Privacy Policy

The data controller for this website is:

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Consent — Analytics and marketing cookies (Google Analytics 4). You can withdraw consent at any time via the cookie banner or browser settings.
• Legitimate Interest — Security monitoring, error tracking (Sentry), spam prevention (reCAPTCHA), and performance optimization.
• Contractual Necessity — Processing data required to fulfil booking requests (Cal.com) and respond to contact form submissions.

3.1 Contact Form

When you submit the contact form, we collect your name, email address, and message. This data is sent to AWS Lambda and forwarded via Amazon SES to our email.

3.2 Booking System

When you book a consultation, we collect your name, email address, and timezone via the Cal.com scheduling API.

3.3 Analytics (Google Analytics 4)

With your consent, we use GA4 to collect anonymised usage data including page views, scroll depth, engagement time, and outbound link clicks. GA4 sets cookies such as _ga, _ga_*, and _gid.

3.4 Error Tracking (Sentry)

We use Sentry for error tracking, session replay (10% sampling rate), and performance traces to identify and fix issues. Sentry may collect browser metadata, error stack traces, and anonymised session data.

3.5 Spam Prevention (reCAPTCHA v3)

The contact form is protected by Google reCAPTCHA v3, which analyses user behaviour to prevent spam. reCAPTCHA may set its own cookies and collect device/browser data.

3.6 AI Chat

Messages you send in the AI chat are forwarded to AWS Bedrock (Anthropic Claude) for processing. Messages are rate-limited to 15 requests per minute per IP address. Messages are not permanently stored on our servers and are cleared when the session ends.

3.7 Push Notifications

If you opt in to push notifications, we store your subscription endpoint URL and encryption keys (VAPID) on our server to deliver notifications.

3.8 Authentication

AWS Cognito is used for admin-only access. No visitor authentication data is collected.

3.9 Blog

We publish blog posts on cloud architecture, cybersecurity, and web development. The blog does not collect any personal data beyond standard analytics (if consented). Blog content is statically generated at build time.

3.10 Progressive Web App (PWA)

This website can be installed as a Progressive Web App. The service worker caches static assets and pages for offline access. An IndexedDB queue stores analytics events and failed requests temporarily when you are offline, sending them when connectivity is restored. PWA install and update prompts store dismiss state in localStorage/sessionStorage.

3.11 Functional Data

We store a sidebar state cookie (7 days), theme preferences, announcement read/dismiss state, and cookie consent choices in localStorage for a better browsing experience. These are strictly functional and do not track you.

We share data with the following third parties, solely for the purposes described above:

• Contact form submissions: retained in our email inbox until manually deleted.
• Booking data: retained by Cal.com per their retention policy; we retain booking confirmations in email.
• Analytics data (GA4): retained for 14 months (Google default), then automatically deleted.
• Sentry data: retained for 90 days, then automatically purged.
• AI chat messages: not permanently stored; cleared at end of session.
• Push notification subscriptions: retained until you unsubscribe or the subscription expires.
• Cookies: see our Cookie Policy for specific retention periods.

If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:

• Right of Access — request a copy of the personal data we hold about you.
• Right to Rectification — request correction of inaccurate or incomplete data.
• Right to Erasure — request deletion of your personal data.
• Right to Data Portability — receive your data in a structured, machine-readable format.
• Right to Object — object to processing based on legitimate interest.
• Right to Withdraw Consent — withdraw your consent at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority or your local supervisory authority.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete — request deletion of your personal information.
• Right to Opt-Out — opt out of the "sale" or "sharing" of your personal information. We do not sell personal information.
• Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise any of the rights described above, please contact us at:

tbaltzakis@cloudless.gr

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

This website uses cookies and similar technologies. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

Some of our third-party service providers are based in the United States, including Amazon Web Services, Google, Sentry, and Anthropic. When your data is transferred outside the EEA, we rely on:

• The EU-US Data Privacy Framework (where applicable)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• The provider's own data protection commitments and certifications

This website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at tbaltzakis@cloudless.gr and we will promptly delete the data.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. The updated policy will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically.

If you have any questions or concerns about this Privacy Policy, please contact: