Privacy Policy

1. Introduction

Bifrost Sovereign ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sovereign cloud infrastructure services.

As an EU-based company, we comply fully with the General Data Protection Regulation (GDPR) and all applicable European data protection laws.

2. Data Controller

Bifrost Sovereign is the data controller responsible for your personal data. For any questions about this policy or our data practices, contact our Data Protection Officer:

3. Information We Collect

We collect the following categories of personal data:

• Account Information: Name, email address, company name, billing address, and payment details
• Usage Data: Service usage metrics, API calls, resource consumption, and performance data
• Technical Data: IP addresses, browser type, device information, and access logs
• Communications: Support tickets, emails, and other correspondence
• Customer Content: Data you store or process using our infrastructure services

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract Performance: To provide and manage your cloud services
• Legitimate Interests: For security, fraud prevention, and service improvement
• Legal Obligations: To comply with tax, accounting, and regulatory requirements
• Consent: For marketing communications (where applicable)

5. How We Use Your Information

Your personal data is used to:

• Provision, maintain, and improve our cloud infrastructure services
• Process payments and manage your account
• Provide technical support and respond to inquiries
• Send service notifications and security alerts
• Ensure compliance with our terms of service and acceptable use policies
• Detect and prevent fraud, abuse, and security incidents
• Generate anonymized analytics to improve our services

6. Data Storage and Security

All data is stored exclusively on EU-based infrastructure. We implement comprehensive security measures including:

• End-to-end encryption for data in transit and at rest
• ISO 27001 certified data centers
• Multi-factor authentication and access controls
• Regular security audits and penetration testing
• 24/7 security monitoring and incident response

7. Data Sharing and Transfers

We do not sell your personal data. We may share data with:

• Service Providers: EU-based processors who assist in delivering our services
• Legal Authorities: When required by EU law or valid legal process
• Business Transfers: In connection with mergers or acquisitions

No transfers outside the EU/EEA: Your data remains within European jurisdiction at all times.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Limit processing of your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@bifrostsovereign.com. We will respond within 30 days.

9. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is retained for the duration of your service agreement plus 7 years for tax and legal compliance. Usage logs are retained for 90 days unless required longer for security investigations.

10. Cookies and Tracking

We use essential cookies to operate our services and optional analytics cookies to improve user experience. See our Cookie Policy for detailed information about the cookies we use and how to manage your preferences.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You may contact your local data protection authority or the authority in the EU member state where Bifrost Sovereign is established.