cloudhaul.co


Privacy Policy

Effective date: March 10, 2026

Last updated: March 10, 2026

 

CloudHaul ("we", "our", or "us") operates cloudhaul.co. This Privacy Policy explains how we collect, use, and protect your information when you use our file migration service. By using CloudHaul, you agree to the practices described in this policy.

 

1. What We Collect

  • We collect only what is necessary to provide the service:

  • Account information — your email address when you sign up or log in.

  • OAuth tokens — temporary access credentials issued by Dropbox and Google when you authorize CloudHaul. These tokens allow us to read and write files on your behalf. We do not store your passwords.

  • Transfer metadata — information about your transfer jobs, including file names, sizes, transfer status, and timestamps. This is used to show you progress and history.

  • Payment information — processed entirely by Stripe. We never see or store your card number, CVC, or full payment details.

  • Usage data — basic analytics such as pages visited, errors encountered, and transfer completion rates, used to improve the service.

2. What We Do NOT Collect

This is important. CloudHaul is designed to minimize data exposure:

  • We do not store your files. Your files transfer directly from Dropbox to Google Drive (or vice versa) and never reside on our servers.

  • We do not read the contents of your files. We only access file metadata (names, sizes, paths) required to execute the transfer.

  • We do not sell your data to third parties. Ever.

  • We do not share your data with advertisers.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate you and manage your account.

  • Execute file transfers between your connected cloud storage accounts.

  • Process payments for completed transfers via Stripe.

  • Send you transactional emails (transfer confirmations, receipts, error alerts).

  • Improve the reliability and performance of the service.

  • Comply with legal obligations.

4. Third-Party Services

  • CloudHaul integrates with the following third-party services:

  • Dropbox — governed by Dropbox's Privacy Policy (dropbox.com/privacy). We request only the scopes required to read and write files you select.

  • Google Drive — governed by Google's Privacy Policy (policies.google.com/privacy). We request only the scopes required to write files to your Drive.

  • Stripe — handles all payment processing. Governed by Stripe's Privacy Policy (stripe.com/privacy). We receive only a payment confirmation token, not your card details.

  • Supabase — our database provider, used to store account and transfer metadata. Data is stored in encrypted databases hosted in the United States.

5. OAuth Access & Permissions

When you connect Dropbox or Google Drive, you are redirected to that service's own authorization screen. You choose what access to grant. CloudHaul requests the minimum permissions necessary:

  • Dropbox: Read access to files and folders you select. Write access is not requested unless you are transferring into Dropbox.

  • Google Drive: Write access to create files in your Drive. Read access is requested only if transferring from Drive.

You can revoke CloudHaul's access at any time via your Dropbox or Google account settings. Revoking access will prevent future transfers but will not affect files already transferred.

6. Data Retention

  • OAuth tokens are stored only for the duration of an active session or until you disconnect your account.

  • Transfer job records (metadata only — no file contents) are retained for 90 days so you can view your transfer history, then deleted.

  • Account data is retained while your account is active. You may request deletion at any time (see Section 9).

7. Security

We take reasonable measures to protect your information:

  • All data in transit is encrypted using TLS (HTTPS).

  • OAuth tokens are encrypted at rest.

  • We do not log file contents at any point in the transfer pipeline.

  • Payment processing is fully delegated to Stripe, a PCI-DSS compliant provider.

No method of transmission over the internet is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security.

8. Cookies

We use a minimal number of cookies:

  • Session cookies — to keep you logged in during your visit.

  • Analytics cookies — basic, anonymized usage data to understand how the service is being used (e.g., page views, error rates).

We do not use advertising or tracking cookies. You can disable cookies in your browser settings, though some features may not function correctly.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccurate data.

  • Request deletion of your account and associated data.

  • Disconnect your Dropbox or Google account at any time.

  • Opt out of non-essential communications.

To exercise any of these rights, email us at privacy@cloudhaul.co. We will respond within 30 days.

10. Children's Privacy

CloudHaul is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by displaying a prominent notice on the site before the change takes effect. Your continued use of CloudHaul after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

CloudHaul

Email: hello@cloudhaul.co

Website: cloudhaul.co

 

This privacy policy was prepared for CloudHaul and is intended as a starting point. It is not legal advice. Consider having a lawyer review it before publishing.