GDPR

Last updated: May 19, 2026

Privacy Policy Terms of Use General Terms and Conditions of Sale Legal Notice GDPR Data Processing Agreement

Our commitment

Cloud-PBS, operated by LenoIT, a French company, is committed to complying with the General Data Protection Regulation (GDPR). This page details our compliance; for an overview, see our privacy policy.

Data controller and data processor

LenoIT acts in two capacities:

  • Data controller for the data related to your account (identity, billing, connection, use of the service). LenoIT determines the purposes and means of that processing.
  • Data processor for the data you back up. That data remains yours: LenoIT processes it solely on your behalf, on your instructions, within the scope of the subscribed service. When client-side encryption is enabled, LenoIT has no access to its content.

Data processed

As a data controller

  • Account information (name, email, company)
  • Service configuration and metadata
  • Payment information, processed by a PCI DSS compliant provider
  • Website usage data

As a data processor

  • The content of the backups you entrust to the service, processed solely to provide the backup and restore functions.

We process personal data on the following bases:

  • Performance of the contract: to provide the service you subscribed to
  • Legitimate interest: service improvement and security
  • Legal obligation: accounting and tax obligations
  • Consent: analytics and optional communications

Data location

The data of customers established in the European Union is processed and stored exclusively within the European Union. It is not transferred outside the European Union. Servers located in the United States are dedicated to customers established in the United States.

Sub-processors

LenoIT relies on a limited number of sub-processors, all contractually bound to comply with the GDPR:

  • Stripe: payment processing
  • OVHcloud (France), Hetzner (Germany), Equinix (France): infrastructure hosting
  • AuthSMTP: sending the service’s emails

Any change to this list is communicated to customers.

Your rights

Under the GDPR, you have the following rights:

  1. Access: obtain a copy of your personal data
  2. Rectification: correct inaccurate data
  3. Erasure: request the deletion of your data
  4. Restriction: restrict the processing of your data
  5. Portability: receive your data in a structured format
  6. Objection: object to processing based on legitimate interest

Exercising your rights

Send your request to . We respond within one month, which may be extended if the request is complex.

Data Protection Officer

LenoIT’s data protection officer is Emmanuel Le Nohaïc. For any question regarding the protection of your data: .

Supervisory authority

You have the right to lodge a complaint with the French Data Protection Authority (CNIL):

Data breach notification

In the event of a personal data breach, LenoIT notifies the supervisory authority within 72 hours and, where applicable, the individuals concerned without undue delay, as required by the GDPR. When LenoIT acts as a data processor, the customer concerned is informed without undue delay.

Security

LenoIT implements technical and organizational measures to protect data: access control, logging, and hosting in professional data centers. Client-side backup encryption is offered so that you retain sole control over the content of your data.

Privacy Policy → Terms of Use → General Terms and Conditions of Sale → Legal Notice → Data Processing Agreement →