data processing decision we make:

• Data Minimization: We collect only the minimum amount of personal data that is strictly necessary to deliver the services you request. We do not collect data speculatively or for vague future purposes.
• Purpose Limitation: Data collected for one specific, declared purpose will not be repurposed for a different, incompatible purpose without your explicit consent or a clear legal basis.
• Transparency: We will always be clear and honest about what data we collect, why we collect it, how we use it, and with whom we share it. This Policy is the primary instrument of that transparency.
• No Sale of Personal Data: We will never sell, rent, auction, or otherwise transfer your personal information to any third party for their independent commercial gain. Your data is not a product at CloudFam.
• User Empowerment: We are committed to providing you with meaningful, accessible, and enforceable rights over your personal data, and we will honor all valid rights requests in a timely manner.

1.3 Scope and Applicability

This Policy applies to all individuals who interact with CloudFam in any capacity, including registered publishers, end-users who download files shared via the platform, visitors to cloudfam.io who have not created an account, and developer partners who access the platform via the API. Different categories of users may have different data relationships with us, as detailed in the relevant sections of this Policy. By accessing or using the Platform in any capacity, you acknowledge that you have read, understood, and consent to the data practices described herein.

2. Information Collection

CloudFam collects several distinct categories of information to power, secure, and continuously improve our services. Our data collection practices are strictly limited to information that serves a legitimate, identified purpose within our platform operations. We do not engage in bulk or speculative data collection.

2.1 Data Provided Voluntarily by Publishers

When you register as a publisher or interact with various platform features, you directly and knowingly provide certain categories of personal data:

• Identity and Account Data: Your chosen username or display name, your primary email address used for account correspondence and notifications, and any optional profile information you choose to add to your account, such as a profile picture or biographical description.
• Authentication and Security Data: Your account password, which is immediately and irreversibly processed through a modern, salted cryptographic hashing algorithm (such as bcrypt or Argon2) before storage. We never store plaintext passwords under any circumstance. If you enable multi-factor authentication (MFA), the associated TOTP secret or hardware key binding is also stored in encrypted form.
• Identity Verification Data: Where required for withdrawal processing or account security escalations, you may be asked to provide a government-issued photo identification document (e.g., passport, national ID, or driver's license) and a proof of address document (e.g., utility bill or bank statement dated within 90 days). This data is handled under the most restrictive access controls on our platform and is processed through our designated KYC/identity verification partner.
• Communications Data: The full content of any correspondence you initiate with CloudFam, including support ticket submissions, email inquiries, Telegram messages to our official support channel, and any other written communication directed to CloudFam staff. This data is retained to provide continuity of support and for quality assurance purposes.

2.2 Financial and Payment Data

To facilitate the accurate calculation and disbursement of your PPD earnings, CloudFam collects specific payment identifiers that you provide through the withdrawal settings section of your account dashboard. This includes:

• UPI IDs: Your registered Unified Payments Interface identifier for Indian domestic bank transfers.
• Indian Bank Account Details: Your full bank account number and the associated IFSC code of your banking institution for direct NEFT/IMPS transfers.
• Cryptocurrency Wallet Addresses: Your Bitcoin (BTC) wallet address and/or your USDT (TRC-20 network) deposit address for cryptocurrency withdrawals. Please note that cryptocurrency addresses are public-ledger identifiers; CloudFam only stores the address string and does not have access to your private keys or seed phrases under any circumstance.

All financial identifiers are stored in an isolated, encrypted database partition that is entirely separate from the primary account database, subject to strict role-based access controls, and is accessible only to the automated payout processing system and a strictly limited group of authorized finance administrators during withdrawal windows.

2.3 Automatically Collected Technical Data

When any user — whether a registered publisher or an anonymous end-user downloading a file — interacts with CloudFam's infrastructure, our systems automatically log a range of technical metadata. This data is collected passively and is essential for the operation, security, and integrity of the platform:

• Network and Connection Data: The full IP address of each request, the name of the user's Internet Service Provider (ISP), the autonomous system number (ASN), and an approximate geographic location (city and country level) derived from the IP address via geolocation lookup. This data is the primary input for our traffic tier classification and fraud validation systems.
• Device and Browser Data: The User-Agent string of the requesting browser or application, which encodes the browser name, version, rendering engine, and operating system. Additional device signals collected for fingerprinting purposes include screen resolution, color depth, installed language pack, timezone identifier, and WebGL renderer information. These signals are combined into an anonymized composite fingerprint used for fraud detection.
• Usage and Behavioral Data: Pages visited on the platform, timestamps of each request, time spent on interstitial redirection pages, the URL of the referring website or application that directed a user to a CloudFam-hosted file (HTTP Referrer), and interaction events such as button clicks and scroll depth during the download verification flow.
• Server and Performance Logs: HTTP response codes, latency measurements, bandwidth consumed per request, and error logs. These are used exclusively for infrastructure monitoring, capacity planning, and debugging operational issues.

3. Use of Personal Data

Every category of data we collect is tied to a specific, legitimate purpose. We do not use your data in ways that are incompatible with the purposes for which it was originally collected. The following describes how each category of information we hold is put to use within our operations:

3.1 Account Management and Service Delivery

Your identity and account data (username, email, password hash) is used primarily to create and maintain your account, authenticate your identity upon login, send you transactional notifications such as withdrawal confirmations, security alerts, and important policy updates, and provide you with access to the full suite of publisher tools available on the platform. Without this data, we are fundamentally unable to deliver the services you have registered for.

3.2 Content Hosting and Distribution

The technical metadata associated with your uploaded files — including file names, sizes, types, and upload timestamps — is used to maintain your file library within our storage infrastructure, generate shareable download links and embed codes, populate your dashboard statistics, and enforce storage quotas and content retention policies as described in our Terms of Service.

3.3 Earnings Calculation and Financial Settlement

Download event data, including IP addresses, timestamps, and session completion signals, is processed by our PPD calculation engine to determine the number of validated unique downloads attributable to each publisher's files, the applicable geographic tier for each download event, and the resulting earnings credit to be applied to the publisher's account balance. Your payment identifiers are used solely to execute approved withdrawal transactions to your designated payment method.

3.4 Fraud Prevention and Platform Integrity

A significant portion of our data processing activity is dedicated to the ongoing protection of our advertising partners, publishers, and end-users from fraudulent activity. Device fingerprints, IP reputation data, behavioral signals, and session metadata are analyzed by our anti-fraud engine to identify and reject non-human traffic, detect coordinated click-fraud campaigns, identify multi-account abuse, prevent DMCA evasion through re-upload networks, and flag anomalous withdrawal patterns that may indicate account compromise or financial fraud. This processing is fundamental to maintaining the commercial viability and integrity of the CloudFam ecosystem.

3.5 Platform Optimization and Research

Aggregated and fully anonymized usage data — from which all personally identifiable information has been irreversibly removed — is analyzed by our engineering and product teams to understand how publishers and end-users interact with different features of the platform, identify bottlenecks and areas for performance improvement in our file delivery infrastructure, prioritize future product development initiatives, and model network capacity requirements. No individual user can be identified from this aggregated data.

3.6 Legal and Regulatory Compliance

Certain data is retained and may be used to comply with applicable laws and regulatory requirements, including financial record-keeping obligations under tax law, responding to legally valid requests from courts or law enforcement agencies, enforcing our Terms of Service and other platform policies, and protecting the rights, property, and safety of CloudFam, our users, and the public.

4. Legal Grounds for Processing

CloudFam processes personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the United Kingdom, and equivalent privacy frameworks in other jurisdictions. Every processing activity conducted by CloudFam is grounded in one or more of the following recognized legal bases:

4.1 Contractual Necessity

The majority of our core data processing activities are necessary to perform the contract we have entered into with you upon your registration — namely, the Terms of Service. This legal basis covers processing required to create and maintain your account; host, store, and distribute your uploaded files; calculate and credit your PPD earnings; process your withdrawal requests; and provide you with customer support. Without this processing, we cannot deliver the contractual services you have signed up for, and this basis requires no separate consent.

