Legal

These Terms of Service ("Terms") govern your access to and use of Cloud Haven Backup ("Service"). By signing up or using the Service, you agree to these Terms.

1. The Service

Cloud Haven Backup is a cloud-based backup and recovery service that encrypts and stores copies of files you select from devices you control.

2. Account

You are responsible for maintaining the confidentiality of your credentials and for all activity on your account. Notify us immediately at security@cloudhavenbackup.com if you suspect unauthorized access.

3. Acceptable use

You agree to comply with our Acceptable Use Policy. We may suspend the Service for serious or repeated violations.

4. Plans, billing and instant delivery

• The Service is delivered instantly upon successful payment — your plan and storage quota are activated immediately.
• Subscription fees are charged in advance and renew automatically until you cancel.
• You authorize us to charge your payment method for renewals at the then-current price unless you cancel before the renewal date.

5. Refunds

No refunds are available after payment, except where required by applicable law. See our Refund Policy for details, including statutory exceptions for consumers in certain jurisdictions.

6. Your content

You retain all rights to files you back up using the Service. You grant us only the limited rights necessary to store, transmit and restore your data as part of the Service.

7. Data deletion on cancellation

After cancellation, backed-up data remains accessible for 30 days for export, then is securely deleted from our active systems. Residual copies in operational backups are purged within 90 days.

8. Service availability

We aim for high availability but do not guarantee uninterrupted service except where specified in a written SLA (Enterprise plans).

9. Disclaimers

The Service is provided "as is". To the maximum extent permitted by law, we disclaim implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

10. Limitation of liability

To the maximum extent permitted by law, our total liability for any claim arising out of or relating to the Service is limited to the amount you paid us in the twelve months before the event giving rise to the claim.

11. Changes

We may update these Terms. Material changes will be announced at least 30 days in advance via email and in-app notice.

12. Contact

Questions about these Terms: legal@cloudhavenbackup.com. Mailing address: Cloud Haven Backup, 520 W Patten St, Mineola, TX 75773, USA.

13. Eligibility

You must be at least 18 years old (or the age of majority in your jurisdiction) to create an account. If you accept these Terms on behalf of an organization, you confirm you have authority to bind that organization, and references to "you" include both you and the organization.

14. Trial accounts and beta features

From time to time we may offer beta or early-access features. Beta features are provided "as is", may change or be removed without notice, and are not covered by any SLA. We may collect additional telemetry from beta features to fix issues and improve quality.

15. Suspension

We may suspend the Service or specific features if (a) payment fails and is not resolved within 10 days of notice, (b) we reasonably believe your account is compromised, (c) we are required to do so by law, or (d) continued use poses a security risk to other customers. We will restore access as soon as the underlying issue is resolved.

16. Termination by you

You may cancel at any time from your account settings. Cancellation stops future renewals but does not retroactively refund prior charges (see Refund Policy). Your data remains restorable for 30 days after cancellation; after that it is securely deleted.

17. Termination by us

We may terminate or restrict your account for material breach of these Terms or our Acceptable Use Policy. Except for serious violations (such as illegal content), we will provide notice and a reasonable opportunity to cure before terminating.

18. Export controls and sanctions

You may not use the Service in violation of US, EU or other applicable export-control or sanctions laws, including embargoed countries and Specially Designated Nationals lists. You represent that you and your end users are not on any such list.

19. Indemnification

You agree to indemnify and hold Cloud Haven Backup harmless from third-party claims arising out of (a) your breach of these Terms, (b) your violation of law, or (c) content you store or transmit using the Service that infringes third-party rights.

20. Governing law and disputes

These Terms are governed by the laws of the State of Texas, USA, excluding its conflict-of-laws rules. Disputes are resolved in the state or federal courts located in Wood County, Texas, except where mandatory consumer-protection law grants you the right to bring proceedings in your country of residence.

21. Assignment

You may not assign these Terms without our prior written consent. We may assign these Terms to an affiliate or in connection with a merger, acquisition or sale of substantially all of our assets, with notice to you.

22. Force majeure

Neither party is liable for failure or delay caused by events beyond reasonable control, including natural disasters, war, civil unrest, government actions, internet failures, and large-scale infrastructure outages by upstream providers.

23. Entire agreement and severability

These Terms (together with the Privacy Policy, DPA, Refund Policy, Acceptable Use Policy and any order form) constitute the entire agreement between you and Cloud Haven Backup. If any provision is held unenforceable, the remaining provisions remain in full force.

