Privacy Policy

VRAM Cloud Privacy Policy

Effective date: June 1, 2026

This Privacy Policy explains how VRAM Cloud (“VRAM Cloud,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information when you use our website, console, APIs, GPU rental, model access, and related services (“Services”).

By using the Services, you agree to this Privacy Policy.

1. Personal Information We Collect

We collect only the information needed to operate, secure, support, bill, and improve the Services.

We may collect the following categories of personal information:

• Account information: name, email address, company name, hashed password, account settings, API keys, SSH keys, and authentication data.
• Billing information: plan, invoices, payment status, billing address, tax information, transaction identifiers, and payment history.
• Technical information: IP address, device information, browser information, operating system, login logs, API usage, resource usage, error logs, rate limits, abuse signals, security events, and approximate location derived from IP address.
• Support information: emails, messages, attachments, and other information you send to us through support or contact channels.
• Cookies and similar technologies: session cookies, authentication cookies, security cookies, and basic analytics cookies.
• Customer Data: prompts, inputs, outputs, files, datasets, code, containers, workloads, model requests, and other content you submit to or process through the Services.

2. Prompts, Inputs, Outputs, and Customer Data

VRAM Cloud does not intentionally log or store prompts, inputs, outputs, files, datasets, code, or model responses, except as described below.

Customer Data sent through APIs, model endpoints, GPU instances, or other compute resources is processed only to complete your request, run the environment you start, provide the Services, maintain security, diagnose errors, calculate usage, and comply with law.

VRAM Cloud does not use Customer Data to train models.

VRAM Cloud does not sell Customer Data.

VRAM Cloud does not disclose Customer Data to advertising networks.

VRAM Cloud operates its own data center and does not send customer workloads to third-party data centers for processing, unless you separately choose or enable an integration that requires such processing.

Customer Data may be stored only when you enable or use a storage feature, including volumes, snapshots, persistent storage, uploaded files, saved containers, backups, or similar tools. In that case, the data is retained until you delete it, close the related resource, or terminate the related service.

3. How We Use Personal Information

We use personal information to:

• create, maintain, and secure accounts;
• provide access to GPUs, APIs, models, storage, and compute resources;
• authenticate users and protect API keys, SSH keys, and accounts;
• process requests and run workloads;
• measure resource usage and issue invoices;
• process payments and taxes;
• provide support;
• detect fraud, abuse, malware, unauthorized access, and security incidents;
• debug errors and improve service reliability;
• comply with legal, tax, accounting, sanctions, export-control, and regulatory obligations;
• enforce our Terms of Service.

We do not use personal information for targeted advertising.

4. How We Disclose Personal Information

We may disclose personal information only as needed to operate the Services:

• Payment processors: to process payments, invoices, taxes, and fraud checks.
• Service providers: for email delivery, customer support, monitoring, security, analytics, hosting of business systems, and operational tools.
• Professional advisers: lawyers, accountants, auditors, tax advisers, and compliance advisers.
• Authorities: courts, regulators, law enforcement, tax authorities, or government agencies when required by law or necessary to protect rights, safety, or security.
• Business transfers: in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising.

5. Data Retention

We keep personal information only for as long as needed for the purposes described in this Privacy Policy.

• Prompts, inputs, outputs, and model responses: processed transiently during the request and not intentionally stored in persistent logs.
• API and workload metadata: retained for up to 180 days for billing, abuse prevention, diagnostics, and security.
• Security logs: retained for up to 180 days, unless a longer period is needed to investigate abuse, fraud, security incidents, legal claims, or compliance issues.
• Account information: retained while the account is active and for up to 3 years after account closure, unless a longer period is required for legal, tax, accounting, security, or dispute-resolution purposes.
• Billing, payment, invoice, and tax records: retained for up to 7 years.
• Support communications: retained for up to 3 years after the last interaction.
• Cookies: session cookies expire when the session ends; persistent cookies are retained for up to 13 months unless deleted earlier.
• Volumes, snapshots, persistent storage, uploaded files, saved containers, and backups: retained until you delete them, close the resource, or terminate the related service. Deleted data may remain in backups or disaster recovery systems for up to 90 days before permanent deletion.

6. U.S. State Privacy Rights

Depending on where you live, you may have the right to:

• know what personal information we collect, use, disclose, sell, or share;
• access personal information we hold about you;
• request deletion of personal information;
• request correction of inaccurate personal information;
• request a portable copy of personal information;
• opt out of sale, sharing, targeted advertising, or certain profiling;
• limit the use and disclosure of sensitive personal information;
• appeal a denied privacy request;
• not be discriminated against for exercising privacy rights.

VRAM Cloud does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not use personal information for targeted advertising.

To exercise your rights, email privacy@vram.cloud.

We may verify your identity before completing a request. We will respond within the time required by applicable law. For California residents, we will generally respond within 45 days and may extend the response period when permitted by law.

7. California Notice at Collection

For California residents, the categories of personal information collected are:

• Identifiers: name, email address, company name, IP address, account identifiers, API keys, SSH keys, and billing identifiers.
• Commercial information: plans, invoices, payment status, transaction history, and resource usage.
• Internet or network activity: login logs, API usage, device data, browser data, security events, and error logs.
• Approximate geolocation: approximate location derived from IP address.
• Sensitive personal information: account login credentials, API keys, SSH keys, and billing-related information.
• Customer Data: prompts, inputs, outputs, files, datasets, code, containers, workloads, and model requests.

We collect this information from you, your device, your account activity, your API activity, payment processors, and service providers.

We use this information for the purposes described in Section 3.

We disclose this information to the categories of recipients described in Section 4.

We do not sell or share this information for cross-context behavioral advertising.

We do not use sensitive personal information to infer characteristics about you.

8. Cookies and Tracking Signals

We use cookies for login, security, session management, service operation, and basic analytics.

We do not use cookies for targeted advertising.

Some browsers send “Do Not Track” signals. Because there is no uniform industry standard for responding to those signals, we do not respond to “Do Not Track” signals.

Where required by applicable law, we honor legally recognized opt-out preference signals, including Global Privacy Control, as an opt-out of sale or sharing. VRAM Cloud does not sell or share personal information.

9. Children

The Services are not directed to children under 13.

We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it.

Users must be at least 18 years old to create an account or use the Services.

10. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information, including access controls, limited internal permissions, authentication controls, network security, monitoring, logging, and security event review.

No system is completely secure. You are responsible for protecting your password, API keys, SSH keys, account access, workloads, and storage settings.

11. International Users

VRAM Cloud is operated for services governed by U.S. law. If you access the Services from outside the United States, you understand that your information may be processed in the United States or other locations where service providers operate.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version becomes effective when posted on our website, unless a later effective date is stated.

13. Contact

For privacy questions or requests, contact:

privacy@vram.cloud