4.2 Legitimate Interests

Some of our data processing activities are conducted on the basis of CloudFam's legitimate business interests, provided these interests are not overridden by your fundamental rights and freedoms. We rely on this basis for: fraud detection and prevention activities that protect the integrity of our advertising revenue model; network and information security monitoring to protect our infrastructure from attacks; improving and personalizing the platform experience based on aggregated usage data; conducting internal analytics and business intelligence; and enforcing our Terms of Service to protect other users and our commercial partners. We carry out a documented balancing test for each processing activity that relies on legitimate interests to ensure your rights are appropriately weighted.

4.3 Explicit Consent

For processing activities that are not strictly necessary for the performance of the core service contract or covered by legitimate interests, we will seek your explicit, informed, and freely-given consent prior to processing. This applies to: the use of non-essential analytical or advertising cookies placed on your browser; sending you non-transactional marketing communications about new features, promotions, or platform news; and any new processing purposes that were not described at the time of your original registration. You have the right to withdraw any consent you have given at any time without detriment, by contacting us at privacy@cloudfam.io or adjusting your notification preferences in the account dashboard.

4.4 Legal Obligation

CloudFam may be required by applicable law to process certain categories of your data. This includes retaining financial transaction records for the periods mandated by tax authorities in relevant jurisdictions, disclosing data in response to a valid court order, subpoena, or legally binding government request, reporting specific categories of illegal content (such as CSAM) to designated authorities (such as NCMEC), and complying with anti-money-laundering (AML) and know-your-customer (KYC) regulations where applicable to financial transactions processed on the platform.

5. Data Sharing & Disclosure

CloudFam is unequivocal in its commitment: we do not sell, rent, license, auction, or otherwise transfer your personal information to any third party for their independent commercial use. Your personal data is shared externally only in the strictly limited and specific circumstances described below, and in each case, only the minimum data necessary for the defined purpose is shared.

5.1 Payment Processing Partners

To execute your approved withdrawal requests, CloudFam must share your designated payment identifier with the relevant payment processing partner. For UPI and Indian bank transfers, this involves sharing your UPI ID or bank account and IFSC details with our banking partner's API. For cryptocurrency withdrawals, the transaction is broadcast directly to the respective blockchain network (Bitcoin or TRON for USDT TRC-20) by our automated payout system. These partners act as data processors under our instruction and are contractually bound to use your payment data solely for the purpose of executing the specific transaction and for no other purpose.

5.2 Cloud Infrastructure and Hosting Providers

CloudFam utilizes third-party cloud infrastructure providers (including premium data center operators and CDN networks) to host our platform and deliver your files to end-users globally. These providers necessarily process certain data in the course of hosting our services, including stored files, server logs, and network traffic. All infrastructure partners are subject to data processing agreements (DPAs) that strictly limit their use of any data encountered in the course of service delivery to providing the contracted infrastructure services, and prohibit any independent use, analysis, or sharing of your data.

5.3 Identity Verification Services

When identity verification is required prior to processing a withdrawal, the identity documents you submit are processed by our designated third-party KYC verification partner. This partner performs automated document authenticity checks and liveness verification in accordance with their own documented privacy policies and applicable data protection law. CloudFam receives only the verification outcome (verified/not verified) and a confidence score; we do not receive or retain a copy of your raw identity documents beyond the verification window.

5.4 Anti-Fraud and Security Services

Our traffic validation and fraud detection infrastructure utilizes IP reputation data feeds from specialized third-party threat intelligence providers. We share anonymized IP address data and derived behavioral signals with these providers solely for real-time fraud scoring. No personally identifiable information associated with registered publisher accounts is shared with these fraud intelligence services.

5.5 Legal, Regulatory, and Law Enforcement Disclosure

CloudFam may disclose personal data to governmental authorities, regulatory bodies, law enforcement agencies, or courts of competent jurisdiction when we determine in good faith that such disclosure is required to comply with applicable law, regulation, legal process, or enforceable governmental request; to enforce our Terms of Service or protect the rights, property, or safety of CloudFam, our users, or the public; or to investigate potential violations of our policies or applicable law. Where legally permitted, we will notify affected users of such disclosure requests prior to compliance. We publish an annual transparency report summarizing the volume and categories of legal requests received.

