get a quote
get a quote

PRIVACY POLICY

Last Updated: January 22, 2026

 

At Cloudex Marketing, we recognize that trust is the foundation of any SEO partnership. This Privacy Policy explains how we collect, use, and protect your information when you visit cloudexmarketing.com or engage our services. We operate with a “Security by Design” mindset, ensuring that your data is never a product.

 

Table of Contents

  1. Entity Identification & Data Controller
  2. Information We Collect & Legal Basis
  3. How We Use Your Data
  4. Data Storage & Retention
  5. Your Data Rights
  6. International Data Transfers
  7. Third-Party Sub-Processors
  8. Cookies & Tracking Technologies
  9. AI Transparency & Ethics
  10. Children’s Privacy
  11. Data Breach Procedures
  12. Marketing Communications
  13. Payment Processing
  14. Personnel & Confidentiality
  15. Case Studies & Public Data
  16. Supervisory Authority
  17. Changes to This Policy
  18. Contact Information

1. Entity Identification & Data Controller

Cloudex Marketing is the legal entity responsible for your data processing.

 

  • Legal Entity: Cloudex Marketing (Private Limited)
  • Registered Address: 2nd Floor, B, 28, Block 16 Gulshan-e-Iqbal, Karachi, 75300, Pakistan
  • Primary Services: Search Engine Optimization (SEO), Semantic SEO, Technical SEO, Content Strategy, Topical Authority Building
  • Primary Contact: hi@cloudexmarketing.com
  • Data Rights Inquiries: cloudexmarketing@gmail.com
  • Geographic Coverage: Pakistan, Australia, United States, United Arab Emirates, United Kingdom

 

2. Information We Collect & Legal Basis

We map every data point to a specific “Legal Basis” for processing, as required by global standards (GDPR, CCPA, and local regulations).

 

A. Performance of Contract (SEO Services)

When you hire us, we process data essential to delivering growth:

 

  • Contact Information: Name and email for communication and service delivery.
  • Technical Integration: We utilize Google Analytics and Google Search Console to monitor performance. Note: We do not store your WordPress or Google credentials directly on this website.
  • Workflow Management: We use Asana as our CRM and project management tool. While separate from this website, client project data is stored here to ensure service delivery.
  • Business Information: Company name, website URL, industry vertical, and business goals to tailor our SEO strategies.

 

B. Legitimate Interests (Site Security & Optimization)

  • HTTPS & HSTS: This site is secured via SSL with HTTP Strict Transport Security (HSTS) enabled to prevent man-in-the-middle attacks.
  • Usage Analytics: We analyze how users interact with our site to improve our SEO content and user experience.
  • Security Monitoring: IP addresses and access logs for fraud prevention and system security.

 

C. Data Processing Legal Basis Table

 

Data Type

Purpose

Legal Basis

Retention

Contact Info

Service delivery

Contract Performance

12 months post-contract

Analytics Data

Site optimization

Legitimate Interest

26 months (GA4 default)

Payment Info

Billing & invoicing

Contract Performance

7 years (tax law)

Project Files

SEO deliverables

Contract Performance

12 months + archive

3. How We Use Your Data

We use the collected information for the following purposes:

 

  • Service Delivery: Execute SEO campaigns, provide analytics, and deliver contracted services.
  • Communication: Send project updates, performance reports, and respond to inquiries.
  • Improvement: Analyze website performance and user behavior to enhance our services.
  • Compliance: Meet legal obligations, including tax and financial record-keeping.
  • Security: Protect against fraud, unauthorized access, and other security threats.

 

4. Data Storage & Retention

  • Security Infrastructure: Client files are stored in a secure Google Drive ecosystem with strict access controls, two-factor authentication, and encryption at rest and in transit.
  • The “Cooling Off” Period: We retain active client files for 12 months after a contract ends. This allows for seamless transitions should you choose to resume services.
  • Archival Security: After 12 months, files are moved to an isolated, encrypted server with zero employee access, ensuring your historical data remains private but recoverable if legally required.
  • Data Minimization: We only retain data necessary for business, legal, or security purposes and delete data when no longer needed.

