Privacy Policy
What we collect, why, how long we keep it, and the rights you have over your data.
1. Who we are
Sunny Day ("Sunny Day", "we", "us") provides subscription compute infrastructure. This policy explains how we handle personal data of our customers and account holders. For data we process on behalf of EU/EEA or UK customers, our Data Processing Addendum applies.
2. What data we collect
We collect three categories of personal data:
- Account data — the identity information you provide when you create an account or subscribe: name, email address, and (for billing and tax) billing address and, where applicable, a tax identification number.
- Billing data — your subscription, invoices, payments, and the non-sensitive payment-method descriptor (card brand, last four digits, expiry). We do not store your full card number or security code — card details are handled entirely by Stripe.
- Usage data — technical resource-usage metrics for the compute you run (CPU, memory, storage, egress), captured per project so we can operate and, in future, bill the service.
3. Why we use it
We use account and billing data to provide the service, process payments, calculate tax, send service and billing notifications, and meet our legal and accounting obligations. We use usage data to operate the service and plan capacity. We do not sell your personal data.
4. Sub-processors
We use the following third parties to provide the service. Each processes only the data it needs for its function:
- Stripe — payment processing. Stripe handles card data and processes your name, email, and billing address to take payment and compute tax.
- Cloudflare — DNS and edge delivery for our websites and APIs. Cloudflare processes network metadata (such as IP addresses) in transit.
- Infrastructure-as-a-Service provider — the cloud provider hosting the compute substrate. The current deployment runs on Google Cloud Platform (GCP); the hosting provider may differ for the production deployment and any change will be reflected in an updated version of this policy.
5. How long we keep it
Our retention periods are:
- Invoices and payments — 7 years (tax and VAT records).
- Subscriptions and account records — for the life of the account, then 7 years (audit).
- Usage data — 13 months.
- Audit logs — 7 years.
- Personal data (name, email, address) — for the life of the account; redacted on an erasure request (see section 6). Invoices and payments are retained for the tax period above with personal data on them masked.
6. Your rights
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — correct inaccurate account data; you can update most of it yourself from your account.
- Deletion — request erasure of your personal data. In this release, deletion requests are actioned by our operations team, not self-serve: we redact your personal data within 30 days of verifying the request. Records we are legally required to keep — invoices and payments for the tax-retention period — are retained with personal data on them masked.
- Portability — request your account and billing data in a portable, machine-readable format.
To exercise any of these rights, contact our support team from the email address on your account.
7. Security
We protect personal data with access controls, encryption in transit, and a hosting substrate built on hardware-backed trust. Card data never reaches our systems — it is handled solely by Stripe, a PCI DSS Level 1 service provider.
8. International transfers
Our sub-processors may process data outside your country. Where personal data of EU/EEA or UK individuals is transferred, the transfer is covered by appropriate safeguards as set out in our Data Processing Addendum.
9. Changes to this policy
We may update this policy. Material changes are communicated to active customers before they take effect, and the latest version is always published at this address.
10. Contact
Questions about this policy, or about how we handle your data, can be sent to our support team from the address on your account.