Privacy Policy

LMTS DEVELOPMENT LTD (“we”, “us”, “CloudBrowserAPI”) is a private limited company registered in England and Wales under company number 17148125. Our director is Panikkos Panayiotou. Our registered office is 12-14 Kennington Road, London, SE1 7BL, United Kingdom. We are the data controller for the personal data described below. You can reach our Data Protection Officer at dpo@cloudbrowserapi.com.

• Account data. When you sign up we collect your email address, an optional company name, and a hashed password. We use it to authenticate you, send a verification email, and prevent abuse. Lawful basis: performance of the contract (Art. 6(1)(b) GDPR).
• Usage data. When your API key calls our gateway we record the request method, status, latency, the destination URL you asked us to load, and the credit cost. We use it to bill you, debug failures, and produce aggregate uptime numbers. Lawful basis: performance of the contract and legitimate interest in running the service (Art. 6(1)(b) and (f)).
• Marketing-site analytics. If you have not opted out of analytics cookies we load Google Analytics 4 and Google Tag Manager (Google Ireland Limited). GA4 stores a pseudonymous client identifier with IP-anonymisation enabled, used to measure traffic and the effectiveness of our Google Ads campaigns. Lawful basis: consent (Art. 6(1)(a)) for non-essential cookies; legitimate interest (Art. 6(1)(f)) for first-party server logs.
• Server logs. Our reverse proxy (Nginx) records the source IP, request URL, status code, user agent and a 30-day retention window. We use it for incident response and to defend against abuse.
• Anonymous live preview. The on-page demo widgets (e.g. on /screenshot-api) record only the source IP for rate-limiting purposes. The destination URL you submit is not retained beyond the lifetime of the request.
• Support correspondence. Emails to hello@cloudbrowserapi.com or support@cloudbrowserapi.com are stored for 24 months unless you ask us to delete them earlier.

We use a single first-party session cookie (cba_session) to keep you logged in to the dashboard. It is httpOnly, Secure, SameSite=Lax and lasts 30 days. It is strictly necessary for the service to function, so we do not ask for consent.

Optional analytics cookies (Google Analytics 4 / Google Tag Manager) are only set if you accept the cookie banner. You can withdraw consent at any time by clearing your browser’s storage for cloudbrowserapi.com.

We share the minimum data required with the third parties listed on our sub-processors page. We notify customers at least 30 days before adding a new sub-processor that handles personal data.

Our hosting provider (Cherry Servers UAB) operates from the European Union. Some sub-processors (Stripe, Google) operate globally. Where data leaves the UK or EEA, we rely on the UK International Data Transfer Addendum and the EU Standard Contractual Clauses (2021/914) as the transfer mechanism.

• Account data: kept until you ask us to close your account; we then delete within 30 days, except where law requires longer retention (e.g. invoices retained for 7 years).
• API usage logs: 90 days rolling.
• Nginx access logs: 30 days rolling.
• Stripe payment records (when active): 7 years for HMRC compliance.

You have the right to access, rectify, erase, restrict the processing of, port, or object to the processing of your personal data, and to withdraw consent for cookie-based analytics. Email dpo@cloudbrowserapi.com and we will respond within 30 days. You can also lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your local supervisory authority.

All traffic to cloudbrowserapi.com runs over TLS 1.2+ with HSTS. Account passwords are hashed with scrypt. API keys are stored hashed; only a non-reversible prefix is shown in the dashboard after creation. Our security practices are summarised on the trust page.

Our service is not directed to anyone under 16. We do not knowingly collect data from children.

We will post any change to this policy on this page with a revised “last updated” date. Material changes affecting how we use personal data will also be emailed to active customers.

LMTS DEVELOPMENT LTD, 12-14 Kennington Road, London, SE1 7BL, United Kingdom.
Privacy contact: dpo@cloudbrowserapi.com.
General contact: hello@cloudbrowserapi.com.