How Gravix Cloud handles your data

This policy explains what information Gravix Cloud collects when you use our infrastructure and hosting services, why we collect it, who we share it with, and the choices available to you. It applies to our website, dashboards, APIs, and the real-time infrastructure we operate on behalf of clients.

Who we are

Gravix Cloud is a cloud infrastructure and hosting service operated by Gravity Compile LTD, a company registered in Bangladesh. Gravix Cloud designs, deploys, and manages server infrastructure for clients, including real-time audio/video infrastructure built on Selective Forwarding Unit (SFU) technology.

For the purposes of applicable data protection law, Gravity Compile LTD acts as a data controller for account and billing information collected directly from clients, and generally as a data processor (or sub-processor) for content and media that flows through infrastructure we host on a client's behalf. Section 3 explains this distinction in more detail.

Information we collect

We collect information in three broad categories: information you give us directly, information collected automatically through use of our services, and information generated by the infrastructure we operate.

Information you provide

Account details — name, email address, organization name, and password (stored as a salted hash, never in plain text).
Billing details — billing address, tax/VAT identifiers, and limited payment information where we process payments without a third-party processor (see Section 6).
Support communications — anything you send us via email, support tickets, or messaging channels, including attachments and logs you choose to share for troubleshooting.
Configuration data — server names, domain names, DNS records, firewall rules, and similar technical configuration you input when provisioning infrastructure.

Information collected automatically

Device and connection data — IP address, browser type, operating system, and timestamps, captured when you access our dashboard, API, or website.
Usage data — actions taken in the dashboard, API call volumes, feature usage, and login history.
Infrastructure telemetry — CPU, memory, bandwidth, and node-health metrics from the servers we provision, used for monitoring and capacity planning.

Media & real-time session data

Because Gravix Cloud hosts real-time audio/video infrastructure for clients, this section addresses media traffic specifically and separately from account data above.

What we do not do by default: our SFU nodes route and forward encrypted audio/video media between session participants. We do not record, store, transcribe, or inspect the content of that media unless a client has explicitly provisioned a recording or egress feature for their own deployment.

When a client's application establishes a real-time session through infrastructure we host, the following data is necessarily processed to make the connection work:

Session metadata — room identifiers, participant counts, join/leave timestamps, and connection quality statistics, used for routing, billing, and capacity planning.
Routing coordination data — our managed Redis layer maintains short-lived state (such as which node a participant is connected to) so that participants in the same room can be routed correctly across a multi-node cluster. This data is operational and is not designed for long-term storage or analysis.
Network-layer data — IP addresses and connection paths necessary to establish peer connections through our TURN/relay infrastructure.

If a client enables recording, transcription, or egress features for their own end users, the client — not Gravix Cloud — is responsible for obtaining any consents required from their end users under applicable law, and is the data controller for that recorded content. We act only as the infrastructure processor in that scenario, under the terms of a separate data processing agreement where applicable.

How we use information

We use the information described above to:

Provision, operate, monitor, and maintain the servers and infrastructure you've engaged us to manage.
Authenticate accounts and secure access to dashboards and APIs.
Process payments, issue invoices, and maintain financial records as required by law.
Diagnose and resolve technical issues, including capacity planning across SFU nodes.
Communicate with you about service status, scheduled maintenance, incidents, and changes to our services or policies.
Detect, investigate, and prevent abuse, fraud, or activity that threatens the stability of shared infrastructure.
Comply with legal obligations, including tax and accounting requirements under Bangladeshi law.

We do not sell personal information, and we do not use client media content for advertising or for training any model or system.

Legal basis for processing

Where applicable data protection law requires a legal basis for processing (for example, under the GDPR for clients or end users located in the EU/EEA/UK), we rely on one or more of the following:

Contract — processing necessary to provide the hosting and infrastructure services you've signed up for.
Legitimate interest — processing necessary for network security, abuse prevention, and service improvement, balanced against your rights.
Legal obligation — processing necessary to comply with tax, accounting, or law enforcement requirements.
Consent — for optional features (such as marketing communications) where consent is the appropriate basis.

Sharing & sub-processors

We share information only as necessary to operate the service:

Category	Purpose	What's shared
Infrastructure providers	Underlying compute, networking, load balancing, and managed database/cache services that power your deployment	Account identifiers, technical configuration, infrastructure telemetry
Payment processors	Processing card or bank payments where used	Billing details and transaction data necessary to complete payment
Communication tools	Email delivery for invoices, alerts, and support	Name and email address
Legal & regulatory bodies	Compliance with valid legal requests	Limited to what is legally required

We require sub-processors who handle personal data on our behalf to implement appropriate technical and organizational safeguards. We do not permit sub-processors to use shared data for their own independent purposes.

International data transfers

Gravity Compile LTD is based in Bangladesh, and the infrastructure we manage on behalf of clients may be located in other jurisdictions depending on where a client chooses to deploy (for example, on infrastructure providers with data center regions outside Bangladesh). Where this involves a transfer of personal data across borders, we take reasonable steps to ensure the recipient infrastructure provider maintains appropriate security and contractual safeguards. Clients selecting a specific data center region are responsible for confirming that region satisfies their own regulatory obligations toward their end users.

Data retention

Account and billing data is retained for the duration of your account plus a period afterward as required for tax and accounting purposes under applicable law (generally up to 6 years).
Session metadata and infrastructure telemetry used for monitoring and billing is generally retained for 30–90 days before aggregation or deletion, unless a longer period is required for an active billing dispute or security investigation.
Routing/coordination data held in our managed Redis layer is short-lived by design and is not retained beyond the active session lifecycle.
Support tickets and correspondence are retained for as long as reasonably necessary to resolve the matter and for a reasonable period afterward for quality and dispute-resolution purposes.

Upon account closure, we delete or anonymize personal data within a reasonable period, except where retention is required by law or for legitimate business records such as final invoices.

Security

We apply technical and organizational measures appropriate to the sensitivity of the data we handle, including:

Encryption of data in transit (TLS) for dashboard, API, and signaling traffic, and encrypted media transport for real-time sessions.
Network-level isolation and firewall rules restricting access to infrastructure components (SFU nodes, Redis, managed databases) to only what is operationally necessary.
Access controls limiting internal access to client infrastructure and personal data to authorized personnel on a need-to-know basis.
Regular review of firewall, port, and access configurations as infrastructure scales.

No system is completely secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify you in accordance with applicable law.

Your rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent where processing is based on consent. To exercise any of these rights, contact us using the details in Section 14. We will respond within a reasonable timeframe and may need to verify your identity before fulfilling a request.

Where Gravix Cloud acts as a processor for content uploaded by a client's own end users (see Section 3), end users should direct data rights requests to that client in the first instance, as the client controls that data.

Cookies & similar technologies

Our website and dashboard use a limited set of cookies and similar technologies necessary for authentication (keeping you logged in), security (detecting suspicious activity), and basic analytics to understand aggregate usage of our dashboard. We do not use third-party advertising cookies. You can control cookies through your browser settings, though disabling essential cookies may prevent the dashboard from functioning correctly.

Children's data

Gravix Cloud's services are intended for businesses and individuals capable of entering into a binding contract, and are not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected such data, we will take steps to delete it.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, infrastructure, or legal obligations. We will post the updated version with a revised "last updated" date, and for material changes, we will provide reasonable advance notice via email or a dashboard notice before the changes take effect.

Contact

If you have questions about this Privacy Policy or wish to exercise a data right, contact us:

Entity: Gravity Compile LTD, trading as Gravix Cloud
Email: support@gravixcloud.com
Registered address: Faridpur, Bangladesh

The terms behind your infrastructure

These Terms of Service ("Terms") govern your access to and use of Gravix Cloud's hosting and infrastructure services, including provisioned servers, managed databases, and real-time SFU clusters. By creating an account or using our services, you agree to these Terms on behalf of yourself or the organization you represent.

