Quick summary
This is the privacy policy for crossingcloud.dev, the marketing and information website for Crossing Cloud LLC. It describes what limited data we receive when you visit the website or contact us through it.
This policy covers the website only. The Duly mobile app has its own separate privacy policy that describes how the app handles your data on your device.
In short: this website does not require an account to read. We do not run third-party advertising, behavioral tracking, or analytics SDKs that build a profile of you across sites. The only data we receive is what your browser sends us by visiting (which our hosting provider uses to serve and protect the site) and what you choose to send us by filling out the contact form.
Who we are
This website is operated by Crossing Cloud LLC, a software studio based in Salt Lake City, Utah, USA.
| Legal entity | Crossing Cloud LLC |
|---|---|
| Mailing address | Crossing Cloud LLC [STREET ADDRESS] Salt Lake City, UT [ZIP], USA |
| Phone | [PHONE NUMBER] |
| General contact | contact@crossingcloud.dev |
| Privacy contact | privacy@crossingcloud.dev |
| DMCA contact | dmca@crossingcloud.dev |
For the purposes of EU and UK GDPR, Crossing Cloud LLC is the data controller for the limited information described in this policy. Crossing Cloud has not appointed a Data Protection Officer because it is not required to do so under GDPR Article 37.
EU/UK representative. Crossing Cloud has assessed that the processing of EU/UK personal data described in this policy — namely, server access logs handled by our hosting provider and unsolicited contact-form correspondence — is occasional, does not include large-scale processing of special categories of data, and is unlikely to result in risk to the rights and freedoms of natural persons within the meaning of GDPR Article 27(2) and UK GDPR Article 27(2). On that basis, Crossing Cloud has not appointed a representative under Article 27. EU, EEA, and UK users may contact us directly at privacy@crossingcloud.dev. We will reassess this position if the nature or scale of our processing changes.
What this website is
crossingcloud.dev is a static informational website. It tells you who Crossing Cloud is, what we are working on, and how to get in touch with us. It is not a service that you log into. There is no account system, no user-generated content, and no comment section.
The website is hosted by Cloudflare, Inc. through its Cloudflare Pages product, with DNS, edge caching, and basic security services also provided by Cloudflare.
Information we do not collect
It is worth being explicit about what this website deliberately does not do:
- We do not require or ask you to create an account to read any page on this website.
- We do not use third-party advertising SDKs, ad identifiers, or cross-site tracking pixels.
- We do not run Google Analytics, Facebook Pixel, TikTok Pixel, LinkedIn Insight Tag, or similar behavioral tracking tools.
- We do not sell or rent any personal information. We do not have a "sale" of personal information as defined by US state privacy laws (CCPA/CPRA, etc.), nor do we "share" personal information for cross-context behavioral advertising.
- We do not build advertising profiles, behavioral profiles, or psychographic profiles of you.
- We do not use cookies for advertising or cross-site tracking.
- We do not process sensitive personal information as defined in California Civil Code § 1798.140(ae) for any purpose beyond those listed in § 1798.121(a). Because of this, we are not required to host a "Limit the Use of My Sensitive Personal Information" link, and we do not.
Information we receive when you visit
When you visit any web page, your browser must send some information to the server hosting that page in order for the page to load. Cloudflare, our hosting and edge provider, processes this information on our behalf for the limited purposes described below.
a) Server access logs
For each request to this website, Cloudflare may receive and temporarily log:
- Your IP address (typically retained by Cloudflare for a short period for security and abuse-prevention purposes, then deleted or anonymized in line with Cloudflare's documented retention practices);
- The URL you requested;
- The HTTP referer (the previous URL, if your browser sent one);
- Your user-agent string (browser type, version, and operating system);
- A timestamp.
We use this data only to operate the website, to mitigate abuse and denial-of-service traffic, and to debug technical problems. We do not combine it with any other data to identify you personally, and we do not use it for advertising.
Cloudflare's privacy practices, including its retention windows for log data, are described in Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/.
b) Cloudflare security and bot mitigation
Cloudflare may set a short-lived security cookie (for example, __cf_bm) and may briefly evaluate your request to distinguish humans from automated bots. This is operational, not analytical, and it is described in Cloudflare's documentation. We do not have an opt-out for this because it is part of how the site is delivered safely. If you object to it, you should not visit the site.
c) Privacy-respecting visit counts
We may use a privacy-respecting analytics service (for example, Cloudflare Web Analytics or a comparable cookieless analytics provider) to understand which pages are popular and whether the site is loading correctly. Where used, these tools:
- Do not set advertising cookies;
- Do not assign you a persistent identifier;
- Do not collect data that, on its own, identifies you personally.
We will name the analytics provider on this page if and when one is in active use, and we will keep that disclosure up to date.
d) The contact form
If you fill out the contact form on this website, we receive what you submit (typically your name, email address, and message) so we can read your message and reply to it. The form submission is delivered to us by email. We use that information to respond to your inquiry and for no other purpose.
We do not add you to a marketing list as a result of contacting us. If you would like to be removed from our records after we have responded, email privacy@crossingcloud.dev.
e) Newsletter signup (if and when offered)
If we add a newsletter signup form to the website in the future and you choose to subscribe, we will collect your email address and use it solely to send you the newsletter content you requested. Each email will include a one-click unsubscribe link. We will update this policy with the name of our email provider before any such feature ships.
Until that update happens, you can assume the website does not operate a newsletter and does not collect email addresses for marketing.
Cookies and similar technologies
This website uses a minimal set of cookies and similar technologies:
| Type | Source | Purpose | Retention |
|---|---|---|---|
Strictly necessary security cookie (e.g. __cf_bm) |
Cloudflare | Bot mitigation, abuse prevention | Up to 30 minutes |
| Privacy-respecting analytics (cookieless, where used) | Cloudflare or comparable provider | Aggregated visit counts | Not stored on your device as a cookie |
We do not set advertising cookies, marketing cookies, or social-media tracking pixels. We do not use Google Analytics. Because we do not set non-essential cookies, we do not display a cookie consent banner on this website. If we ever add cookies that require consent under EU/UK ePrivacy rules, we will display a banner and obtain consent before they are set.
Information we do not host
This website does not host:
- User accounts or profiles
- Comment sections or forums
- File uploads from visitors
- Embedded social-media trackers (no Facebook Like button, no Twitter widget, etc.)
If we add any of those features in the future, we will update this policy first.
Apple and Google App Store links
The website links to listings for our products on the Apple App Store and Google Play. When you click those links and visit those stores, Apple's and Google's privacy policies govern what those companies collect:
- Apple privacy policy: https://www.apple.com/legal/privacy/
- Google privacy policy: https://policies.google.com/privacy
We do not control what those stores collect when you visit them.
Children's privacy
This website is not directed to children. We do not knowingly collect personal information from children under 13 in the United States. In the EU and EEA, the age of digital consent for information-society services varies by member state between 13 and 16 under GDPR Article 8; in the United Kingdom the age is 13 under UK GDPR / the UK Data Protection Act 2018. We do not knowingly collect personal information from any user below the applicable age in their country.
If you are a parent or guardian and believe a child has submitted personal information to us through this website, please contact privacy@crossingcloud.dev and we will investigate and, where appropriate, delete that information without undue delay.
Legal bases (EU/UK GDPR)
For visitors in the EU, UK, or Switzerland, we rely on the following lawful bases under Article 6(1) GDPR:
| Processing | Lawful basis |
|---|---|
| Receiving and temporarily logging your request to serve the website to you | Legitimate interests — Article 6(1)(f). Necessary to operate the website you asked to view, and to defend it from abuse. |
| Privacy-respecting analytics (where used) | Legitimate interests — Article 6(1)(f). Aggregated, cookieless, no profiling. |
| Responding to a contact form submission you sent us | Legitimate interests — Article 6(1)(f), and where applicable, performance of pre-contractual steps under Article 6(1)(b). |
| Newsletter delivery (if and when offered) | Consent — Article 6(1)(a). You opt in by signing up; you can withdraw consent at any time by unsubscribing. |
| Responding to your privacy or rights requests | Our legal obligation — Article 6(1)(c). |
Your rights
Regardless of where you live, you can:
- Read this website without giving us your personal information. We don't ask you to identify yourself to view a page.
- Email us at privacy@crossingcloud.dev with any privacy question or request.
If you live in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to:
- Request access to any personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to erasure").
- Request restriction of, or object to, our processing.
- Request portability of data you have provided to us.
- Withdraw consent for any processing based on consent at any time.
- Lodge a complaint with your local data protection authority. A list of EU authorities is at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK users can contact the Information Commissioner's Office at https://ico.org.uk/make-a-complaint/.
If you live in California, Colorado, Connecticut, Virginia, Utah, or another US state with a comprehensive privacy law, you have the right to:
- Know what categories of personal information, if any, we have collected about you.
- Request deletion of personal information we have collected.
- Correct inaccurate personal information.
- Opt out of "sale" or "sharing" for cross-context behavioral advertising — this website does neither, and we have a global "do not sell or share" stance for all visitors by default.
- Be free from discrimination for exercising these rights.
