Privacy Policy

Welcome to Cubeless (also referred to as "we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how we collect, use, share, and protect the personal information of visitors to our website and users of our services ("you," "your," "user," "consumer").

This Policy applies to anyone whose personal data we collect — including residents of the European Union (for whom GDPR applies) and residents of California (for whom CPRA/CCPA apply).

If you are under the age of 16 and believe that we may have collected your personal information, please contact us — we do not knowingly allow collection of minors' data.

We may collect the following categories of personal information when you use our website or services:

We collect this personal information:

• Directly from you when you register, sign up, log in, contact support or otherwise input data.
• Automatically through your use of our website or services (e.g., cookies, logs, analytics tools).

We process your personal data for the following legitimate business purposes:

• To provide and maintain our authentication, SSO, and MFA services;
• To process registrations, account setup, login, passwordless or multi-factor authentication flows;
• To communicate with you — e.g. respond to support requests, send important notices (service changes, security alerts, updates);
• To monitor and improve service performance, reliability, and security;
• To detect, prevent, investigate, and mitigate fraudulent or abusive activities;
• To comply with legal obligations, and enforce our Terms of Service;
• If applicable — to process payments, billing, invoices, and related financial transactions;
• For analytics and business-development purposes (e.g., usage statistics, product improvement), while preserving user privacy.

We may share or disclose personal information under the following circumstances:

• With our service providers, sub-processors, and vendors who help us provide our services (e.g. hosting providers, email services, payment processors, analytics tools). We require such third-parties to protect your data and use it only for the purposes permitted by us.
• With affiliates or as part of a corporate transaction (e.g. merger, acquisition, sale) — in which case we'll notify you before transferring data.
• To comply with legal obligations, court orders, or governmental authorities; to protect the rights, property, or safety of Cubeless, its users, or the public; or to enforce our terms.
• When you consent or direct us to share your data.

We implement "reasonable and appropriate" technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction — including encryption, secure access controls, firewalls, monitoring, and regular security assessments.

We limit access to personal information to employees, contractors, and service providers who need to know that information to carry out their work.

We retain personal data only for as long as necessary to fulfill the purposes described above (e.g. for providing authentication services, supporting your account, responding to requests) — unless a longer retention period is required or permitted by law.

When data is no longer needed, we will securely delete or anonymize it.

Depending on where you live, you may have the following rights regarding your personal data:

If you wish to exercise any of these rights, contact us as described below (see Contact Information). We will respond according to applicable law, typically within 30 days.

We, and our third-party partners, may use cookies, web beacons, tracking scripts, analytics, and similar technologies to collect usage and technical data.

You can control or disable cookies via your browser settings. Disabling cookies may affect functionality of the site (e.g. login flow, session persistence).

If we process personal data based on consent via cookies (or similar), we will provide a "cookie banner/consent mechanism" at first visit — per GDPR requirements.

If you are located in the European Economic Area (EEA) and we transfer your data outside the EEA (e.g. to the U.S.), we will implement appropriate safeguards (e.g. Standard Contractual Clauses, or other lawful mechanisms) to ensure your data remains protected according to GDPR standards.

Our services are intended for use by adults (18+). We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from someone under 16 without verification of parental consent, we will promptly delete such data.

If you are a California resident, you have additional rights under the CPRA / CCPA:

• Right to know what personal information is collected, used, disclosed, or sold;
• Right to request deletion or access to your data;
• Right to opt out of sale or sharing of personal information (though we do not sell personal data);
• Right to limit use of "sensitive personal information" if applicable;
• Right to non-discrimination for exercising your privacy rights.

If you want to exercise those rights, contact us using the methods below.

If you have any questions, requests, or concerns about your personal data or this Privacy Policy, you can contact us at:

We may update this Privacy Policy from time to time (for example, when we change our data practices or in response to new laws). We will notify users of material changes via email or by posting an updated version on our website with a new "Last Updated" date. We encourage you to check this page periodically.

• This Privacy Policy is not a guarantee that data breaches will never happen; we commit to reasonable security measures, but cannot guarantee absolute security.
• Use of our services constitutes acceptance of this Privacy Policy.
• If any part of this policy is found invalid or unenforceable, the remaining provisions will continue in effect.