 

5. Your Data Rights

We serve clients globally. Regardless of your location, we honor the following rights:

 

  1. Right to Access: Request a copy of your data in machine-readable format (CSV/JSON). We respond within 30 days.
  2. Right to Rectification: Correct any inaccurate or incomplete data we hold about you.
  3. Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data, subject to legal retention requirements.
  4. Right to Restriction: Limit how we process your data in certain circumstances.
  5. Right to Data Portability: Receive your data in a structured, commonly used format to transfer to another service provider.
  6. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  7. Right to Withdraw Consent: Opt out of marketing or optional processing at any time.
  8. Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we’ve mishandled your data.

 

How to Exercise Your Rights

Email your request to: complaints.cloudexmarketing@gmail.com

 

  • Response Time: We respond to data requests within 30 days. Complex requests may take up to 60 days with notification.
  • Verification: To prevent unauthorized access, we require proof of identity (government-issued ID) and proof of relationship to data (signed agreement or email from registered address).

6. International Data Transfers

Client data may be transferred outside your country of residence to our servers in Pakistan and third-party processors (Google LLC, Asana Inc.) in the United States.

 

For EU/UK Clients:

We rely on the following mechanisms to ensure adequate protection:

 

  • Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers to countries without adequacy decisions.
  • EU-US Data Privacy Framework: Google LLC is certified under this framework for compliant US transfers.
  • Your Explicit Consent: When legally required, we obtain your consent for international transfers.

 

Data transferred outside the EU/UK is protected by contractual safeguards equivalent to GDPR standards.

 

7. Third-Party Sub-Processors

To provide our services, we utilize trusted infrastructure partners. Each sub-processor is contractually bound to GDPR-equivalent data protection standards.

 

Sub-Processor

Purpose

Data Shared

Location

Google LLC

Analytics, Search Console, Cloud Storage

Usage data, Client files, SEO metrics

USA (EU-US DPF certified)

Asana, Inc.

Project Management & CRM

Contact info, Project details, Task management

USA

 

Updated Sub-Processor List: We maintain a current list at cloudexmarketing.com/subprocessors (to be published).

8. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website.

 

Types of Cookies We Use:

 

  • Essential Cookies: Required for site functionality, including session management and security features. These cannot be disabled without affecting site operation.
  • Analytics Cookies: Google Analytics (GA4) for performance monitoring, user behavior analysis, and content optimization. These help us understand how visitors interact with our site.
  • Marketing Cookies: Currently none deployed. We do not use third-party advertising cookies.

 

Cookie Lifespan:

 

  • Session Cookies: Expire when you close your browser.
  • Persistent Cookies: Remain for up to 26 months (Google Analytics default) or until manually deleted.

 

Managing Cookies:

You can manage cookies via your browser settings. Most browsers allow you to refuse or delete cookies. Disabling essential cookies may limit site functionality.

 

  • Chrome: Settings > Privacy and security > Cookies
  • Firefox: Options > Privacy & Security > Cookies
  • Safari: Preferences > Privacy > Cookies

 

9. AI Transparency & Ethics

In alignment with 2026 SEO standards and ethical AI practices, we disclose our use of Artificial Intelligence:

 

Enhancement, Not Replacement

We use AI (Claude, GPT-4, specialized SEO tools) to:

 

  • Analyze search data and identify semantic patterns for topical authority building
  • Generate content outlines, topical maps, and entity-attribute frameworks
  • Optimize existing content for search engines and user intent
  • Conduct competitive analysis and keyword research at scale

 

  • NEVER: Create final client content without human expert review and quality assurance.

 

AI Training Opt-Out & Crawler Protection

We do not use your proprietary data to train public AI models. We actively block aggressive AI crawlers via robots.txt and technical measures:

 

  • GPTBot (OpenAI)
  • Google-Extended (Gemini training)
  • CCBot (Common Crawl)
  • Anthropic-AI and other training-focused crawlers

 

Human Oversight: All AI-generated recommendations undergo review by our SEO specialists (trained in Koray Tugberk’s Semantic SEO framework) before delivery to clients.

