What We Collect
When you make a booking or enquiry through this website, we collect the following information:
We may also collect your transaction data related to bookings, and may track your preferences and other information you choose to provide on our Platform. This information may be compiled and analysed on an aggregated basis. We do not collect or store payment card details. Payments are processed directly through UPI — see Section 03 for full details.
You always have the option to not provide certain information by choosing not to use a particular service or feature on the Platform.
How We Use Your Data
- Confirming and managing your reservation
- Sending check-in instructions and property access details
- Communicating about your stay before, during, and after checkout
- Responding to enquiries submitted through the website or concierge chat
- Maintaining booking records for legal and tax compliance (GST, income tax)
- Assisting in handling and fulfilling bookings; enhancing guest experience
- Resolving disputes and troubleshooting problems
- Detecting and protecting against error, fraud, and other criminal activity
- Conducting marketing research, analysis, and surveys (aggregated, anonymised data)
We do not use your data for marketing without your explicit consent. If you'd like to receive occasional updates about Cloud 10, you can opt in by replying to any confirmation email. You may opt out at any time.
Payments & UPI Processors
All direct payments are made via UPI (Unified Payments Interface). We do not handle, store, or process card numbers, bank account credentials, or UPI PINs at any point. The transaction takes place entirely within your own payment app and the UPI network.
When you complete a UPI payment, the following third-party processors may be involved depending on the app you use:
No card data, ever. Cloud 10 does not operate a payment gateway, does not store card numbers or CVVs, and is not a PCI-DSS-scoped entity. If you receive a call or email claiming to be from Cloud 10 requesting your UPI PIN, bank password, or card details — do not provide it and report it to an appropriate law enforcement agency immediately.
Data Sharing
We do not sell your personal data. We may share your information in the following limited circumstances:
- Service providers — third-party service providers who assist in operating the Platform, processing payments, or delivering services; these providers are bound by confidentiality obligations.
- Legal obligations — to comply with applicable law, court orders, or respond to lawful requests from government agencies or law enforcement.
- Rights protection — where disclosure is reasonably necessary to enforce our Terms of Use, respond to claims of third-party rights violations, or protect the rights, property, or safety of our guests or the general public.
- OTA platforms — if you book through Airbnb, Booking.com, or MakeMyTrip, Cloud 10 receives only the guest information those platforms share with hosts. Their own privacy policies govern how your data is handled on those platforms.
When a third-party service collects your personal data directly from you, you will be governed by their privacy policies. We are not responsible for the privacy practices of third-party services.
Data Storage & Security
Booking data is stored securely on our hosting server (Hostinger) located in data centres compliant with industry-standard security practices. Access is restricted to the property host only. Your personal data is primarily stored and processed in India.
We use HTTPS encryption for all data transmitted through this website. We adopt reasonable security practices and procedures to protect your data from unauthorised access, loss, or misuse.
However, the transmission of information over the internet cannot always be guaranteed as completely secure. By using the Platform, you accept the security implications of data transmission over the internet and acknowledge that there will always remain certain inherent risks. You are responsible for ensuring the protection of any login and password records for your account.
Data Retention & Deletion
We retain booking records for a minimum of 3 years to comply with applicable tax regulations (GST, income tax), after which data is securely deleted.
We retain your personal data for no longer than is required for the purpose for which it was collected, or as required under any applicable law. We may retain data if we believe it may be necessary to prevent fraud or future abuse, or for other legitimate purposes. We may continue to retain your data in anonymised form for analytical and research purposes.
You may request deletion of your data by writing to us at hey@cloud10studios.in. We may refuse or delay deletion in the event of any pending grievance, claim, or legal obligation. Once deleted, you will lose access to all information related to your account.
Cookies & Tracking
This website uses a minimal set of cookies required for basic functionality. We do not use advertising cookies, tracking pixels, or behavioural profiling tools of any kind.
You can manage or delete cookies at any time through your browser settings. For Chrome: Settings → Privacy & Security → Cookies. For Safari: Settings → Safari → Privacy.
Third-Party Services
- Google Fonts — loads typefaces; may log requests to Google's servers
- wttr.in — fetches live weather for Noida; no personal data sent
- Pixabay Audio — ambient sounds; no personal data sent
- PhonePe / UPI network — payment processing; see Section 03 for full details
We do not use Google Analytics, Facebook Pixel, or any advertising tracking tools on this website.
Your Rights & Consent
You have the right to:
- Request a copy of the personal data we hold about you
- Request correction of inaccurate information
- Request deletion of your data after your stay, subject to legal retention requirements
- Withdraw consent for any optional communications at any time
By visiting this Platform or providing your information, you consent to the collection, use, storage, disclosure, and processing of your information as described in this Privacy Policy. If you disclose personal data relating to other people, you represent that you have the authority to do so.
To withdraw consent for processing your personal data, write to us at hey@cloud10studios.in with the subject line "Withdrawal of consent for processing personal data". Please note that withdrawal of consent will not be retrospective and may restrict our ability to provide services for which we consider that information necessary.
To exercise any of your rights, contact us at hey@cloud10studios.in. We will respond within 7 business days.
Grievance Officer
In accordance with the Information Technology Act, 2000 and the rules made thereunder, we have designated a Grievance Officer. All concerns or complaints relating to this Privacy Policy may be directed to:
Policy Updates
We may update this Privacy Policy from time to time to reflect changes to our information practices. The date at the top of this page reflects the most recent revision. We will alert or notify you about significant changes in the manner required under applicable laws.
Continued use of this website after a policy update constitutes acceptance of the revised terms. This policy is governed by the laws of India. Any disputes will be subject to the jurisdiction of courts in Noida, Uttar Pradesh.