Privacy policy

Introduction

Sharebrand is the doing business as (dba) name of Cloudbrand Technologies, Inc., fully owned and operated by Tarkle, Inc. ("Sharebrand," "Cloudbrand Technologies, Inc.," "Tarkle, Inc.," "we," "us," or "our"). We operate a branded file sharing platform designed for client-facing businesses. This Privacy Policy explains how we collect, use, protect, and share your information when you use our services. We are committed to transparency and protecting your data while providing you with professional file sharing tools that put your brand first.

What information we collect

Account Information

When you create an account, we collect your name, email address, company name, and billing information. You may also provide optional information such as job title, phone number, and profile picture.

Files and Content

We store the files and content you upload to our platform, including documents, images, videos, and any other files you choose to share through Sharebrand. This content remains your property and is stored securely on our infrastructure.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, time spent, browser type, device information, IP address, and referring URLs. This helps us understand how our platform is being used and where we can improve.

Cookies and Tracking

We use essential cookies for authentication and platform functionality. We also use analytics cookies to understand usage patterns and improve our services. You can control cookie preferences through your browser settings.

How we use your information

We use your information to:

• Provide, operate, and maintain our branded file sharing platform
• Process your transactions and manage your account
• Send you important updates, security alerts, and support messages
• Respond to your questions and provide customer support
• Analyze usage patterns to improve our platform and develop new features
• Detect, prevent, and address security issues or fraudulent activity
• Comply with legal obligations and enforce our terms of service
• Send you marketing communications (only if you opt in)

Data storage and security

Your data security is our top priority. We use industry-standard security measures to protect your information across a redundant, dual-provider infrastructure.

Primary infrastructure

Your data is primarily hosted on Cloudflare's secure infrastructure, utilizing their enterprise-grade data centers in both European Union and United States regions. Cloudflare provides CDN delivery, DDoS protection, and primary file storage for all active workspaces.

Redundant backup system

In the unlikely event of a primary infrastructure failure, we maintain a comprehensive backup system through Backblaze's data centers, also located in the EU and US. Backup transfers are managed securely by SimpleBackups using strict encrypted transfer protocols. Our redundant storage approach ensures:

• Primary data hosting on Cloudflare's enterprise infrastructure
• Secondary backup storage on Backblaze's secure data centers
• Secure transfer protocols managed by SimpleBackups
• Regular backup verification and integrity checks
• Security compliance audits across both providers

Only authorized personnel with specific security clearance can access our data management systems. We have implemented strict access control protocols for both primary storage and backup operations. This dual-provider approach provides an additional layer of data protection and business continuity, ensuring your data remains safe and accessible even in extraordinary circumstances.

Security measures

• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Strict access controls limited to authorized personnel only
• Automated backup systems with regular verification
• 24/7 monitoring for suspicious activity
• Secure authentication protocols

Data retention

We retain your data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

How we share your information

We never sell your data. We only share your information in the following limited circumstances:

Service Providers

We work with trusted third-party service providers who help us operate our platform. These providers are bound by strict data protection agreements and can only access data necessary for their specific functions.

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

Business Transfers

If Sharebrand is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and your options.

With Your Consent

We may share your information with third parties when you explicitly give us permission to do so.

Your privacy rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Export: Download your data in a portable format
• Opt-out: Unsubscribe from marketing communications at any time
• Object: Object to certain types of data processing
• Restrict: Request that we limit how we use your data

To exercise any of these rights, please visit our contact page. We will respond to your request within 30 days.

International data transfers

Sharebrand is based in the United States, and your data may be transferred to and processed in the US or other countries where our service providers operate. We ensure that all international data transfers comply with applicable data protection laws, including GDPR, through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Other appropriate safeguards as required by law

GDPR compliance

The General Data Protection Regulation ("GDPR") went into effect on May 25, 2018, establishing a unified framework for the processing and handling of personal data of individuals residing within the European Union and European Economic Area. The GDPR applies to organizations inside and outside the EU that offer goods or services to, or monitor the behaviour of, people within the EU.

Sharebrand is committed to GDPR compliance. "Personal data" under the GDPR can include names, IP addresses, email addresses, or any other information that can be used to identify a person.

Legal bases for processing

We process personal data under the following legal bases:

• Contract: Processing necessary to provide our Services to you
• Legitimate interests: Improving our platform, security monitoring, and preventing fraud
• Consent: Where you have given explicit permission (e.g. marketing communications)
• Legal obligation: Where required by applicable law

Your rights under the GDPR

If you are located in the EU/EEA, you have the following rights in addition to those listed in the "Your privacy rights" section above:

• Right of access (Art. 15): Obtain confirmation of whether we process your data and receive a copy
• Right to rectification (Art. 16): Request correction of inaccurate personal data
• Right to erasure (Art. 17): Request deletion ("Right to be Forgotten") where processing is no longer necessary
• Right to restriction (Art. 18): Request that we limit processing in certain circumstances
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing

To exercise any GDPR right, please visit our contact page. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

Data Processing Agreement (DPA)

Reseller customers who act as data controllers under the GDPR and process personal data of EU/EEA individuals through the Sharebrand platform may require a Data Processing Agreement (DPA) with Sharebrand. To request a DPA, please contact us through our contact page.