5.6 Business Transfers

In the event that CloudFam undergoes a merger, acquisition, sale of substantially all of its assets, or another form of corporate restructuring, your personal data may be transferred to the successor entity as part of that transaction. In such circumstances, we will provide advance notice via your registered email address and a prominent notice on the platform, and the successor entity will be bound by this Privacy Policy or a policy offering equivalent or greater protections.

6. International Data Transfers

CloudFam is a global platform with publishers and end-users located in countries around the world. To deliver a high-quality, low-latency service to this global audience, our infrastructure is distributed across multiple geographic regions, including data centers in North America, Europe, and Asia-Pacific. As a result, personal data collected from you may be transferred to and processed on servers located in countries other than your country of residence.

6.1 Transfers from the European Economic Area (EEA) and UK

For users located in the European Economic Area or the United Kingdom, transfers of personal data to countries that the European Commission or UK Information Commissioner's Office (ICO) has not recognized as providing an adequate level of data protection are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission, or equivalent transfer mechanisms recognized under UK data protection law. CloudFam has implemented SCCs in all relevant data processing agreements with third-party sub-processors that receive EEA/UK personal data. A copy of the applicable SCCs can be provided upon request at privacy@cloudfam.io.

6.2 Transfers from India

CloudFam processes a significant volume of data from Indian publishers. We comply with the applicable provisions of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as well as the Digital Personal Data Protection Act, 2023 (DPDPA) as it comes into effect. We implement appropriate safeguards for cross-border transfers of Indian personal data in accordance with evolving regulatory guidance from the Ministry of Electronics and Information Technology (MeitY).

6.3 General Safeguards

Regardless of where your data is processed, CloudFam applies the same standards of security, confidentiality, and access control described in this Privacy Policy. All international data transfers are made under contractual protections that require the receiving party to maintain protections at least equivalent to those described herein. By using the CloudFam platform, you acknowledge that your data may be processed in countries whose data protection laws differ from those of your home jurisdiction, and you consent to such transfers where legally required.

7. Security & Technical Protection

The security of your personal and financial data is one of CloudFam's highest operational priorities. We have implemented a comprehensive, multi-layered security program designed to protect against unauthorized access, accidental loss, destruction, or disclosure of your data. Our security measures are regularly reviewed, tested, and updated to address the evolving threat landscape.

7.1 Technical Security Controls

Our technical security infrastructure includes the following key controls:

• Encryption in Transit: All communication between your browser or application and CloudFam's servers is encrypted using TLS 1.3 (or TLS 1.2 as a fallback for legacy clients) with strong cipher suites. We enforce HTTP Strict Transport Security (HSTS) across all domains and subdomains to prevent protocol downgrade attacks.
• Encryption at Rest: Sensitive data stored in our databases, including financial payment identifiers, identity verification records, and authentication secrets, is encrypted at rest using AES-256 symmetric encryption with keys managed through a dedicated hardware security module (HSM). Our primary database storage volumes are also encrypted at the infrastructure level.
• Access Controls and Least Privilege: Access to systems that process personal data is governed by a strict role-based access control (RBAC) model grounded in the principle of least privilege. Every CloudFam employee and contractor is granted access only to the specific data and systems necessary to perform their defined job function. Access rights are reviewed quarterly and revoked immediately upon role change or employment termination.
• Network Security: Our production infrastructure is isolated within private virtual networks with strict firewall rules. Public-facing endpoints are protected by a Web Application Firewall (WAF), which filters malicious traffic patterns including SQL injection, XSS, and DDoS attacks. Internal network traffic is monitored continuously by intrusion detection systems configured to alert on anomalous patterns.
• Vulnerability Management: We conduct regular automated vulnerability scans of our codebase and infrastructure, supplemented by periodic third-party penetration tests performed by qualified security professionals. Critical vulnerabilities are triaged and remediated according to a documented severity-based response timeline.

7.2 Organizational Security Measures

Beyond technical controls, CloudFam maintains robust organizational security practices including: annual mandatory security awareness training for all employees who handle personal data; a documented incident response plan that defines roles, responsibilities, and escalation procedures for data breach scenarios; a formal vendor risk management program that evaluates the security posture of all third-party processors prior to engagement; and a data breach notification procedure that commits CloudFam to notifying affected users and relevant supervisory authorities within the legally required timeframes upon discovery of a qualifying security incident.

7.3 User Responsibility

While CloudFam implements rigorous technical and organizational security measures, the security of your account is also partially dependent on actions you take. We strongly encourage all publishers to: enable multi-factor authentication (MFA/2FA) on their account, which is the single most effective measure against account takeover; use a unique, long, and complex password for CloudFam that is not reused across any other service; store your API key securely and never expose it in client-side code; and immediately notify our security team at security@cloudfam.io if you suspect any unauthorized access to your account or any security vulnerability in our platform.

It is important to understand that no method of data transmission over the public internet and no method of electronic storage is absolutely guaranteed to be 100% secure. While we take every commercially reasonable measure to protect your data, CloudFam cannot guarantee perfect security and assumes no liability for security incidents that are beyond our reasonable control.

8. Data Retention Policy

CloudFam retains personal data for the minimum period necessary to fulfill the specific purpose for which it was collected, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. Upon the expiration of the applicable retention period, data is either securely deleted, anonymized beyond re-identification, or archived in compliance with applicable records retention law. The following retention schedules apply to the primary categories of data we hold:

• Account Identity and Profile Data: Retained for the full lifetime of your active account. Following account closure (whether voluntary or due to enforcement action), your primary account record and associated profile data are scheduled for permanent deletion within 30 calendar days. During this 30-day window, account restoration may be possible upon request to support@cloudfam.io.
• Financial Transaction Records: All records of earnings credits, withdrawal requests, and completed payment transactions are retained for a mandatory minimum period of 7 years from the date of the transaction, in accordance with international financial record-keeping standards and the requirements of various tax authorities whose jurisdictions are relevant to our operations. This retention persists regardless of account closure status.
• Payment Identifiers (UPI, Bank, Crypto): Payment method details stored in your account are deleted within 30 days of account closure or upon your explicit written request, except where retention is required in conjunction with the financial transaction records described above.
• Download Event and Traffic Logs: Raw download event logs, including IP addresses and device fingerprints captured for fraud validation, are retained in their full form for a period of 90 days from the date of capture. After this period, logs are processed to remove or irreversibly hash all personally identifiable fields, and the resulting anonymized aggregate data may be retained indefinitely for statistical modeling purposes.
• Identity Verification Documents: Documents submitted for KYC verification are retained only for the period required by our KYC provider's compliance obligations and applicable anti-money-laundering regulations, typically a period of 5 years following the verification event or the last withdrawal transaction, whichever is later.
• Support Correspondence: Records of support tickets and associated communications are retained for a period of 3 years from the date of closure of the relevant support case, to provide continuity of support and as a record in the event of subsequent disputes.
• Security and Audit Logs: System security logs, including login events, password change events, API access logs, and administrative action logs, are retained for a period of 12 months in their full form and then archived in anonymized form for an additional 24 months for security forensics and audit purposes.

9. Your Privacy Rights

CloudFam is committed to respecting and upholding your rights as a data subject under applicable global data protection frameworks, including the GDPR (for EEA/UK users), India's DPDPA, CCPA (for California residents, addressed in detail in Section 14), and equivalent laws in other jurisdictions. The following rights are available to all CloudFam users globally, to the extent provided by applicable law:

9.1 Right of Access

You have the right to request confirmation of whether CloudFam processes personal data about you, and if so, to receive a copy of that personal data along with supplementary information about the purposes for which it is processed, the categories of data involved, the recipients with whom it is shared, and the retention periods applicable. We will provide this information in a structured, commonly used, machine-readable format. Access requests are fulfilled within 30 calendar days of receipt, or up to 90 days for complex requests (with prior notification).

