VRAM Cloud Privacy Policy
Effective date: July 9, 2026
This Privacy Policy explains how VRAMCloud LLP, a company registered in England and Wales under company number OC458383 (“VRAM Cloud,” “we,” “us,” or “our”), collects, uses, discloses, retains, and protects personal information when you use our website, console, APIs, GPU rental, model access, and related services (“Services”).
For the purposes of UK data protection law, including the UK GDPR and the Data Protection Act 2018, VRAMCloud LLP is the controller of the personal information described in this Privacy Policy unless we state otherwise.
By using the Services, you agree to this Privacy Policy.
1. Personal Information We Collect
We collect only the information needed to operate, secure, support, bill, and improve the Services.
We may collect the following categories of personal information:
- Account information: name, email address, company name, hashed password, account settings, API keys, SSH keys, and authentication data.
- Billing information: plan, invoices, payment status, billing address, tax information, transaction identifiers, and payment history.
- Technical information: IP address, device information, browser information, operating system, login logs, API usage, resource usage, error logs, rate limits, abuse signals, security events, and approximate location derived from IP address.
- Support information: emails, messages, attachments, and other information you send to us through support or contact channels.
- Cookies and similar technologies: session cookies, authentication cookies, security cookies, and basic analytics cookies.
- Customer Data: prompts, inputs, outputs, files, datasets, code, containers, workloads, model requests, and other content you submit to or process through the Services.
2. Prompts, Inputs, Outputs, and Customer Data
VRAM Cloud does not intentionally log or store prompts, inputs, outputs, files, datasets, code, or model responses, except as described below.
Customer Data sent through APIs, model endpoints, GPU instances, or other compute resources is processed only to complete your request, run the environment you start, provide the Services, maintain security, diagnose errors, calculate usage, and comply with law.
VRAM Cloud does not use Customer Data to train models.
VRAM Cloud does not sell Customer Data.
VRAM Cloud does not disclose Customer Data to advertising networks.
VRAM Cloud operates its own data center and does not send customer workloads to third-party data centers for processing, unless you separately choose or enable an integration that requires such processing.
Customer Data may be stored only when you enable or use a storage feature, including volumes, snapshots, persistent storage, uploaded files, saved containers, backups, or similar tools. In that case, the data is retained until you delete it, close the related resource, or terminate the related service.
3. How We Use Personal Information
We use personal information to:
- create, maintain, and secure accounts;
- provide access to GPUs, APIs, models, storage, and compute resources;
- authenticate users and protect API keys, SSH keys, and accounts;
- process requests and run workloads;
- measure resource usage and issue invoices;
- process payments and taxes;
- provide support;
- detect fraud, abuse, malware, unauthorized access, and security incidents;
- debug errors and improve service reliability;
- comply with legal, tax, accounting, sanctions, export-control, and regulatory obligations;
- enforce our Terms of Service.
We do not use personal information for targeted advertising.
4. Lawful Bases
Where UK data protection law applies, we rely on the following lawful bases to process personal information:
- contract, where processing is needed to provide the Services, manage accounts, calculate usage, issue invoices, and provide support;
- legal obligation, where processing is needed for tax, accounting, sanctions, anti-money laundering, counter-terrorist financing, fraud prevention, regulatory, or law enforcement requirements;
- legitimate interests, where processing is needed to secure the Services, prevent abuse, improve reliability, investigate incidents, protect rights, and operate our business, provided those interests are not overridden by your rights and freedoms;
- consent, where we ask for consent for a specific purpose and you may withdraw that consent at any time.
5. How We Disclose Personal Information
We may disclose personal information only as needed to operate the Services:
- Payment processors: to process payments, invoices, taxes, and fraud checks.
- Service providers: for email delivery, customer support, monitoring, security, analytics, hosting of business systems, and operational tools.
- Professional advisers: lawyers, accountants, auditors, tax advisers, and compliance advisers.
- Authorities: courts, regulators, law enforcement, tax authorities, or government agencies when required by law or necessary to protect rights, safety, or security.
- Business transfers: in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.
We do not sell personal information.
We do not share personal information for cross-context behavioral advertising.
6. Data Retention
We keep personal information only for as long as needed for the purposes described in this Privacy Policy.
- Prompts, inputs, outputs, and model responses: processed transiently during the request and not intentionally stored in persistent logs.
- API and workload metadata: retained for up to 180 days for billing, abuse prevention, diagnostics, and security.
- Security logs: retained for up to 180 days, unless a longer period is needed to investigate abuse, fraud, security incidents, legal claims, or compliance issues.
- Account information: retained while the account is active and for up to 3 years after account closure, unless a longer period is required for legal, tax, accounting, security, or dispute-resolution purposes.
- Billing, payment, invoice, and tax records: retained for up to 7 years.
- Support communications: retained for up to 3 years after the last interaction.
- Cookies: session cookies expire when the session ends; persistent cookies are retained for up to 13 months unless deleted earlier.
- Volumes, snapshots, persistent storage, uploaded files, saved containers, and backups: retained until you delete them, close the resource, or terminate the related service. Deleted data may remain in backups or disaster recovery systems for up to 90 days before permanent deletion.
7. Data Protection Rights
Depending on where you live and which law applies, you may have the right to:
- access personal information we hold about you;
- request correction of inaccurate personal information;
- request deletion of personal information;
- restrict or object to certain processing;
- request a portable copy of personal information;
- withdraw consent where processing is based on consent;
- object to direct marketing;
- not be subject to a decision based solely on automated processing where that decision has a legal or similarly significant effect.
VRAM Cloud does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not use personal information for targeted advertising.
To exercise your rights, email privacy@vram.cloud.
We may verify your identity before completing a request. We will respond within the time required by applicable law.
8. Cookies and Tracking Signals
We use cookies for login, security, session management, service operation, and basic analytics.
We do not use cookies for targeted advertising.
Some browsers send “Do Not Track” signals. Because there is no uniform industry standard for responding to those signals, we do not respond to “Do Not Track” signals.
9. Children
The Services are not directed to children under 13.
We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it.
Users must be at least 18 years old to create an account or use the Services.
10. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect personal information, including access controls, limited internal permissions, authentication controls, network security, monitoring, logging, and security event review.
No system is completely secure. You are responsible for protecting your password, API keys, SSH keys, account access, workloads, and storage settings.
11. International Transfers
We may process personal information in the United Kingdom and in other countries where our service providers operate. Where required by applicable law, we use appropriate safeguards for international transfers of personal information.
12. Complaints
If you have a privacy complaint, contact us first at privacy@vram.cloud so we can review the issue. If you are not satisfied with our response, you may have the right to complain to the UK Information Commissioner's Office or another competent supervisory authority.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version becomes effective when posted on our website, unless a later effective date is stated.
14. Contact
For privacy questions or requests, contact: