Last Updated: July 8, 2026
Privacy policy
cloudDFN LLP ("cloudDFN," "we," "us," or "our") operates the KERVO AI™ security platform and the website at [https://www.kervo.ai] (together, the "Services"). This Privacy Policy explains what information we collect, how we use and share it, and the choices and rights you have.
By using the Services, you agree to the practices described in this policy. If you do not agree, please do not use the Services.
1. Who we are
cloudDFN LLP is the data controller responsible for your personal information under this policy.
Legal entity: cloudDFN LLP
Registered address: 412 & 413, 4th Floor, Opal Square IT Park, Plot No. C-1, MIDC, Waghle Estate, S.G. Barve Marg, Thane West, Maharashtra - 400604
Contact: support@clouddfn.com
Where cloudDFN processes personal data on behalf of a customer using the KERVO AI™ platform (for example, data within a customer's environment that the platform analyzes), cloudDFN acts as a data processor and the customer is the data controller. In those cases, our processing is governed by the Data Processing Agreement (DPA) between us and the customer.
2. Scope
This policy applies to personal information we collect through:
our website and marketing pages;
account registration, demos, and sales inquiries;
use of the KERVO AI™ platform by authorized users; and
communications with us (email, support, events).
It does not apply to third-party websites or services that we link to but do not control.
3. Information we collect
Information you provide to us
Contact and account details: name, work email, company name, job title, phone number.
Demo and sales information: company size, use case, current tooling, and anything you include in a message to us.
Account credentials and profile settings for platform users.
Billing and transaction details.
Any content you submit to support, surveys, or communications.
Information we collect automatically
Usage and device data: IP address, browser type, operating system, pages viewed, referring URLs, timestamps, and interactions with the Services.
Cookies and similar technologies (see Section 7).
Log and diagnostic data generated when you use the platform.
Information from third parties
Enrichment and analytics providers, event partners, and referrals.
Authentication providers (for example, single sign-on) when you choose to use them.
Customer environment data. When a customer connects their environment to the KERVO AI™ platform, the platform processes technical and security data (such as asset inventories, configurations, vulnerability findings, and logs) that may incidentally contain personal data. We process this data as a processor, only to provide the Services, under our agreement with the customer.
4. How we use information
We use personal information to:
provide, operate, maintain, and secure the Services;
create and manage accounts and authenticate users;
respond to demo requests, inquiries, and support;
process transactions and send related information;
communicate about updates, security, and (where permitted) marketing;
analyze and improve the Services and develop new features;
detect, prevent, and address fraud, abuse, and security incidents; and
comply with legal obligations and enforce our terms.
We do not sell your personal information.
5. Legal bases for processing (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
Contract — to provide the Services you request.
Legitimate interests — to operate, secure, and improve the Services and for limited marketing, balanced against your rights.
Consent — for certain marketing communications and non-essential cookies, which you may withdraw at any time.
Legal obligation — to comply with applicable law.
6. How we share information
We share personal information only as described here:
Service providers / sub-processors — hosting, analytics, payment processing, email, and support vendors who process data on our behalf under contract.
Professional advisors — lawyers, auditors, and accountants where necessary.
Legal and safety — to comply with law, respond to lawful requests, or protect the rights, property, and safety of cloudDFN, our users, or others.
Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
With your direction or consent.
7. Cookies and similar technologies
We use cookies and similar technologies to run the Services, remember preferences, measure performance, and support marketing. You can control cookies through your browser settings and, where required, through our cookie banner.
8. Data retention
We retain personal information only as long as necessary for the purposes described in this policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context. When no longer needed, we delete or anonymize the data.
9. Data security
We maintain administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit and at rest, access controls, and audit logging. cloudDFN maintains ISO 27001 controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Data Localization and International data transfers
Data localization. We support data localization for customers who require it. Depending on the country in which a customer's headquarters is located, and based on the customer's requirements, we can host and store that customer's data in data centers and hosting providers located within that country or region. Where a customer selects a specific hosting region, their platform data is stored and processed in that region in accordance with the terms agreed with the customer.
International transfers. Where data is not subject to a localization arrangement, we may process and store information in countries other than where you live. Where we transfer personal data out of the EEA, UK, or other regulated regions, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
Your rights
Depending on where you live, you may have the right to:
access the personal information we hold about you;
correct inaccurate or incomplete information;
delete your information;
restrict or object to certain processing;
data portability;
withdraw consent at any time; and
lodge a complaint with a supervisory authority.
12. Third-party links and services
The Services may link to third-party sites and integrate with third-party tools. We are not responsible for their privacy practices. Review their policies before providing information.
Children's privacy
The Services are intended for businesses and are not directed to children under [16]. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and, where required, provide additional notice. Your continued use of the Services after changes take effect constitutes acceptance.
Contact us
If you have questions about this policy or our data practices, contact:
cloudDFN LLP 412 & 413, 4th Floor, Opal Square IT Park, Plot No. C-1, MIDC, Waghle Estate, S.G. Barve Marg, Thane West, Maharashtra - 400604
Email: support@clouddfn.com