Agreement to terms

These Terms form a binding agreement between you ("Client," "you") and Gravity Compile LTD, a company registered in Bangladesh, trading as Gravix Cloud ("Gravix Cloud," "we," "us"). If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity, in which case "you" refers to that entity.

If you do not agree to these Terms, you must not access or use our services.

The service

Gravix Cloud provisions and manages cloud server infrastructure on behalf of clients, which may include:

Dedicated or virtual compute instances configured to client specifications.
Real-time audio/video infrastructure based on Selective Forwarding Unit (SFU) architecture, including multi-node clusters, managed routing/coordination layers, and load balancing.
Managed databases, caches, and related supporting infrastructure.
Monitoring, scaling guidance, and operational support for the above.

The specific infrastructure, capacity, and service tier provided to you will be set out in an order form, invoice, quote, or dashboard configuration ("Service Order"), which forms part of these Terms. In the event of a conflict between a Service Order and these Terms, the Service Order controls only with respect to the specific scope, pricing, or capacity it describes.

Accounts & eligibility

You must be at least 18 years old and capable of forming a binding contract to use our services.
You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account.
You must provide accurate account and billing information and keep it up to date.
You must notify us promptly of any unauthorized use of your account or any other breach of security.

Acceptable use

You agree not to use Gravix Cloud infrastructure to:

Violate any applicable law or regulation, including those of Bangladesh and any jurisdiction in which your infrastructure is deployed.
Distribute malware, conduct denial-of-service attacks, port scanning, or other activity intended to disrupt or gain unauthorized access to systems not owned by you.
Send unsolicited bulk communications (spam) or facilitate phishing.
Host or transmit content that infringes intellectual property rights, is defamatory, or violates the privacy rights of others.
Host or transmit child sexual abuse material, content that sexually exploits minors, or material facilitating such exploitation — this is a zero-tolerance violation resulting in immediate termination and, where required, referral to law enforcement.
Exceed the resource limits of your provisioned infrastructure in a way that degrades the stability or performance of shared or adjacent infrastructure, including other clients' SFU clusters.
Resell, sublicense, or provide the infrastructure as a competing hosting service to third parties without our prior written consent.

We reserve the right to investigate suspected violations and to suspend or terminate access where we reasonably believe a violation has occurred, in accordance with Section 8.

Client content & media

As between you and Gravix Cloud, you retain all ownership rights in the content, applications, and media transmitted through or stored on infrastructure we provision for you ("Client Content"). You are solely responsible for:

Ensuring you have all rights and consents necessary to transmit, store, and process Client Content, including any audio/video media from your own end users routed through your SFU deployment.
Compliance with data protection laws applicable to your end users, including obtaining any consents required to record, store, or otherwise process real-time media beyond live routing.
Configuring recording, egress, or storage features responsibly, including setting appropriate retention and access controls for any recorded content.

Our role: Gravix Cloud's SFU infrastructure routes and forwards real-time media between session participants. We do not access, inspect, or use the substantive content of Client Content except as necessary to provide, secure, or troubleshoot the service, or as required by law.

We grant you no rights in Client Content beyond what is necessary to host it. You grant us a limited license to access, store, and process Client Content solely to provide the services under these Terms.

Fees & billing

Fees for your infrastructure are set out in your Service Order and are billed on the cycle specified there (monthly, unless otherwise agreed).
Fees are exclusive of applicable taxes, which you are responsible for unless we are legally required to collect them.
Late or failed payment may result in suspension of services after reasonable notice, in accordance with Section 8.
We may change our fees with at least 30 days' notice before the change takes effect on your next billing cycle; continued use after that date constitutes acceptance of the new fees.
Except where required by law or expressly stated in a Service Order, fees are non-refundable, including for partial billing periods.