9.2 Right to Rectification

You have the right to request the correction of any inaccurate personal data we hold about you, and the completion of any incomplete personal data, without undue delay. For most categories of personal data — such as your email address, payment identifiers, and profile information — you can exercise this right directly and immediately through the account settings in your dashboard. For data that cannot be self-corrected through the dashboard, please contact privacy@cloudfam.io with a description of the inaccuracy.

9.3 Right to Erasure ("Right to Be Forgotten")

You have the right to request the permanent deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, when you withdraw your consent and no other legal basis applies, when you have successfully objected to our processing of the data, or when the data has been unlawfully processed. Please note that this right is not absolute; we may decline or partially fulfill erasure requests where retention is required to comply with a legal obligation (such as financial record-keeping requirements) or to establish, exercise, or defend legal claims.

9.4 Right to Data Portability

Where the legal basis for processing is either consent or contractual necessity, and the processing is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (such as JSON or CSV), and to transmit that data to another controller. This includes your account profile data, your file metadata catalog, and your earnings history records.

9.5 Right to Restriction of Processing

You have the right to request that we restrict our processing of your personal data — meaning we may continue to store it but will cease active processing — in specific circumstances: while the accuracy of data you have contested is being verified; when the processing is unlawful but you prefer restriction over erasure; when we no longer need the data but you require it for legal claims; or when you have objected to processing and a determination is pending.

9.6 Right to Object

You have the right to object, at any time, to our processing of your personal data where that processing is based on our legitimate interests. Upon receiving an objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

9.7 Exercising Your Rights

To exercise any of the rights described in this section, please submit a written request to privacy@cloudfam.io with the subject line "Data Subject Rights Request." We may ask you to verify your identity before processing your request to protect against unauthorized access to your personal data. There is no charge for exercising your rights in most circumstances. If you are dissatisfied with our response to a rights request, you have the right to lodge a complaint with the supervisory authority for data protection in your jurisdiction (e.g., your national Data Protection Authority within the EU, or the ICO in the UK).

10. Payout & Financial Data Handling

Given the inherently sensitive nature of financial data, CloudFam applies its most stringent data security and access control standards to all information related to payout processing. This section provides a detailed description of how your financial data is handled throughout its lifecycle on our platform.

10.1 Storage Architecture

Payment method data (UPI IDs, bank account details, and cryptocurrency wallet addresses) is stored in a dedicated, isolated database partition that is physically and logically separated from CloudFam's primary operational databases. This financial data store is encrypted at rest using AES-256 encryption with keys managed by a hardware security module (HSM). The partition is not accessible via any public-facing API endpoint and is not reachable from the general application server network.

10.2 Access Controls for Financial Data

Access to the financial data partition is restricted to two categories of principals: the automated payout processing system, which accesses your payment identifier programmatically and in read-only mode solely during the processing of an approved withdrawal request; and a strictly limited group of senior finance administrators who require elevated access for auditing, dispute resolution, or regulatory compliance purposes. All human access to financial data is logged, timestamped, and subject to quarterly audit review. No CloudFam employee has standing read access to your full payment identifiers outside of a specific, logged, and approved operational context.

10.3 Withdrawal Processing Security

Each withdrawal request you submit triggers a multi-step verification sequence before funds are released. This includes automated checks against our fraud detection engine, verification that the payment details have not been modified within a minimum cooling-off period following any recent changes (to protect against account hijacking), and, for requests above certain thresholds, a manual review step by an authorized finance team member. All withdrawal processing activities are recorded in an immutable audit log.

11. Cookies & Session Tokens

CloudFam uses browser cookies, local storage tokens, and similar tracking technologies to deliver and improve our services. This section explains what these technologies are, how we use them, and the choices available to you.

11.1 What Are Cookies?

Cookies are small text files placed on your device by a website you visit. They are widely used to make websites function efficiently, to remember your preferences, and to provide information to the website operator. Cookies set by CloudFam ("first-party cookies") are distinct from cookies set by third parties whose content or services may appear on our pages ("third-party cookies").