Sub-processors

To deliver the Sharebrand service, we engage trusted sub-processors who may process personal data on our behalf. All sub-processors are bound by data protection agreements consistent with GDPR requirements. The table below lists our current sub-processors. We will notify customers who have requested DPA notifications of any additions or removals.

The information provided in this section does not constitute legal advice and is for general informational purposes only. Consult your attorney for advice on any specific legal matter.

California privacy rights (CCPA/CPRA)

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) establish privacy rights and protections for California residents and impose corresponding obligations on businesses that handle their Personal Information.

How "Personal Information" is defined

The CCPA/CPRA defines Personal Information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household — such as a real name, postal address, unique personal identifier, online identifier, IP address, email address, or account name.

The following are not considered Personal Information under the CCPA/CPRA: publicly available information; lawfully obtained, truthful information of public concern; and deidentified or aggregate consumer information.

Sensitive Personal Information (SPI)

The CPRA defines Sensitive Personal Information as information that reveals a consumer's social security number, government ID, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, contents of private communications (unless the business is the intended recipient), genetic data, biometric data processed for unique identification, or health and sexual orientation data. Sharebrand does not collect Sensitive Personal Information in its ordinary course of business.

Your rights as a California resident

• Right to Know: Know what Personal Information we collect, how it is used, and with whom it is shared.
• Right to Delete: Request deletion of Personal Information we hold about you, subject to legal exceptions.
• Right to Correct: Request correction of inaccurate Personal Information.
• Right to Stop Sale / Sharing: We do not sell your Personal Information. We do not share it for cross-context behavioral advertising.
• Right to Limit Use of SPI: Request that we limit our use and disclosure of Sensitive Personal Information to what is necessary to provide our Services.
• Right to Non-Discrimination: We will not deny you services, charge different prices, or provide a different level of quality because you exercised your privacy rights.

Sharebrand as a Service Provider

For Reseller customers who are themselves "Businesses" under the CCPA/CPRA, Sharebrand operates as a Service Provider — processing Personal Information on behalf of the Business pursuant to a written contract (the Reseller Terms), solely to perform the contracted services. We do not further collect, sell, or use Personal Information beyond what is necessary to provide those services.

Data security obligations

The CCPA/CPRA requires businesses to implement and maintain reasonable security procedures and practices to protect Personal Information. Sharebrand maintains industry-standard security controls including encryption in transit and at rest, access controls, regular security assessments, 24/7 monitoring, and secure authentication protocols. For a full description of our security measures, see the "Data storage and security" section above.

How to exercise your rights

To submit a verifiable consumer request, please visit our contact page. We will respond within 45 days. Where reasonably necessary, we may extend the response by an additional 45 days with prior notice. You may designate an authorized agent to submit a request on your behalf.

The information provided in this section does not constitute legal advice and is intended for general informational purposes only. Readers are responsible for making their own independent assessment and should contact their attorney for advice regarding any particular legal matter, including compliance with applicable state or local laws.

Reseller accounts and Sub-Client data

Sharebrand offers a Reseller account that allows businesses to operate a white-label file-sharing platform for their own clients ("Sub-Clients"). This section explains how data flows in the context of a Reseller Platform.

Data controller relationships

When you operate a Reseller Platform, you act as the data controller for your Sub-Clients' personal data. Sharebrand acts as a data processor on your behalf, storing and processing Sub-Client files and data only as necessary to provide the infrastructure services to you. Sharebrand has no direct relationship with Sub-Clients and does not process their data for any purpose other than operating the platform on your behalf.

Your obligations as a Reseller

As a Reseller and data controller, you are responsible for:

• Maintaining your own privacy policy for Sub-Clients that accurately describes how their data is collected and used
• Obtaining any required consents from Sub-Clients for data collection and processing
• Handling Sub-Client data access, correction, and deletion requests
• Notifying Sub-Clients if their data is affected by a security incident
• Complying with applicable data protection laws (including GDPR where relevant) in the jurisdictions where you operate

Sub-Client data on termination

If a Reseller account is suspended or terminated, Sub-Client workspaces are also suspended and their files become inaccessible. Sharebrand retains Sub-Client data for a wind-down period of up to 30 days following termination, after which all data associated with the Reseller account is permanently deleted. Sharebrand is not responsible for notifying Sub-Clients of data deletion; that responsibility rests with the Reseller.

For the full terms governing Reseller data obligations, see the White-Label Reseller Terms.

Children's privacy

Sharebrand is a business-to-business platform and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide more prominent notice such as email notification. We encourage you to review this Privacy Policy periodically.

Contact us

If you have any questions about this Privacy Policy or our data practices, please visit our contact page.

Mailing address:
Cloudbrand Technologies, Inc. (dba Sharebrand)
Fully owned and operated by Tarkle, Inc.
1309 Coffeen Avenue, Suite 15023
Sheridan, Wyoming 82801
United States