Privacy Policy — Trees.cloud
Effective Date: May 1, 2025
1. Purpose & Scope
Plain-language summary: Trees.cloud aggregates publicly available and partner-supplied market data and sells subscription analytics to business customers. This policy explains how we collect, use, share, and protect personal data when you visit or use our website, APIs, and related services (collectively, the "Service").
Legal text. This Privacy Policy ("Policy") governs the processing of "Personal Data" (as defined under applicable law) by JPTR, Corporation ("JPTR," "we," "us," or "our") in connection with the Service located at https://trees.cloud. By accessing or using the Service, you acknowledge that you have read and understood this Policy.
2. Data We Collect
| Category | Examples | Source | Retention* |
|---|---|---|---|
| Website Visitor Data | IP address, device/OS, browser type, referring page, page views, cookies, event-timestamped analytics | Automatic | 30 days for raw logs; aggregated metrics retained indefinitely |
| Customer Account Data | Name, job title, company name, business email, physical/billing address, payment method (tokenized), subscription plan | Direct from user or employer | Duration of the account + 7 years for invoices |
| API Usage Logs | Auth token, caller IP, query parameters, rate-limit counters, response metadata | Automatic | 12 months |
| User-Supplied Data | Support tickets, feedback forms, emails, in-product chat | Direct from user | 3 years from last contact |
*Longer retention may apply if required by law, dispute resolution, or security investigations.
3. Legal Bases & Notice at Collection
GDPR (EEA/UK) legal bases
- Consent – e.g., for non-essential cookies or marketing communications.
- Contract necessity – to create and administer your subscription.
- Legitimate interests – to secure our Service, prevent fraud, and improve products (balanced against your rights).
CCPA/CPRA Notice at Collection (California residents)
We collect the categories of personal information listed in Section 2 for the business and commercial purposes listed in Section 4. We do not "sell" or "share" personal information as those terms are defined under the CPRA. You may exercise your privacy rights as described in Section 10.
4. How We Use Data
Plain-language summary: We use data to run Trees.cloud, keep it secure, make it better, bill you, and comply with the law.
- Service delivery & account management – create accounts, authenticate users, provide dashboards, process payments.
- Security monitoring & fraud prevention – detect misuse, enforce API rate limits, investigate incidents.
- Product improvement & analytics – analyze feature adoption, troubleshoot bugs, develop new offerings.
- Customer support & communications – respond to inquiries, send transactional emails, conduct satisfaction surveys.
- Legal & regulatory compliance – fulfill tax, accounting, and law-enforcement obligations.
5. Data Sharing & Disclosure
Plain-language summary: We don't sell personal data. We share it only with trusted providers who help us run the Service—and only under strict contracts.
| Recipient Type | Purpose | Safeguards |
|---|---|---|
| Hosting & Infrastructure (e.g., AWS, GCP) | Operate servers, databases, and backups | Data Processing Agreement ("DPA"); encryption; least-privilege access |
| Payment Processor (Stripe) | Collect subscription fees | DPA; PCI-DSS Level 1 compliance; tokenization |
| Customer Support (Zendesk) | Help desk, chat support | DPA; SOC 2; role-based access controls |
| Analytics (Google Analytics) | Website usage analysis, conversion tracking | DPA; IP anonymization; limited data retention |
| Law Enforcement & Legal Process | Comply with valid legal orders | Legal review; narrowest possible disclosure; notice unless prohibited |
6. International Data Transfers
Personal data may be transferred to and processed in the United States and other countries where our service providers operate. When transferring data from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Supplemental safeguards as required by applicable law
- Your explicit consent (where allowed by law)
7. Cookies & Similar Technologies
We use cookies and similar technologies for essential platform functions, analytics, and user preferences. They help us:
- Keep you logged in (strictly necessary)
- Remember preferences such as language (functional)
- Measure traffic and performance (analytics)
You can manage cookies via your browser controls. Blocking essential cookies may impact your ability to use the Service. See our Cookie Policy for more details.
8. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Multi-factor authentication for all employee access
- Regular security assessments and penetration testing
- Logical access controls and principle of least privilege
- Security awareness training for all personnel
9. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, as detailed in Section 2. Retention periods are determined based on:
- How long the information is needed for service delivery
- Legal obligations (tax, accounting, dispute resolution)
- Legitimate business needs (security, fraud prevention, compliance)
10. Your Privacy Rights
Depending on your location, you may have certain privacy rights, including:
GDPR Rights (EEA/UK/Switzerland)
- Access and portability
- Rectification
- Erasure ("right to be forgotten")
- Restriction of processing
- Objection to processing
- Withdrawal of consent
- Lodge a complaint with a supervisory authority
CCPA/CPRA Rights (California)
- Know and access
- Delete
- Opt out of selling/sharing
- Correct inaccurate information
- Limit use of sensitive data
- Non-discrimination
To exercise these rights, contact us at privacy@trees.cloud or use our rights request form. We'll respond to verifiable requests within the timeframe required by applicable law.
11. Children's Privacy
The Service is not directed to individuals under 18 years of age, and we do not knowingly collect personal data from children. If you learn that a child has provided us with personal data without appropriate consent, please contact us at privacy@trees.cloud.
12. Changes to This Policy
We may update this Policy from time to time. The "Effective Date" at the top reflects the most recent revision. For material changes, we'll provide notice through the Service or by sending you an email. We encourage you to periodically review this Policy. Your continued use of the Service after changes indicates your acceptance of the updated Policy.
13. Contact Us
If you have questions or concerns about this Policy or our privacy practices, please contact our Data Protection Team:
Email: privacy@trees.cloud
For EU/EEA data subjects: Our EU representative is VeraSafe Ireland Ltd., available at eurepresetative@verasafe.com