🚀 zCloud is launching soon — join the waitlist and be first to deploy →
zCloudzCloud
Sign inGet started
Legal

Privacy Policy

Last updated: 11 June 2026

1. Introduction

Runstate Ltd ("Runstate", "we", "us") is the data controller for personal data collected through the zCloud platform (zcloud.mu). We are committed to protecting the privacy of our customers, website visitors, and prospects in compliance with the Mauritius Data Protection Act 2017 ("DPA 2017") and applicable international data protection principles.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, how long we keep it, and what rights you have in relation to it. Please read this Policy carefully before using our Services.

2. Data We Collect

2.1 Information You Provide Directly

  • Account information: name, email address, phone number, and billing address provided during registration.
  • Payment information: transaction references and payment status returned by our payment processor (MCB Juice). We do not store full card numbers or mobile wallet credentials.
  • Support communications: messages, attachments, and metadata from tickets submitted via our help centre or our contact form.
  • Identity verification documents (where required by law or our fraud prevention procedures).

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, API calls made, and time spent on the platform.
  • Technical data: IP address, browser type and version, operating system, referral URL, and device identifiers.
  • Log data: server logs including request timestamps, response codes, and resource identifiers — retained for security and operational purposes.
  • Cookies and similar technologies: session tokens, preference cookies, and analytics identifiers. See our Cookie Notice (linked in the Site footer) for full details.

2.3 Information from Third Parties

We may receive information about you from payment processors and fraud-detection services to validate transactions and protect our platform.

3. Why We Process Your Data (Legal Bases)

  • Contract performance: to create and manage your account, provision Services, process payments, and provide support.
  • Legal obligation: to comply with Mauritius tax law, anti-money laundering requirements, and data retention obligations.
  • Legitimate interests: to ensure the security and reliability of our platform, prevent fraud and abuse, improve our Services, and send you relevant product updates. We balance these interests against your rights.
  • Consent: for marketing communications where required. You may withdraw consent at any time by clicking "Unsubscribe" in any marketing email or by contacting us.

4. How We Use Your Data

  • Provisioning, operating, and improving the Services.
  • Sending transactional emails (invoices, payment receipts, service alerts, and maintenance notices).
  • Responding to support requests and resolving technical issues.
  • Detecting, investigating, and preventing fraudulent, abusive, or illegal activity.
  • Complying with applicable laws and responding to lawful requests from regulatory or law-enforcement authorities.
  • Sending product news and feature announcements (with your consent, where required).

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

  • Payment processors (MCB Juice) solely to process transactions.
  • Infrastructure and security sub-processors who assist us in operating and protecting the platform, under written data processing agreements.
  • Professional advisers (lawyers, auditors) bound by confidentiality obligations.
  • Regulatory or law-enforcement authorities where required by applicable law or valid legal process.
  • Successor entities in the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

6. Data Retention

We retain your data only for as long as necessary to fulfil the purposes described above:

  • Account and billing data: retained for the duration of your account plus 7 years to satisfy Mauritius accounting and tax requirements.
  • Support tickets: retained for 3 years after resolution.
  • Security and access logs: retained for 12 months.
  • Marketing preferences: until you withdraw consent or request erasure.

When data is no longer required, we securely delete or anonymise it.

7. International Data Transfers

zCloud services are managed from Mauritius and run on enterprise-grade infrastructure operated by our sub-processors. Where we or our sub-processors process data outside Mauritius, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) to ensure your data receives the same level of protection as under the DPA 2017.

8. Your Rights Under the DPA 2017

As a data subject, you have the following rights:

  • Right of access: to receive a copy of the personal data we hold about you.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to request deletion of your data where we no longer have a lawful basis to retain it.
  • Right to restrict processing: to limit how we use your data in certain circumstances.
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format.
  • Right to object: to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please submit a written request via our contact form. In accordance with section 37 of the DPA 2017, we will respond within one month of receipt of a valid request. Where a request is complex or numerous we may extend this period and will inform you accordingly. We may need to verify your identity before processing your request.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Data Protection Office, headed by the Data Protection Commissioner of Mauritius (dataprotection.govmu.org).

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, or destruction. For details of our security practices, please visit our Security page.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified to you by email at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

11. Contact

For all privacy-related queries or to exercise your rights, please contact our Data Protection Officer at: