Privacy policy
Last updated: May 2, 2026
CloudRoute (“we”, “us”, “our”) operates cloudroutehq.com and provides demand-generation services to AWS consulting partners. This policy explains what personal data we collect, why, who we share it with, and the rights you have over it.
This is a plain-English summary. If anything here conflicts with our binding agreements (e.g. partner contracts), the contracts govern.
Who is the data controller
CloudRoute, registered in the United States, is the data controller for personal data submitted through cloudroutehq.com and processed in the partner dashboard (when launched). For matters under EU/UK GDPR, you can reach us at privacy@cloudroutehq.com.
What we collect
From visitors to cloudroutehq.com
- Analytics events — page views, clicks, and form interactions, captured by PostHog and Plausible. Plausible is cookieless and stores no personal identifiers. PostHog uses cookies and can be opted out via the cookie banner.
- IP address and user-agent — collected in standard server logs (Vercel hosting) and used for security, rate limiting, and basic geographic aggregation. Retained for 30 days.
From partner-program applicants
The application form collects: name, firm, work email, website, AWS Partner Network tier, region, capabilities, and any free-text notes you provide. We use this only to evaluate fit and respond to the application. We do not sell or share it.
From dashboard users (when launched)
Authentication identifiers (email, optional MFA factors) handled by Clerk; firm-level data including team members, integration credentials (encrypted), and lead-related records. Documented in detail in the dashboard's in-app privacy notice once it ships.
Why we collect it
- To deliver the service — route leads, run the partner application process, send notifications.
- To improve the service — aggregated analytics on what content and flows perform.
- To keep things working safely — rate limiting, abuse detection, audit trails.
- Legal compliance — invoicing records, data subject requests.
Who we share it with (subprocessors)
We share personal data only with the vendors below, only for the purposes described, and only under data-processing agreements that bind them to comparable protections.
| Vendor | Purpose | Region |
|---|---|---|
| Vercel | Web hosting | USA / global edge |
| Resend | Transactional email (application notifications) | USA |
| PostHog | Product analytics | USA (US cloud) |
| Plausible | Site analytics (cookieless) | EU |
| Clerk (planned) | Authentication, MFA | USA |
| Stripe (planned) | Payment processing for membership | USA |
| Neon (planned) | Postgres database | USA / EU |
Cookies
We use the minimum cookies required to operate the site:
- Strictly necessary — session cookies set by Vercel for security. Cannot be disabled.
- Analytics — PostHog sets a cookie to deduplicate visitors. Opt out via the banner; we will respect your choice and not initialize PostHog. Plausible uses no cookies.
- Authentication — when the dashboard launches, Clerk sets session cookies after sign-in. Required to keep you logged in.
Retention
- Application submissions: kept for 24 months from receipt unless you ask us to delete sooner.
- Analytics events: 12 months for PostHog, indefinite aggregated counts for Plausible.
- Hosting logs: 30 days.
- Dashboard records (once active): kept for the life of the partner contract plus 24 months after termination, then deleted.
Your rights
Under EU/UK GDPR and equivalent laws, you can ask us to:
- Access the personal data we hold about you
- Correct anything inaccurate
- Delete it (subject to legal-hold exceptions)
- Export it in a portable format
- Object to processing or restrict it
- Withdraw consent for analytics
Email privacy@cloudroutehq.com. We respond within 30 days.
International transfers
Several of our subprocessors are US-based. When personal data moves from the EU/UK to the US, we rely on the EU-US Data Privacy Framework or Standard Contractual Clauses, whichever is applicable to the specific subprocessor.
Security
Encryption in transit (TLS 1.3), at rest (provider-managed), MFA available for staff and partner accounts, principle-of-least-privilege access control, audit logging on every meaningful action. Security disclosures: security@cloudroutehq.com.
Changes
We'll update this page when our practices change. The “last updated” date at the top reflects the most recent revision. Material changes get a separate notice to active partners.
Contact
Questions: privacy@cloudroutehq.com. CloudRoute is based in the United States and operates globally.