This Privacy Policy explains what personal data we collect, how we use it and the rights you have over it. Cloud Haven Backup is built around the principle that we should know as little as technically possible about the content of your files.

1. Data we collect

• Account data: name, email, password hash, billing address.
• Service metadata: device identifiers, file counts, sizes, timestamps, IPs and basic agent telemetry necessary to operate the Service.
• Backup content: encrypted on your device before upload. With zero-knowledge mode enabled, we cannot read its contents.
• Support data: messages and attachments you send to support.

2. How we use it

• To provide, secure and improve the Service.
• To bill, prevent fraud and meet legal obligations.
• To notify you about incidents, changes and product updates you can unsubscribe from.

3. Legal bases (GDPR)

Performance of contract, legitimate interests (security, fraud prevention, product analytics), legal obligations, and consent (marketing emails, optional analytics).

4. Sharing

We share data only with sub-processors strictly necessary to run the Service (infrastructure, payments, transactional email). A current list is available on request and in our DPA.

5. International transfers

Where data is transferred outside your region, we rely on EU Standard Contractual Clauses and equivalent safeguards.

6. Retention

• Account data: while your account is active and up to 6 years after closure for legal/financial reasons.
• Backup content: per your plan's retention policy; deleted within 30 days after cancellation.
• Logs: up to 12 months.

7. Your rights

Access, rectification, deletion, restriction, portability and objection. Contact privacy@cloudhavenbackup.com. You may also lodge a complaint with your supervisory authority.

8. Security

See our Security Policy.

9. Children

The Service is not directed to children under 16.

10. Changes

Material updates will be announced 30 days in advance.

11. Contact

privacy@cloudhavenbackup.com — Data Protection Officer. Postal: Cloud Haven Backup, Attn: DPO, 520 W Patten St, Mineola, TX 75773, USA.

12. Cookies and similar technologies

We use a small number of strictly-necessary cookies for authentication and security, plus optional functional and analytics cookies you can control via the cookie banner. Details are in our Cookie Policy.

13. Automated decision-making

We do not use your personal data for automated decisions that produce legal or similarly significant effects about you. Anomaly-detection systems flag suspicious backup patterns for human review and never act on personal data alone.

14. California residents (CCPA / CPRA)

Categories of personal information we collect are described in Section 1. We do not "sell" or "share" personal information as defined by the CCPA/CPRA. California residents have the right to know, delete, correct and limit use of sensitive personal information; submit requests to privacy@cloudhavenbackup.com.

15. Virginia, Colorado, Connecticut, Utah and other US state laws

Residents of US states with comprehensive privacy laws have rights to access, delete, correct and opt out of targeted advertising or profiling. We do not engage in targeted advertising or profiling using your backup data.

16. Brazil (LGPD)

If you are in Brazil, you have rights equivalent to those under GDPR. Our Data Protection Officer can be reached at privacy@cloudhavenbackup.com.

17. Do Not Track

Our marketing site honors Global Privacy Control (GPC) signals as an opt-out of optional analytics where required. Browser-level Do Not Track headers are not standardized; we treat GPC as the authoritative signal.

18. Marketing communications

You can unsubscribe from marketing emails at any time using the link in each email or from your account settings. Transactional emails (billing receipts, security alerts, service notices) are required for the operation of the Service and cannot be opted out of while the account is active.

19. Security incident notifications

If a personal data breach affects your data, we will notify you without undue delay and, where GDPR applies, within 72 hours of becoming aware. Notifications include the nature of the incident, categories of data affected, likely consequences and remediation steps.

This policy describes the cookies and similar technologies we use on cloudhavenbackup.com and in the Service.

1. What are cookies?

Small text files placed on your device when you visit a website. They help us keep you signed in, remember preferences and understand how the site is used.

2. Categories we use

• Strictly necessary: authentication, security, load balancing. Cannot be disabled.
• Functional: language, theme, recently viewed devices.
• Analytics: aggregated usage statistics to improve the product. Off by default in regions that require consent.
• Marketing: only with your explicit consent.

3. Managing cookies

You can manage non-essential cookies via the cookie banner or in your browser settings. Disabling strictly-necessary cookies will break sign-in.

4. Third parties

We use a small number of vendors for analytics and error reporting. A current list is maintained in our DPA.

5. Contact

privacy@cloudhavenbackup.com. Postal: Cloud Haven Backup, 520 W Patten St, Mineola, TX 75773, USA.

6. Retention of cookie data

• Session cookies are deleted when you close your browser.
• Authentication cookies last up to 30 days unless "remember me" is selected, in which case they last up to 12 months.
• Functional preference cookies (language, theme) last up to 12 months.
• Analytics cookies, when consented, last up to 13 months and are anonymized.

7. Local storage and similar technologies

The web app uses browser local storage and IndexedDB to cache device lists, backup status and UI preferences for performance. These are first-party only and contain no advertising identifiers. Clearing site data in your browser will remove them.

8. Consent and withdrawal

Where consent is required (EEA, UK, Switzerland, Brazil and certain US states), we ask for it before setting non-essential cookies and store your choice for up to 6 months. You can change or withdraw consent at any time via the "Cookie settings" link in the footer.

9. Children

We do not knowingly use cookies to track users under 16. If you believe a child has used the Service, contact privacy@cloudhavenbackup.com so we can investigate and delete any associated data.

10. Updates to this policy

We will update this policy when we add, remove or change cookie usage. Material changes are announced in the banner at the top of the marketing site for at least 14 days.

Cloud Haven Backup is a digital service that is delivered and activated immediately upon successful payment. This policy explains how that affects refunds.

1. Instant delivery

Once payment is processed, your plan, storage quota and feature entitlements become active in your account immediately. There is no delivery delay or shipping step.

2. No refunds after payment

No refunds are available after payment, except where required by applicable law. By completing payment you acknowledge that the digital service has been delivered and consent to immediate performance of the contract.

3. Statutory exceptions

Some jurisdictions grant consumers a statutory right of withdrawal for digital services. Where such a right applies and has not been waived by you in connection with immediate performance, we will honor it. In particular:

• EU / EEA consumers: a 14-day right of withdrawal may apply under Directive 2011/83/EU. By starting use of the Service immediately you may be deemed to waive this right; where the waiver does not apply, please contact billing@cloudhavenbackup.com.
• UK consumers: similar rights apply under the Consumer Contracts Regulations 2013.
• Other jurisdictions: contact us and we will review your request against the laws applicable to you.

4. Failed renewals and service issues

If a renewal is charged in error (for example after a successful cancellation), we will issue a full refund. If the Service is materially unavailable for an extended period and you are on a plan with a written SLA, the SLA's service-credit provisions apply.

5. How to request a refund

Email billing@cloudhavenbackup.com with your account email and invoice number. Refunds, when granted, are returned to the original payment method within 10 business days.

6. Tax / VAT

Tax treatment of refunds follows the original invoice. Where VAT, GST or sales tax was charged at checkout, the same tax will be refunded proportionally to the refunded amount. Tax already remitted to a tax authority is recovered through standard credit-note procedures and may take an additional billing cycle to appear on your account.

7. Plan changes, upgrades and downgrades

Upgrades take effect immediately and are charged on a prorated basis for the remainder of the current billing period. Downgrades take effect at the end of the current billing period; no refund or credit is issued for the unused portion of a higher plan, because the higher quota and features remain available until the period ends.

8. Annual plans

Annual plans are billed in advance for the full 12-month term. They are not refundable on a pro-rated basis after the first 14 days, except where a statutory right of withdrawal applies (see Section 3) or where the Service is materially unavailable under a written SLA.

9. Chargebacks

If you believe a charge is incorrect, contact billing@cloudhavenbackup.com first — we resolve the vast majority of disputes within two business days. Filing a chargeback without contacting us may result in immediate account suspension pending resolution, because the payment processor freezes the disputed funds and may revoke the underlying transaction.

10. Free credits and promotions

Promotional credits, referral bonuses and discount codes have no cash value and are non-refundable. If a refund is issued on an invoice that was partially paid with credits, the credit portion is returned to your account balance rather than your payment method.

11. Account closure and final invoice

When you close your account, any unpaid usage charges for the current period are invoiced immediately. After the final invoice clears, your data is retained per the deletion schedule described in our Terms.

12. Contact

billing@cloudhavenbackup.com — please include your account email, invoice number and a short description of the issue. Mailing address: 520 W Patten St, Mineola, TX 75773, USA.

This policy describes the limits on how you may use the Service. It is part of our Terms of Service.

1. You may not

• Use the Service to store or distribute content that is unlawful, infringes intellectual property, or violates third-party privacy or publicity rights.
• Upload child sexual abuse material — this leads to immediate termination and reporting to authorities.
• Use the Service to distribute malware, conduct phishing or operate command-and-control infrastructure.
• Attempt to bypass technical safeguards, deduplication systems or quota enforcement.
• Probe, scan or load-test our infrastructure without prior written permission.

2. Fair use

Plans are designed for normal personal or business backup. Sustained use that is materially inconsistent with backup workloads (e.g. using us as primary CDN storage) may be throttled or migrated to a fair-use plan after notice.

3. Enforcement

We may suspend or terminate accounts that violate this policy. Where possible we will warn first; for severe violations we may act immediately.

4. Reporting

Report abuse to abuse@cloudhavenbackup.com. Postal: Cloud Haven Backup, 520 W Patten St, Mineola, TX 75773, USA. Include URLs, account identifiers (if known) and any supporting evidence — we triage reports within one business day.

5. Network and infrastructure abuse

• No port scanning, vulnerability scanning or penetration testing of our infrastructure without a written engagement.
• No proxying, tunneling or VPN-style egress through the Service.
• No mining of cryptocurrency or other compute-intensive workloads disguised as backup data.
• No use of automated scripts that abuse rate limits or attempt to bypass quotas.

6. Sensitive data categories

You may back up personal data, including special categories where lawful under the applicable privacy regime. However, you may not use the Service as a primary system of record for regulated workloads requiring specific certifications we do not hold (for example PCI-DSS Level 1 card data environments) without a written agreement covering that use.

7. Workspace governance

Workspace owners are responsible for the conduct of users they invite. Owners must remove users who leave their organization promptly and revoke API tokens that are no longer needed. We may contact the workspace owner when individual users violate this policy.

8. Resource limits

We publish soft limits for backup throughput, API calls and concurrent restores in the documentation. We may apply temporary throttling to protect platform stability and will notify affected customers. Hard limits exist to prevent abuse and accidental cost spirals.

9. Suspension and escalation

For low-severity violations we will warn first and give you 7 days to remediate. For high-severity violations (illegal content, active phishing, malware distribution, attacks against third parties) we may suspend access immediately, preserve forensic artifacts, and cooperate with law enforcement where required.

10. Appeals

If you believe an enforcement action was made in error, reply to the notice within 30 days with supporting context. A different team member will review the appeal and respond within 10 business days.

This Data Processing Addendum ("DPA") forms part of the Terms of Service between you (Controller) and Cloud Haven Backup (Processor) where you use the Service to process personal data subject to GDPR or equivalent law.

1. Subject matter and duration

We process personal data on your behalf to provide the Service for the duration of your subscription plus any post-termination data retention period.

2. Nature and purpose

Backup, restore, monitoring and support for files and metadata you choose to protect.

3. Categories of data subjects and data

End users, employees, contractors and others whose data is contained in files you back up. Categories of data depend on what you choose to back up.

4. Sub-processors

A current list of sub-processors (infrastructure, payments, transactional email, error reporting) is maintained at subprocessors.cloudhavenbackup.com (UI placeholder). You will receive notice of new sub-processors and may object.

5. International transfers

Where data is transferred outside the EEA/UK, we rely on the EU Standard Contractual Clauses and the UK IDTA where applicable, along with supplementary measures (encryption, key separation).

6. Security

We implement the technical and organizational measures described in our Security Policy.

7. Assistance and audits

We will assist you with data-subject requests and provide documentation reasonably required to demonstrate compliance. Annual independent audit reports are available under NDA.

8. Personal data breach notifications

We will notify you without undue delay (and within 72 hours where possible) of any personal data breach affecting your data.

9. Deletion or return

On termination, we delete or return personal data per our Terms.

10. Acceptance

This DPA is incorporated by reference into your subscription. A counter-signed copy is available on request to legal@cloudhavenbackup.com. Postal address for legal notices: Cloud Haven Backup, Attn: Legal, 520 W Patten St, Mineola, TX 75773, USA.

11. Confidentiality

We treat all Customer Personal Data as confidential. Personnel with access are subject to written confidentiality obligations that survive termination of employment. Access is granted on a need-to-know basis and reviewed quarterly.

12. Technical and organizational measures (TOMs)

• Client-side AES-256-GCM encryption of file content; TLS 1.3 in transit; optional customer-managed keys.
• Role-based access control inside customer workspaces with optional SSO/SAML and SCIM for Enterprise.
• Geo-redundant storage, immutable restore points and quarterly recovery drills.
• Centralized logging, anomaly detection and 24/7 on-call rotation.
• Background checks, security training and least-privilege production access for staff.