To exercise any of these rights, email privacy@crossingcloud.dev from the address you would like us to respond to. Because we do not operate an account system, we may need you to describe the context of your request (for example, "I emailed you on this date") so we can find any record relating to you.
We will respond to verifiable requests within the timeframes required by the applicable law (typically 30 days under GDPR, 45 days under CCPA, with one extension where allowed).
Categories of personal information we collect (for California, Colorado, Connecticut, Virginia, and Utah residents)
The table below lists each statutory category of personal information that Crossing Cloud may collect from or about you through this website in the preceding 12 months, the source of that information, the business purpose for which we collect it, the categories of third parties with whom we may disclose it, and how long we retain it.
| Category (Cal. Civ. Code § 1798.140(v)) | Specific items | Source | Business purpose | Disclosed to | Retention |
|---|---|---|---|---|---|
| A. Identifiers | IP address (transient, in server logs); email address (only if you write to us through the contact form or email us directly) | Your browser; you | Operate and protect the website; respond to your inquiries | Hosting provider (Cloudflare); email service provider | Server logs: per Cloudflare's documented retention. Contact correspondence: 24 months after closure. |
| B. Customer records (Cal. Civ. Code § 1798.80(e)) | Name and message contents you choose to submit to the contact form | You | Respond to your inquiry | Email service provider | 24 months after closure of the inquiry |
| C. Protected classifications | None | — | — | — | — |
| D. Commercial information | None collected via this website | — | — | — | — |
| E. Biometric information | None | — | — | — | — |
| F. Internet/network activity | Pages requested, HTTP referer, user-agent string | Your browser | Operate and protect the website | Hosting provider (Cloudflare) | Per Cloudflare's documented retention |
| G. Geolocation | Coarse, IP-derived country only, used by hosting provider for routing and abuse mitigation | Your browser | Edge routing and abuse mitigation | Hosting provider (Cloudflare) | Per Cloudflare's documented retention |
| H. Sensory data | None | — | — | — | — |
| I. Professional/employment | Only if you choose to mention it in a contact form message | You | Respond to your inquiry | Email service provider | 24 months after closure |
| J. Education | None | — | — | — | — |
| K. Inferences | None | — | — | — | — |
| Sensitive personal information (Cal. Civ. Code § 1798.140(ae)) | None collected. Crossing Cloud does not process sensitive personal information for purposes other than those listed in Cal. Civ. Code § 1798.121(a). | — | — | — | — |
We have not sold or shared personal information for cross-context behavioral advertising in the preceding 12 months, and we do not sell or share personal information for cross-context behavioral advertising at all. We do not have actual knowledge of selling or sharing personal information of consumers under 16 years of age.
International transfers
Crossing Cloud is based in the United States. Any limited data we receive — server logs through our hosting provider, contact-form correspondence — is processed on systems located in the United States and, in the case of email, in services operated by major US-based providers. If you are in the EEA, UK, or Switzerland and you visit the website or contact us, you are transferring that data to the United States.
Where we use third-party providers (for example, our hosting provider Cloudflare, or our email provider) that process EU/UK personal data on our behalf, we rely on the EU Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) to provide an appropriate safeguard for that transfer.
Data retention
- Server access logs: retained per the documented retention practices of our hosting provider, Cloudflare. We do not maintain our own long-term copies of these logs.
- Contact-form correspondence and direct emails: retained for up to 24 months after the request is closed, unless we are required to keep it longer for legal reasons (for example, to defend a legal claim).
- Newsletter subscriber email addresses (if and when offered): retained until you unsubscribe or until we stop offering the newsletter, whichever comes first. Suppression-list copies of unsubscribed addresses may be retained as required by anti-spam laws.
Security
We design this website to minimize the data that can be exposed by any single failure:
- The website is a static site delivered over HTTPS/TLS. There is no database of user accounts attached to it, so there is no website password store to compromise.
- For the limited data we do receive (server logs, contact-form messages), we apply standard transport encryption and reasonable access controls.
No system is perfectly secure. If we ever experience a personal data breach, we will:
- Notify the competent supervisory authority within 72 hours of becoming aware, where required by GDPR Article 33 or UK GDPR;
- Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34);
- Comply with applicable US state breach-notification statutes (e.g., Cal. Civ. Code § 1798.82, Utah Code § 13-44-202) within their statutory windows.
Changes to this policy
When we change this policy in a way that materially affects your privacy, we will:
- Update the "Last updated" date at the top.
- Note the change on this page.
- Where required by law (for example, where we begin relying on consent for a new processing activity), ask for your consent before that processing begins.
Older versions of this policy will be available on request via privacy@crossingcloud.dev.
Contact
If you have questions about this policy, or about how this website handles your data, please email: