Skip to content

Privacy Policy

Last updated: February 9, 2026

The Nerdy Cloud Guy (ABN: 61 249 659 708, "we", "us", "our") operates the Cloud Dashboard platform and related services at thenerdycloudguy.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data. By using our Service, you consent to the information practices outlined here.

1. Interpretation and Definitions

Key Terms

  • Account: A unique account created for you to access our Service.
  • Company: The Nerdy Cloud Guy (referred to as "we", "us", or "our"). The Company is the Data Controller under GDPR.
  • Cookies: Small files placed on your device containing browsing details.
  • Country: Australia.
  • Device: Any device that can access the Service, such as a computer, phone, or tablet.
  • Personal Data: Any information that relates to an identified or identifiable individual.
  • Service Provider: Any person or company that processes data on behalf of the Company.
  • Usage Data: Data collected automatically from use of the Service.
  • You/User: The individual or entity accessing the Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Name and email address
  • Password (stored as a one-way hash, never in plain text)

2.2 Data You Provide Through the Service

When you use the platform, you may create and store:

  • Flows (automated workflows and their configuration)
  • Templates (email templates for use in flows)
  • Data tables (structured data you define and populate)
  • Time-series data (metrics collected via HTTP checks and other sources)
  • Dashboards (visualisations of your data)
  • Forms and form submissions (including data submitted by your end users)
  • Webhook payloads (data sent to your flow triggers by external services)

2.3 Form Submission Data

If you use our Forms feature, submissions from your end users are stored on your behalf. Each submission records:

  • The form field values provided by the submitter
  • The submitter's IP address
  • The submitter's browser user-agent string
  • A timestamp of the submission
  • Any files uploaded as part of the submission

You are responsible for informing your own end users about data collection through your forms.

2.4 Technical & Usage Data

  • Session data: We use server-side sessions (encrypted) to keep you logged in. Sessions expire after 35 minutes of inactivity or when you close your browser.
  • Usage metrics: We track aggregate usage counts per tenant and billing period (e.g., number of emails sent, flow runs, dashboard queries). This data does not identify individual users.
  • Event logs: We log actions you perform within the platform (e.g., creating a flow, running a flow) for auditing and debugging purposes.
  • Usage Data: We automatically collect information such as your IP address, browser type and version, pages visited, time and date of visits, time spent on pages, unique device identifiers, and diagnostic data.

3. Third-Party Services

The Service integrates with the following third-party providers. When you use these integrations, data is shared as described:

3.1 Amazon Web Services (AWS)

  • SES (Simple Email Service): We send transactional emails (registration, password reset, flow-generated emails) through AWS SES. Recipient email addresses and email content are transmitted to AWS. We track bounce and complaint notifications to maintain email deliverability.
  • SQS (Simple Queue Service): Used for background processing of email delivery and other asynchronous tasks.
  • S3 (Simple Storage Service): Used to store uploaded files such as form submission attachments and static website assets.
  • SSM (Systems Manager): Used to securely store application configuration parameters.

3.2 InfluxDB

Time-series data you collect through the platform is stored in InfluxDB, a dedicated time-series database. Each tenant's data is isolated in a separate bucket.

3.3 Facebook / Instagram / Meta

If you connect a Facebook or Instagram integration, we request the following permissions via OAuth:

Facebook:

  • pages_show_list -- to display your connected Facebook pages
  • pages_manage_posts -- to publish posts to your pages on your behalf
  • pages_read_engagement -- to read engagement metrics on your posts

Instagram:

  • instagram_basic -- to discover Instagram Business accounts linked to your Facebook Pages
  • instagram_content_publish -- to publish image posts to Instagram on your behalf

We store your OAuth access token (encrypted), Facebook Page identifiers, and linked Instagram Business account identifiers. We only post to Facebook or Instagram when explicitly triggered by a flow you have configured.

Data Deletion: You can disconnect your Facebook or Instagram integration at any time from the Connections page, which revokes and deletes all stored access tokens and associated data. To request deletion of all data obtained through Facebook or Instagram, disconnect the integration from the Connections page or email support@thenerdycloudguy.com.

3.4 Cloudflare Turnstile

We use Cloudflare Turnstile on password-protected public pages (dashboards and data tables) to prevent automated abuse. When you access these pages, Cloudflare may process your IP address and browser information to verify you are human. See Cloudflare's Privacy Policy.

3.5 Enzoic

During password creation and changes, we check whether your chosen password has appeared in known data breaches. We send only a partial hash prefix (10 characters of a SHA-256 hash) to Enzoic's API -- your full password is never transmitted. See Enzoic's Privacy Policy.

3.6 SMTP Email Providers

If you configure an SMTP connection (e.g., for sending emails via your own mail server), the email addresses and content of emails sent through that connection are transmitted to the SMTP server you specify.

3.7 Google Analytics

We may use Google Analytics, a web analytics service, to track and report website traffic and user behaviour. You can opt out via the Google Analytics opt-out browser add-on. See Google's Privacy Policy.

3.8 Stripe

We use Stripe to process payments. Your payment card details are handled directly by Stripe and are not stored on our servers. Stripe complies with PCI-DSS standards. See Stripe's Privacy Policy.

4. How We Use Your Information

  • To operate the Service: Running your flows, storing your data, sending emails you configure, and displaying your dashboards.
  • To authenticate you: Verifying your identity when you log in and managing your session.
  • To communicate with you: Sending transactional emails such as password resets, account notifications, and security alerts (e.g., IP address changes).
  • To maintain security: Checking passwords against breach databases, logging authentication events, and detecting abuse.
  • To track usage: Measuring platform usage per tenant for billing and capacity planning.
  • To manage your account: Managing your registration and providing access to functionality available to registered users.
  • To process payments: Handling transactions for products or services you purchase.
  • To improve the Service: Data analysis, identifying usage trends, and evaluating the effectiveness of our Service.

5. Data Security

  • Encryption in transit: All connections to the Service are encrypted via HTTPS/TLS.
  • Encryption at rest: Passwords are hashed with bcrypt. API tokens, OAuth credentials, two-factor authentication secrets, and session data are encrypted using AES-256-CBC.
  • Access control: Data is isolated per tenant. Users can only access resources belonging to their own tenant.
  • Two-factor authentication: Available for all accounts to add an additional layer of security.
  • Payment security: Payment card details are processed by Stripe, which complies with PCI-DSS standards set by the PCI Security Standards Council. We do not store card details.

While we use commercially acceptable security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

6. Data Retention

  • Account data: Retained for as long as your account is active. When you delete your account, your user record and associated password reset tokens are removed.
  • Flow runs and event logs: Retained for operational and debugging purposes. Contact us if you need historical data removed.
  • Time-series data: Retained according to the retention period you configure for each time series (default varies).
  • Form submissions: Retained until you delete them through the platform.
  • Sessions: Expire after 35 minutes of inactivity or when the browser is closed.
  • Usage Data: Generally retained for shorter periods unless used for security enhancement, Service functionality improvement, or as legally required.

7. Data Transfer

Your information, including Personal Data, is processed at our operating offices and other locations where processing parties are situated. This may involve transfer to computers outside your jurisdiction with potentially different data protection laws. Your consent to this Privacy Policy constitutes agreement to such transfers. We take reasonable steps to ensure secure data treatment and only transfer Personal Data where adequate controls exist.

8. Disclosure of Personal Data

  • Business transactions: Personal Data may be transferred in the event of a merger, acquisition, or asset sale, with prior notice provided before the transfer.
  • Law enforcement: We may disclose Personal Data if required by law or in response to valid requests by public authorities.
  • Other legal requirements: We may disclose Personal Data in good faith when necessary to comply with legal obligations, protect our rights or property, prevent or investigate wrongdoing, protect user or public safety, or protect against legal liability.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data via your account settings
  • Delete your account and associated data
  • Export your data (form submissions can be downloaded as ZIP files; data tables and dashboards are accessible via the platform)
  • Disconnect third-party integrations (e.g., Facebook) at any time
  • Revoke API tokens at any time

To exercise any of these rights, contact us at the address below.

10. GDPR Rights (European Users)

If you are within the European Union, you have additional rights under the General Data Protection Regulation:

We may process your Personal Data under the following legal bases:

  • Consent: You have given consent for processing for specific purposes.
  • Contract performance: Processing is necessary for the performance of a contract with you.
  • Legal obligations: Processing is required by applicable law.
  • Vital interests: Processing is necessary to protect your vital interests or those of another person.
  • Legitimate interests: Processing is necessary for our legitimate business interests, provided they are not overridden by your rights.

Your GDPR Rights

  • Access: Obtain a copy of the Personal Data we hold about you.
  • Correction: Request correction of incomplete or inaccurate information.
  • Object to processing: Object to processing based on legitimate interests or for direct marketing purposes.
  • Erasure: Request deletion of your Personal Data when there is no valid reason for continued processing.
  • Data portability: Receive your Personal Data in a structured, machine-readable format for transfer to a third party.
  • Withdraw consent: Withdraw your consent at any time, which may limit access to some Service features.

To exercise these rights, contact us using the details below. We may need to verify your identity before processing your request. You also have the right to complain to your local Data Protection Authority.

11. Cookies

We use a single session cookie to maintain your authenticated session. This cookie is:

  • Encrypted and HTTP-only (not accessible to JavaScript)
  • Marked as Secure (HTTPS only)
  • Set with SameSite=Lax for CSRF protection

We do not use advertising cookies, tracking cookies, or third-party analytics cookies on the Cloud Dashboard platform itself.

12. "Do Not Track" Policy

The Service does not currently respond to Do Not Track browser signals. You can enable or disable Do Not Track through your browser preferences or settings.

13. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

The Service may contain links to third-party websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

16. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

The Nerdy Cloud Guy ABN: 61 249 659 708 Email: support@thenerdycloudguy.com Website: thenerdycloudguy.com