13. Customer responsibilities

You are responsible for (a) configuring access controls and 2FA appropriately for your users, (b) classifying data before backup, (c) determining the lawful basis for processing the data you back up, and (d) providing data subjects with required notices.

14. Data subject requests

Where data subjects contact us directly with requests relating to Customer Personal Data, we will refer them to you without responding to the substance, except where we are legally required to do so. We provide tooling in the dashboard to support access, deletion and portability requests.

15. Audits

Once per 12-month period (and more often where legally required or after a security incident), you may request a copy of our most recent third-party audit report under NDA. On-site audits are available for Enterprise customers under reasonable scheduling and cost-recovery terms.

16. Liability

Liability under this DPA is subject to the limitation-of-liability provisions in the Terms of Service, except where mandatory data-protection law provides otherwise.

17. Term and termination

This DPA remains in effect for as long as we process Customer Personal Data on your behalf. Sections relating to confidentiality, deletion, audits and liability survive termination.

18. Conflict

If there is a conflict between this DPA and the Terms of Service regarding the processing of personal data, this DPA controls.

This Security Policy describes the technical and organizational measures Cloud Haven Backup uses to protect customer data. It supports — but does not replace — the legal terms in our Terms and DPA.

1. Encryption

• Client-side AES-256-GCM encryption of file content before upload.
• TLS 1.3 for all data in transit.
• Customer-held key option with optional zero-knowledge mode.

2. Access control

• Role-based access in customer workspaces (Owner, Admin, Manager, Member, Viewer).
• 2FA available for all users; enforceable for Business workspaces.
• SSO via SAML for Enterprise.
• Least-privilege principles for staff; production access limited and logged.

3. Monitoring and detection

• Anomaly detection on backup patterns to flag ransomware-like behavior.
• 24/7 on-call rotation; alerts on key system events.

4. Resilience

• Geo-redundant storage and immutable restore points.
• Quarterly recovery drills.

5. Compliance support

Cloud Haven Backup supports compliance efforts for GDPR, HIPAA workflows and SOC 2 program requirements. We do not claim certifications we do not hold; current attestations are listed in our trust pack on request.

6. Incident response

Documented IR runbook. Customer notifications within applicable legal timelines (and within 72 hours where GDPR applies).

7. Reporting vulnerabilities

Please report suspected vulnerabilities to security@cloudhavenbackup.com. We commit to acknowledging within 2 business days and to coordinated disclosure. Postal: Cloud Haven Backup, Attn: Security, 520 W Patten St, Mineola, TX 75773, USA.

8. Secure software development

• Mandatory code review for every change to production systems.
• Static analysis, dependency scanning and secret detection on every pull request.
• Threat modeling on new features that touch authentication, encryption or data flow.
• Separate staging environments with synthetic data; production data is never copied into lower environments.

9. Key management

Encryption keys are generated on the client where possible and protected at rest using a hardware-backed key-management service. Customer-managed keys can be rotated on demand and revoked to render backups unreadable. Master keys are split using threshold cryptography and require multi-person approval to access.

10. Network security

• All inbound traffic terminates on a hardened edge with rate limiting, bot mitigation and DDoS protection.
• Service-to-service traffic is mutually authenticated within a private network.
• Administrative access requires hardware-backed 2FA and is restricted to a managed bastion.

11. Vendor and sub-processor security

We evaluate every sub-processor against a written security questionnaire and require contractual commitments equivalent to ours. The current list is maintained in our DPA. Material changes are announced with at least 30 days' notice.

12. Backups of our own systems

Operational metadata is itself backed up across multiple regions with point-in-time recovery. Recovery procedures are tested quarterly and after every major architectural change.

13. Bug bounty

We operate a private bug-bounty program. Researchers acting in good faith and following our disclosure guidelines will not be subject to legal action, and qualifying findings are eligible for rewards. Contact security@cloudhavenbackup.com to request an invite.

14. Business continuity

We maintain a documented business-continuity and disaster-recovery plan covering personnel, facilities, suppliers and infrastructure. Tabletop exercises are run at least annually with executive participation.

15. Subprocessor changes and incident communication

Material changes to our security program, sub-processor list or incident-handling procedures are announced via email to the workspace owner and posted in the dashboard. Customers under a written SLA receive incident updates on the cadence specified in that SLA.