11.2 Categories of Cookies We Use

• Strictly Necessary / Essential Cookies: These cookies are absolutely required for the CloudFam platform to function. They include your authenticated session token (which keeps you logged in as you navigate between pages), CSRF protection tokens (which prevent cross-site request forgery attacks), and cookies that store your cookie consent preference. These cookies cannot be disabled without disabling the platform's core functionality.
• Functional / Preference Cookies: These cookies remember choices you make to improve your experience, such as your preferred language setting, your dashboard layout preferences, and whether certain notification banners have been dismissed. Disabling these cookies will not prevent you from using the platform but may result in a less personalized experience.
• Analytical and Performance Cookies: We use first-party analytical cookies to understand how publishers interact with the CloudFam dashboard and platform features. Data collected includes pages visited, time on page, features used, and navigation paths. This data is aggregated and used internally to prioritize product improvements. We do not use third-party analytics services (such as Google Analytics) that transfer your usage data to external parties for profiling.
• Anti-Fraud and Security Tokens: Certain session tokens and device fingerprint identifiers are stored locally to support our fraud detection systems, particularly for validating download sessions generated by end-users accessing shared files. These tokens expire automatically after each session cycle.

11.3 Managing Your Cookie Preferences

You can adjust your cookie preferences at any time through the Cookie Preferences panel accessible from the footer of any CloudFam page. Additionally, all modern web browsers provide settings that allow you to refuse some or all cookies, delete existing cookies, and receive alerts when new cookies are set. Please consult your browser's help documentation for specific instructions. Be aware that disabling essential cookies will prevent you from logging into your CloudFam account and accessing the publisher dashboard.

12. Traffic Analytics & Anti-Fraud Data

The integrity of the CloudFam PPD ecosystem depends on our ability to accurately distinguish authentic, human-generated download traffic from artificial or fraudulent traffic. To fulfill this function, our systems collect and process a detailed technical snapshot of every download event that occurs on files hosted on the platform.

12.1 Data Captured Per Download Event

For each download event, our validation engine records and analyzes the following data points:

• The full IPv4 or IPv6 address of the requesting device, used for IP reputation scoring, geographic tier classification, and the 24-hour unique download window enforcement.
• The complete HTTP User-Agent string of the requesting browser or application, used to identify known bot signatures and headless browser patterns.
• A composite, anonymized device fingerprint derived from browser and hardware signals, used to identify related sessions from the same physical device across different IP addresses.
• The HTTP Referrer header, indicating the URL of the page from which the user navigated to the download link, used for referral source quality scoring.
• The precise timestamp and duration of the interstitial verification session, used to assess behavioral authenticity.
• The session outcome — completed, abandoned, or flagged — which determines whether an earnings credit is applied to the publisher's account.

12.2 Data Use and Anonymization

All download event data is used exclusively for the purposes of validating download uniqueness, calculating PPD earnings, detecting and preventing fraud, and providing publishers with accurate statistics in their dashboards. This data is never used to build advertising profiles on end-users, sold to third-party marketing companies, or used for any purpose beyond the operational integrity of the CloudFam network. As described in Section 8, raw event logs containing full IP addresses are retained for 90 days and are thereafter anonymized through irreversible hashing and aggregation procedures.

12.3 Publisher Dashboard Statistics

The statistics presented in your publisher dashboard — including download counts by country, earning totals, and traffic source breakdowns — are derived from the processed and validated event data described above. All statistics displayed represent aggregated data and do not expose the personal data of any individual end-user to you as a publisher.

13. Children's Privacy

CloudFam is a platform designed and intended exclusively for adults. Specifically, the platform and all of its services are strictly limited to individuals who are at least 18 years of age, or the age of legal majority in their jurisdiction of residence, whichever is higher. We do not knowingly market to, solicit data from, or provide services to children or minors.

We do not knowingly collect, process, store, or use personal information from any individual under the applicable age of majority. The registration process includes an age certification requirement, and all users must affirmatively confirm they meet the minimum age requirement prior to account creation.