Service levels & capacity

We aim to provide reliable, production-grade infrastructure, including failover-capable architecture for multi-node deployments where applicable. However:

Specific uptime commitments, if any, are set out only in a separate Service Level Agreement ("SLA") referenced in your Service Order. Absent a signed SLA, services are provided on a reasonable-efforts basis without a guaranteed uptime percentage.
Real-time media quality (latency, jitter, packet loss) can be affected by factors outside our control, including your end users' own network conditions and devices.
We may perform scheduled maintenance with reasonable advance notice, and emergency maintenance without advance notice where necessary to address a security risk or service-threatening issue.
You are responsible for sizing your infrastructure appropriately for your expected load; we are not liable for degraded performance caused by usage beyond your provisioned capacity.

Suspension & termination

By you

You may terminate your account at any time through the dashboard or by written notice. Termination does not entitle you to a refund of fees already paid except as required by law or expressly stated in a Service Order.

By us

We may suspend or terminate your access to the services, with notice where reasonably practicable, if:

You materially breach these Terms, including the acceptable use provisions in Section 4.
Payment is overdue and not resolved within a reasonable cure period after notice.
Your use poses a security risk or threatens the stability of shared infrastructure.
We are required to do so by law or by an upstream infrastructure provider.

For violations involving illegal content or imminent harm to others, we may suspend access immediately without prior notice.

Effect of termination

Upon termination, your right to use the services ends, and we may delete Client Content and configuration data after a reasonable grace period (or immediately, where required by law or in cases of severe violation). You are responsible for exporting any data you wish to retain before termination.

Intellectual property

Gravix Cloud and its licensors retain all rights, title, and interest in the Gravix Cloud platform, dashboard, documentation, and underlying infrastructure tooling, excluding Client Content. Nothing in these Terms transfers ownership of our intellectual property to you. You may not reverse-engineer, decompile, or attempt to extract the source code of our platform except to the extent permitted by law.

Trademarks, logos, and brand names of Gravix Cloud and Gravity Compile LTD may not be used without our prior written permission.

Disclaimers

Except as expressly stated in a signed SLA, the services are provided "as is" and "as available," without warranties of any kind, whether express, implied, or statutory, including implied warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the services will be uninterrupted, error-free, or completely secure, or that real-time media quality will meet any particular standard given the variability of network conditions outside our control.

Limitation of liability

To the maximum extent permitted by applicable law:

Neither party will be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or goodwill, arising from or related to these Terms or the services.
Gravix Cloud's total aggregate liability arising from or related to these Terms or the services will not exceed the total fees paid by you to us in the 3 months immediately preceding the event giving rise to the claim.
These limitations do not apply to liability that cannot be limited or excluded under applicable law, or to either party's indemnification obligations under Section 12.

Indemnification

You agree to indemnify and hold Gravix Cloud and Gravity Compile LTD harmless from claims, damages, and reasonable expenses (including legal fees) arising from: your violation of these Terms; your Client Content; your violation of applicable law; or your infringement of a third party's rights through your use of the services. We will provide reasonably prompt notice of any such claim.

Governing law & disputes

These Terms are governed by the laws of Bangladesh, without regard to its conflict-of-laws principles. Any dispute arising from or relating to these Terms or the services will be subject to the exclusive jurisdiction of the competent courts of Bangladesh, unless otherwise required by mandatory law applicable to you.

Changes to these Terms

We may update these Terms from time to time. For material changes, we will provide at least 14 days' notice via email or dashboard notice before the changes take effect. Continued use of the services after the effective date constitutes acceptance of the updated Terms. If you do not agree to the updated Terms, you may terminate your account before they take effect.

Contact

Questions about these Terms can be directed to:

Entity: Gravity Compile LTD, trading as Gravix Cloud
Email: support@gravixcloud.com
Registered address: Faridpur, Bangladesh