Privacy Policy

SkyRig Cloud ("SkyRig," "we," "us," or "our") is committed to protecting your privacy in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable privacy laws.

1. Information We Collect

We collect information you provide directly to us, as well as platform-level metadata generated when you use our services:

• • Account information (name, email, password)
• • Payment information (processed securely by Stripe)
• • Support communications and correspondence
• • Aggregate resource usage and billing metrics (e.g. VM uptime, storage size)
• • VM configuration preferences and settings
• • Device and browser information
• • IP addresses, including the IP address used to log in and to perform account actions
• • VM action logs: records of platform-level actions you take on your VMs (such as create, start, stop, restart, and delete), along with timestamps and the IP address that initiated each action

What we do not collect: SkyRig does not collect, inspect, or analyze the contents of your virtual machines. We do not look at your files, screen output, keystrokes, application activity, network traffic contents, or anything else happening inside your VM. See Section 5 for details on our passive role.

2. How We Use Your Information

We use the information we collect to:

• • Provide, maintain, and improve our services
• • Process transactions and send related information
• • Send technical notices, updates, and support messages
• • Analyze aggregate, platform-level usage to improve reliability and user experience
• • Detect, prevent, and address fraud, billing abuse, and platform security issues
• • Respond to lawful requests from law enforcement, courts, or other authorities — for example, by providing the IP address that performed a specific VM action when compelled by a valid legal process
• • Comply with legal obligations and enforce our Terms of Service
• • Communicate with you about products, services, and promotional offers (with your consent)

3. Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating our platform. These providers are contractually obligated to protect your information and use it only for the purposes we specify:

• • Clerk: Authentication and user management
• • Supabase: Database and backend services
• • Stripe: Payment processing
• • Amazon Web Services (AWS): Cloud infrastructure and VM hosting
• • Analytics providers: Website usage analysis (if applicable)

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

4. Data Security

We implement industry-standard security measures to protect your personal information:

• • Encryption in transit (TLS/SSL) and at rest for sensitive data
• • Secure authentication systems and access controls
• • Regular security audits and vulnerability assessments
• • Employee training on data protection and privacy
• • Incident response and breach notification procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Your Cloud PC Data and Our Passive Role

SkyRig is a passive infrastructure provider. We do not actively monitor, observe, scan, screen, or review what happens inside your VM. We do not watch your screen, read your files, log your keystrokes, intercept your network traffic, or inspect the applications, games, or content you run. Files and data stored on your Cloud PC remain private and are your property.

SkyRig staff do not access the contents of your VM except when:

• • You explicitly grant permission for technical support
• • Required by law (court orders, subpoenas, legal obligations)
• • Strictly necessary to investigate a specific, reported security incident or Terms of Service violation

What we do log (platform metadata, not VM contents):

• • Account-level events: sign-ups, logins, password changes, credit purchases, and the IP addresses associated with each
• • VM lifecycle actions: create, start, stop, restart, and delete events, each with a timestamp and the IP address that requested the action
• • Aggregate resource usage: uptime, billable resource consumption, and similar metering data needed for billing and capacity planning

We keep these records so we can operate the platform, bill correctly, investigate abuse of the platform itself, and respond to valid legal requests from law enforcement or other authorities. We may disclose these logs when compelled by a lawful order, subpoena, or similar legal process, or where disclosure is otherwise permitted or required by law. We do not need to look inside your VM to produce these records, and we will not do so simply to provide them.

Not a safe harbor for illegal activity. The fact that SkyRig does not actively monitor what runs inside your VM is not permission, endorsement, or a safe harbor for unlawful conduct. Illegal activity is strictly prohibited by our Terms of Service, and you remain fully responsible — legally and financially — for everything done on or through your VM and account. When we are notified of unlawful or abusive activity (by victims, rights holders, infrastructure providers, or law enforcement), or served with valid legal process, we will cooperate to the extent required by law. This may include preserving and disclosing the account information, IP addresses, and VM action logs described above, suspending or terminating accounts, and — where strictly necessary and legally permitted — providing access to the affected VM.

Important: You are solely responsible for the activity conducted inside your VM and for backing up your data. SkyRig does not automatically back up VM data and cannot guarantee data recovery after deletion or hardware failure.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. For detailed information about the cookies we use, please see our Cookie Policy.

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect website functionality.

7. Data Retention

We retain your information according to the following schedule:

• • Account data: For the lifetime of your active account
• • VM and storage data: Until you delete it or terminate your account
• • Billing records: 7 years (as required by Canadian tax law)
• • Support communications: 3 years or as needed for legal purposes
• • Usage logs: 90 days for operational purposes

After account termination, personal data is permanently deleted within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

8. Your Privacy Rights (PIPEDA)

Under PIPEDA and other applicable privacy laws, you have the following rights:

• • Access: Request a copy of your personal information we hold
• • Correction: Request corrections to inaccurate or incomplete data
• • Deletion: Request deletion of your personal data (subject to legal retention requirements)
• • Portability: Receive your data in a structured, commonly used format
• • Withdrawal of Consent: Withdraw consent for data processing (may limit service access)
• • Opt-Out: Unsubscribe from marketing communications at any time
• • File Complaints: Lodge complaints with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at support@skyrig.cloud. We will respond within 30 days and verify your identity before processing requests.

9. Data Breach Notification

In accordance with PIPEDA, if a data breach occurs that poses a real risk of significant harm to you:

• • We will notify affected users as soon as feasible
• • Notification will include the nature of the breach and steps you should take
• • We will report breaches to the Privacy Commissioner of Canada as required by law
• • We will take reasonable steps to mitigate harm and prevent future breaches

10. International Data Transfers

Your information may be transferred to and processed in countries other than Canada, including the United States, where our third-party service providers (AWS, Clerk, Supabase, Stripe) operate. These countries may have different data protection laws than Canada.

We ensure appropriate safeguards are in place through:

• • Contractual agreements with service providers requiring data protection
• • Compliance with applicable data transfer regulations
• • Security measures to protect data in transit and at rest

11. Children's Privacy

Users must be at least 13 years of age to use SkyRig. Users between 13 and 18 require parental or guardian consent. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• • Posting the updated policy on this page
• • Updating the "Last updated" date
• • Sending email notifications for significant changes (at least 30 days before effective date)

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Privacy Commissioner of Canada: