Celestical Cloud

Appearance

Privacy Policy

Last updated: 2026-02-04 (February 2026)

Introduction

We care about your privacy like we care about ours.

We are a cloud company contributing to the fabric of the Internet. Over the past twenty years, online tracking has grown at an astonishing pace, often leading to pop-ups that ask for consent to share your data with hundreds of tracking partners; sometimes taking 20 minutes to complete. We choose not to participate in this. That's why you won't see any cookie banners or tracking consent request on our site.

This Privacy Policy explains how Celestical Cloud SAS (Celestical) processes personal data, for what purposes, on what legal bases, and what rights you have under applicable data protection law, including the General Data Protection Regulation (GDPR).

Who we are (imprint - impressum)

  • name: Celestical Cloud SAS
  • HQ in France: 61 rue de Lyon, 75012, Paris, FRANCE.
  • contact by email: support@celestical.eu
  • European Identifier, EUID: FR7501.994323095
  • VAT: FR77994323095

Roles under the GDPR (Data Controller and Data Processor)

Celestical Cloud SAS acts primarily as a data processor within the meaning of Art. 4(8) GDPR when providing hosting and cloud services, processing personal data solely on behalf of and in accordance with the instructions of its customers, who act as data controllers. For personal data processed in connection with the operation of this website, customer accounts, billing, contractual relationships, support, and compliance with legal obligations, Celestical Cloud SAS acts as a data controller within the meaning of Art. 4(7) GDPR. Processing carried out in the role of data processor is governed by a separate Data Processing Agreement (DPA): https://celestical.eu/legal/dpa

Where Celestical acts as a data controller, it determines the purposes and means of processing as described in this Policy. Where Celestical acts as a data processor, it processes personal data solely on documented instructions from its customers and in accordance with the DPA.

No Tracking / Zero Cookies

Public Website

Our public marketing website does not use cookies, trackers, analytics tools, advertising technologies, or third-party tracking services.

Only strictly necessary and typical information automatically generated by the Internet is stored in our web server logs for system administration purposes. The following data may be recorded:

  • Date and time of access
  • IP address of the user
  • Browser type and version
  • The website from which the user accessed our site

These logs are also processed for security monitoring, abuse prevention, troubleshooting, legal compliance, and ensuring the stability and integrity of our systems.

Authenticated Web Application / Dashboard

Our web application and dashboard use only strictly necessary technical cookies (such as session cookies or other ephemeral storage) or equivalent storage mechanisms required for:

  • User authentication and session management
  • Security and fraud prevention
  • Core application functionality

These cookies and storage mechanisms do not track users across websites, are not used for advertising or analytics purposes, and do not require consent under applicable EU law. No third-party tracking cookies are used in any part of our services.

The legal basis for server logs and technical cookie processing is:

  • Art. 6(1)(f) GDPR: legitimate interest in security, abuse prevention, and operation of our services

For other processing activities, the legal bases include:

  • Art. 6(1)(a) GDPR: consent, where explicitly obtained
  • Art. 6(1)(b) GDPR: performance of a contract or pre-contractual measures (e.g., account creation, service provision, billing, support)
  • Art. 6(1)(c) GDPR: compliance with legal obligations (e.g., tax, accounting, regulatory retention requirements)
  • Art. 6(1)(f) GDPR: legitimate interests (e.g., security monitoring, fraud prevention, service reliability)

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Where applicable, data is retained thereafter in accordance with statutory obligations, such as accounting, tax, or regulatory requirements.

In particular:

  • Account and contractual data is retained for the duration of the customer relationship and thereafter in accordance with applicable statutory retention periods (generally up to 5–10 years).
  • Billing and financial records are retained as required under French tax and accounting law (generally up to 10 years).
  • Support communications are retained for the duration necessary to resolve the request and for reasonable follow-up periods (typically 1–3 years).
  • Server logs are retained for short periods necessary for security, troubleshooting, and abuse prevention, typically 30 to 90 days unless longer retention is required for incident investigation or legal compliance.

Your Data Subject Rights

You have the right to access your personal data at any time. Additionally, where applicable, you may exercise the following rights:

  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data
  • Right to restriction of processing: Limit how your data is used
  • Right to lodge a complaint: Contact the relevant data protection supervisory authority
  • Right to data portability: Receive your data in a structured, commonly used format (effective from May 25, 2018)
  • Right to object: Object to the processing of your personal data

If you wish to exercise any of these rights, or if you have any questions regarding your personal data, please contact us by e-mail at support@celestical.eu.

We support encrypted email communication using publicly shared public keys and asymmetric cryptography where available. Users must configure compatible encryption tools on their side for encryption to be effective.

You also have the right to lodge a complaint with your local data protection supervisory authority. In France, this is:

Commission Nationale de l'Informatique et des Libertés (CNIL) https://www.cnil.fr/

E-Mail Contact / Contact or Request Form

If you contact us (e.g., via email), we will process your data solely to handle your enquiry and, if necessary, respond to any follow-up questions.

If the data processing is necessary to take pre-contractual steps in response to your enquiry, or if you are already our customer for contract fulfillment, the legal basis for this processing is Art. 6(1)(b) DSGVO/GDPR.

We only process additional personal data if you explicitly consent (Art. 6(1)(a) DSGVO/GDPR) or if we have a legitimate interest (Art. 6(1)(f) DSGVO/GDPR), such as responding efficiently to your email.

International Data Transfers

Celestical processes and stores personal data exclusively within the European Economic Area (EEA). No Customer Personal Data is transferred or hosted outside the EEA.

Traffic or requests originating from outside the EEA (for example, visitors to Customer applications) are under Customer's control. Celestical is not responsible for the routing, storage, or processing of such traffic.

Processing is conducted in accordance with GDPR and applicable French data protection law. Any exceptional access outside the EEA would occur only under GDPR-compliant mechanisms, such as Standard Contractual Clauses (SCCs), and would be documented.

We are not responsible for the content of external websites linked from our site, unless we have full knowledge of illegal content and could prevent visitors from accessing it.

At the time the links were created, no illegal content was identifiable on the linked pages. We have no influence over the current or future content, design, or authorship of these linked pages.

We therefore expressly distance ourselves from all content on linked pages that is altered after the link was created. Liability for illegal, incorrect, or incomplete content, or for damages resulting from the use or non-use of such information, rests solely with the provider of the linked page, not with Celestical Cloud.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. When we do, we will update the "Last updated" date at the top of this document.

Where required by applicable law, we will provide additional notice of material changes.

All content created by Celestical Cloud, including diagrams, texts, and sounds, remains our exclusive property. Any duplication or use of these materials in electronic or printed publications is prohibited without our prior consent, unless explicitly stated otherwise.

For external content used on our site, copyright remains with the respective authors, and proper credits are provided.

Content from our projects may be released as open-source code or open data, or under Creative Commons licenses. Licensing details will always be clearly indicated on the respective project pages.