If CloudFam discovers or receives credible information indicating that personal data has been collected from a minor — whether through a misrepresentation of age during registration or any other means — we will take immediate action to: permanently delete all personal data associated with the minor from our systems; terminate the associated account and any associated financial balances; and, where applicable, notify the parent or legal guardian if contact information is known to us. If you are a parent or legal guardian and you believe that your child has provided personal information to CloudFam without your consent, please contact us immediately at privacy@cloudfam.io and we will act promptly to investigate and remediate the situation.

14. California (CCPA) Privacy Rights

This section applies specifically to residents of the State of California and supplements the rights described in Section 9. It is provided in compliance with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and its implementing regulations.

14.1 Categories of Personal Information Collected

In the preceding twelve (12) months, CloudFam has collected the following categories of personal information as defined by the CCPA:

• Identifiers: Account username, email address, and IP address.
• Financial Information: Bank account details, UPI IDs, and cryptocurrency wallet addresses collected for payout processing.
• Internet or Network Activity: Browsing activity on the CloudFam platform, device information, and download event logs.
• Geolocation Data: Approximate geographic location derived from IP addresses (city and country level).
• Inferences: Derived fraud risk scores and traffic quality classifications based on the above data.

14.2 Your CCPA Rights

As a California resident, you have the following rights under the CCPA/CPRA:

• Right to Know: The right to request disclosure of the specific pieces and categories of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom it is shared.
• Right to Delete: The right to request deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
• Right to Correct: The right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: CloudFam does not sell personal information in the traditional sense, nor do we share it for cross-context behavioral advertising purposes as defined under the CPRA. Therefore, this right is not currently applicable to our data practices. If this changes, we will update this Policy and provide the required "Do Not Sell or Share My Personal Information" link.
• Right to Limit Use of Sensitive Personal Information: To the extent CloudFam processes "sensitive personal information" as defined by the CPRA (such as financial account details), such processing is limited to the purposes specified in this Policy and the exceptions permitted under the CPRA.
• Right to Non-Discrimination: CloudFam will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge you different prices, or provide you with a lesser quality of service as a result of exercising your rights.

14.3 Submitting a CCPA Rights Request

To submit a verified CCPA rights request, please contact us at privacy@cloudfam.io with the subject line "California Privacy Rights Request." You may also designate an authorized agent to submit requests on your behalf by providing written authorization. We will respond to verifiable requests within 45 calendar days, with a possible extension of an additional 45 days where reasonably necessary, with prior notification. We are required to verify your identity before processing your request and may ask for additional information to do so.

15. Contact & Inquiries

CloudFam takes your privacy seriously and is committed to addressing all inquiries, concerns, and rights requests in a timely, transparent, and professional manner. Our dedicated Privacy and Data Compliance team is available to assist you with any questions you may have regarding this Privacy Policy, the manner in which we process your personal data, or the exercise of any of your rights as described herein.

15.1 How to Reach Us

For all privacy-related inquiries, rights requests, data breach reports, and general questions about our data practices, please use the following channels:

• Privacy and Data Compliance: privacy@cloudfam.io — for all formal data subject rights requests, GDPR/CCPA/DPDPA inquiries, and privacy impact questions.
• General Support: support@cloudfam.io — for account-related issues, technical support, and general inquiries.
• Security Vulnerability Reporting: security@cloudfam.io — for responsible disclosure of security vulnerabilities identified in the CloudFam platform.

15.2 Response Timelines

We are committed to acknowledging all privacy-related inquiries within 5 business days of receipt. Data subject rights requests will be fulfilled within the timelines specified in Section 9 and Section 14 of this Policy. If your inquiry is complex or requires consultation with legal counsel, we will notify you of the extended timeline and provide regular status updates. We do not charge a fee for responding to privacy inquiries or rights requests unless a request is manifestly unfounded or excessive, in which case we will notify you prior to processing.

15.3 Complaints to Supervisory Authorities

If you are located in the EEA or UK and are dissatisfied with our response to your privacy inquiry or rights request, you have the right to lodge a complaint with your local data protection authority (DPA). A list of EU DPAs is available at the European Data Protection Board website. UK residents may contact the Information Commissioner's Office (ICO). We always encourage users to contact us directly first so that we have the opportunity to address your concern.