Privacy policy

Last updated: 2026-06-23. Plain-language. The lawyer-formal version is at /legal/privacy-formal and supersedes this if there's ever a conflict.

The TL;DR

We collect what we need to run the services and bill you for them.
We don't log your prompts or responses.
We don't sell, rent, or share your data with advertisers or data brokers.
EU residents get GDPR rights; California residents get CCPA/CPRA rights.

What we collect

Category	What	Why
Account	Email, billing details, payment method tokens (no card numbers)	Run the account, send invoices, respond to support
Usage	API call counts, joules per call, region, silicon used, response time	Bill correctly; show you the receipts
Telemetry	HTTP status codes, error fingerprints (no payload), latency percentiles	Detect outages, improve performance
Optional: `X-Customer-Tag`	A free-form string you can attach to attribute energy to your end-customers	Your downstream attribution — we never read it

What we do NOT collect

Prompt content or response content for any Inference call.
Object Store bucket content. We see byte counts and access patterns; we do not read the bytes.
Database query content beyond minimal slow-query fingerprints (normalised; literals stripped).
Browser fingerprints, third-party trackers, ad-network identifiers. The marketing site has zero cookies; the portal has session-only cookies for auth.

Where it goes

Account / billing data: primary copies in EU (Helsinki); region-pinned if you ask. Stripe processes payment tokens in their region.
Usage / receipt data: co-located with the region the workload ran in. EU workload → EU receipt.
Telemetry: aggregated, anonymised, kept for 90 days; raw logs purged at 30 days.

Subprocessors

We use a small number of carefully-chosen subprocessors. Each is subject to a DPA and is reviewed annually. List:

Hetzner — bare metal hosting (EU)
Vultr — cloud hosting (global)
Latitude — bare metal hosting (Americas)
Cloudflare — edge / CDN / DNS
Stripe — card and SEPA payments
Bakkt + Points.com — reward-points conversion (only if you choose to top up with points)
SendGrid — transactional email (account verification, billing receipts)

Your rights

GDPR (EU/UK/EEA): right to access, rectify, erase, restrict, port, object, and not be subject to automated decision-making. Email [email protected] — we respond within 30 days.

CCPA / CPRA (California): right to know, delete, correct, and opt out of selling/sharing (we don't sell or share). Email [email protected].

Other regions: write to [email protected] and we'll honour the rights your jurisdiction grants you.

Retention

Active account data: as long as you have an account.
Billing records: 7 years (regulatory minimum in most jurisdictions).
Receipts: 7 years (audit purposes).
Aggregated telemetry: 90 days.
Raw logs: 30 days, then purged.

Security

TLS 1.3 in transit, AES-256-GCM at rest, ed25519 signing on receipts, scoped tokens with one-click rotation. The full security posture is on the security & compliance page.

Children

Joule Cloud is for businesses and adult developers; not directed at children under 16. If a child has created an account, write to [email protected] and we'll delete it.

Contact

Privacy / data protection: [email protected]
Data Protection Officer (EU): [email protected]
Security incident: [email protected]