Privacy Policy

1) Scope and definitions

• This Privacy Policy applies to Joy Services websites, customer portal, APIs, and all related products and services (“Services”).
• “Personal Data” means information that identifies or can reasonably identify an individual.
• “Customer Content” means data you upload, store, transmit, or process using the Services.
• “Account Owner” means the person or organization that controls the account and billing relationship.

2) Information we collect

• Account details: name, email, phone, company name, address, and account identifiers.
• Billing details: billing address, tax details (e.g., GST/VAT where applicable), invoice metadata.
• Payment signals: payment status, transaction references, and risk/fraud signals (we do not intentionally store full card details on our systems if processed by a payment provider).
• Identity/verification data: where required, business verification and KYC/KYB signals (subject to product and risk profile).
• Support communications: tickets, emails, chat messages, call notes, and attachments you provide.
• Service configuration: instance settings, firewall rules, DNS records, routing preferences, and feature toggles.
• Authentication data: login timestamps, MFA status (where available), session identifiers, and security events.
• Device and browser data: user-agent, OS/browser versions, language, and related diagnostics.
• Website analytics: page views, click interactions, referral URLs, and approximate location (city/region level).
• Cookies and similar tech: cookies/local storage for session management, preferences, and analytics.

3) Network, security, and operational telemetry

• Network logs: flow records and routing telemetry (e.g., NetFlow-like data where applicable) for security and capacity planning.
• Abuse/security logs: detections related to malware, scanning, brute-force attempts, and policy violations.
• CDN/DDoS telemetry: request metadata, rate-limit events, mitigation actions, and attack fingerprints.
• Infrastructure metrics: performance/health metrics of compute nodes, storage, and network devices.
• API logs: endpoint calls, response codes, timestamps, key identifiers, and rate-limit events.
• We collect such telemetry to maintain service reliability, prevent abuse, and troubleshoot incidents.

4) Customer Content and data processing

• Customer Content is controlled by you; Joy Services processes it to provide the Services and support.
• We do not use Customer Content for advertising profiles.
• Where lawful and necessary, we may access Customer Content to respond to support requests, security incidents, or legal obligations.
• You are responsible for ensuring you have lawful rights to store/process Customer Content (including third-party data).

5) How we use information

• To create and manage accounts, authenticate users, and provide customer access to Services.
• To provision Services (compute, storage, DNS, CDN, peering, etc.) and perform requested operations.
• To process billing, payments, renewals, and provide invoices/receipts.
• To provide customer support and handle technical requests and incident response.
• To monitor performance, availability, and platform health.
• To protect against fraud, abuse, and security threats and enforce acceptable use policies.
• To improve product features, reliability, and user experience (including analytics).
• To communicate operational notices, security alerts, and product updates.
• To comply with legal obligations and respond to lawful requests.

6) Legal bases (high-level)

• Contract necessity: to deliver Services and support you requested.
• Legitimate interests: to secure and improve Services and prevent abuse (balanced with your rights).
• Consent: for optional marketing and certain cookies where required.
• Legal obligation: to meet tax, accounting, regulatory, or lawful request requirements.

7) Sharing and disclosure

• Service providers: we share limited data with vetted providers (payment processing, email delivery, analytics, support tooling) to operate Services.
• Network partners: for peering/transit, limited technical metadata may be exchanged for routing/security coordination.
• Legal compliance: we may disclose information if required by law or valid legal process.
• Security and safety: we may share information to prevent harm, fraud, or platform abuse.
• Business transfers: if we undergo a merger/acquisition, data may transfer subject to applicable safeguards.
• We do not sell Personal Data in the ordinary course of business.

8) Cookies and tracking choices

• We use cookies for login sessions, security, preferences, and basic site analytics.
• You can control cookies via browser settings; disabling cookies may impact portal functionality.
• Where required, cookie banners/consent tools may be used to manage optional analytics cookies.
• We may use local storage to remember UI preferences (e.g., theme selection) and session behaviors.

9) Data retention

• We retain Personal Data for as long as needed to provide Services, meet legal obligations, resolve disputes, and enforce agreements.
• Billing and accounting records may be retained for statutory periods.
• Security logs and operational telemetry are retained for reasonable periods aligned to security and troubleshooting needs.
• Upon termination, Customer Content may be deleted per product retention rules and your plan, after any required hold periods.

10) Security measures

• We implement administrative, technical, and organizational safeguards to protect information.
• Controls may include access control, least privilege, logging, segmentation, and encryption in transit where supported.
• We continuously monitor for vulnerabilities and suspicious activity and may apply emergency mitigations.
• No method of transmission or storage is 100% secure; you should also secure your credentials and endpoints.

11) Customer responsibilities

• Maintain secure passwords and enable MFA where available.
• Limit account access to authorized users and review access regularly.
• Secure your workloads (patching, firewalls, SSH key hygiene) and follow hardening best practices.
• Ensure your Customer Content complies with applicable laws and your own privacy obligations.

12) Your rights and choices

• You may request access, correction, or deletion of Personal Data, subject to legal and operational limits.
• You may update account profile information via the portal where available.
• You may opt out of non-essential marketing communications using unsubscribe links or account preferences.
• We may require verification before fulfilling privacy requests to prevent unauthorized disclosure.
• Some data cannot be deleted immediately due to legal retention or security requirements.

13) International transfers

• Data may be processed in regions where we or our providers operate, depending on service location and routing.
• Where required, we apply appropriate safeguards for cross-border transfers consistent with applicable law.

14) Children’s privacy

• The Services are intended for business and general audiences and are not directed to children.
• If you believe a child has provided Personal Data, contact us for review and remediation.

15) Changes to this Privacy Policy

• We may update this Privacy Policy periodically to reflect operational, legal, or product changes.
• If changes are material, we will make reasonable efforts to notify customers via portal notices or email.
• The latest version published on our website prevails.