10. Children’s Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.

 

If we discover we have collected data from a minor without appropriate consent, we will delete it immediately. Parents/Guardians: Contact complaints.cloudexmarketing@gmail.com if you believe your child has provided us with personal information.

 

11. Data Breach Procedures

In the unlikely event of a data breach affecting your personal information:

 

  • Client Notification: We will notify affected clients within 72 hours of discovery (GDPR requirement).
  • Authority Notification: We will notify relevant supervisory authorities as legally required.
  • Transparency: Notification will include the nature of the breach, likely consequences, and mitigation measures taken.
  • Remediation: We will take immediate steps to contain the breach, assess damage, and prevent future incidents.

 

Security Incident Contact: complaints.cloudexmarketing@gmail.com

 

12. Marketing Communications

  • Opt-In Only: We will only send marketing emails if you have explicitly opted in.
  • Unsubscribe: Every marketing email contains an unsubscribe link in the footer.
  • Processing Time: Opt-out requests are processed within 48 hours.
  • No Data Selling: We do not sell, rent, or share your email address with third parties for their marketing purposes.

 

Note: Transactional emails (invoices, service updates, security alerts) are essential to our service and cannot be unsubscribed from.

 

13. Payment Processing

Direct Storage: We do not store credit card information directly. All payment card data is processed by PCI-DSS compliant payment processors.

 

  • Payment Methods: Bank transfers, PayPal, or other secure payment processors (processor privacy policies apply).
  • Invoice Retention: We retain invoices and transaction records for 7 years to comply with Pakistan tax law and international accounting standards.
  • Financial Data: Payment processor names, transaction IDs, and invoice amounts are stored for reconciliation purposes only.

14. Personnel & Confidentiality

  • Internal NDAs: Every Cloudex Marketing employee and contractor is bound by a strict Non-Disclosure Agreement (NDA) covering client data and proprietary information.
  • Need-to-Know Access: Data access is restricted only to team members directly assigned to your project. We implement role-based access controls (RBAC).
  • Training: All personnel receive data protection and security awareness training annually.
  • Audit Trails: We maintain logs of who accesses client data and when, for security and accountability.

 

15. Case Studies & Public Data

Cloudex Marketing believes in “Working in Public” to demonstrate expertise and thought leadership in the SEO community. However, we strictly adhere to individual client NDAs.

 

  • Anonymized Metrics: We may use anonymized growth metrics (traffic gains, ranking improvements, conversion rate lifts) for case studies and portfolio examples.
  • No Identifying Information: No brand names, URLs, or identifying business details will be shared without explicit written consent.
  • Client Permission: Before publishing any case study with identifying information, we obtain signed approval from the client.
  • Opt-Out Available: Clients may request removal from public case studies at any time, even after initial approval.

 

16. Supervisory Authority (Complaints)

If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:

 

  • Pakistan: National Database and Registration Authority (NADRA)
  • EU/EEA: Your local Data Protection Authority (https://edpb.europa.eu/about-edpb/board/members_en)
  • UK: Information Commissioner’s Office (ICO) – https://ico.org.uk
  • Australia: Office of the Australian Information Commissioner (OAIC) – https://www.oaic.gov.au
  • USA (California): California Privacy Protection Agency (CPPA) – https://cppa.ca.gov

 

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or industry standards.

 

  • Material Changes: We will notify you via email 30 days before significant changes take effect. Material changes include modifications to data usage, retention periods, or third-party sharing.
  • Minor Updates: Posted on this page with an updated “Last Modified” date at the top. Minor updates include clarifications, formatting changes, or contact information updates.
  • Version History: A complete changelog will be available at cloudexmarketing.com/privacy/changelog (to be published).
  • Continued Use: Your continued use of our services after policy changes indicates acceptance of the updated terms.

 

18. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

 

  • Data Protection Inquiries: cloudexmarketing@gmail.com
  • General Questions: hi@cloudexmarketing.com
  • Website: com

 

Mailing Address:

Cloudex Marketing

2nd Floor, B, 28, Block 16

Gulshan-e-Iqbal

Karachi, 75300

Pakistan

 

 

***

 

Thank you for trusting Cloudex Marketing with your SEO journey.

We are committed to protecting your privacy while delivering exceptional results.