Effective date: January 14, 2026
This Privacy Policy explains how MILOŠ ŽIVANOVIĆ PR RAČUNARSKO PROGRAMIRANJE OM OM CODE SMEDEREVO (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you access or use redu.cloud. redu.cloud is a public cloud infrastructure service operated by OM OM CODE.
If you have questions or requests related to privacy, contact us at office@redu.cloud.
The Data Controller is:
This Policy applies to our website, platform, and cloud services, including account registration and authentication, billing and invoicing, customer support, security monitoring, and platform usage.
B2B / professional use only: redu.cloud is intended for business customers (B2B), such as startups, development teams, companies, and registered entrepreneurs/sole proprietors acting in a professional capacity. We do not target the Services to consumers acting purely in a personal capacity.
Accounts may be created by users in Serbia, the EU, and other countries, subject to applicable law and any sanctions/export control restrictions described in our Terms of Service.
Registration and authentication are provided through an identity and access management system. Depending on your configuration and usage, we may process:
We may allow you to create an account or sign in using third-party identity providers (for example, Google or GitHub). When you use third-party sign-in, we typically receive basic account information from the provider such as:
We do not receive your password for the third-party account. We use this information only to authenticate you and create/link your redu.cloud account.
Because the Services are offered for business/professional use, we may request or process business profile details for invoicing, accounting, and compliance, such as:
When payment processing is enabled, payments are handled by third-party payment service providers. We do not store full card numbers. We may collect or receive billing-related data necessary for invoicing, accounting, fraud prevention, and customer support, such as:
To protect the platform, prevent abuse, and meet legal/compliance obligations (including payment risk controls), we may collect or request additional information in limited cases, such as:
We process technical and security data to operate the platform, calculate usage, and protect the service:
We may process cookie identifiers, consent status, and website usage data (such as pages visited and basic device/browser information) to operate, secure, and improve our website, subject to your consent settings where required.
Where applicable, we process personal data under one or more of the following legal bases: performance of a contract (providing the service), legitimate interests (security, abuse prevention, platform reliability, fraud prevention), compliance with legal obligations (invoicing/accounting), and consent (for marketing communications and non-essential cookies where required).
| Data / activity | Main purpose | Typical legal basis |
|---|---|---|
| Account registration (username, email) | Create and manage your account | Contract |
| Third-party sign-in (Google/GitHub basic profile data) | Authenticate and create/link your account | Contract |
| Business profile (company name, billing details) | Invoicing, account administration | Contract / legal obligation |
| Authentication & security events | Security, abuse prevention, audits | Legitimate interests |
| Usage metadata (compute/storage/network) | Operate service, calculate usage and billing | Contract |
| Invoices and accounting records | Billing, accounting, tax obligations | Legal obligation |
| Fraud prevention / risk controls | Prevent abuse, chargebacks, compliance | Legitimate interests / legal obligation (where applicable) |
| Support communications | Respond to requests, troubleshoot issues | Contract / legitimate interests |
| Marketing emails (if enabled) | Product updates, offers, newsletters | Consent or legitimate interests (where permitted) |
| Non-essential cookies / advertising | Analytics and marketing measurement | Consent (where required) |
Payments (once enabled) are processed by third-party payment service providers. Payment details are submitted directly to the provider and are not stored on our servers.
We may receive limited billing-related information such as payment status, transaction identifiers, dispute/chargeback references, invoice identifiers, and accounting-related data needed to operate the service and comply with legal obligations.
redu.cloud operates on our own private cloud infrastructure located in Smederevo, Serbia.
We maintain backups primarily on our own backup environment in the same location. We also use encrypted external backups to a cloud storage provider primarily for metadata and operational backups (for example, configuration and database backups). Customer virtual machine data is not backed up externally unless explicitly configured by the customer.
We use cookies and similar technologies to operate and secure our website and understand general usage patterns.
Where required by applicable law, we use a consent management platform (Cookiebot) to request and manage user consent for the use of non-essential cookies, including analytics and advertising cookies. You can update your preferences at any time through the cookie consent banner.
We use Google Analytics to better understand how visitors interact with our website. For more information, please review Google’s Privacy Policy and Google Analytics data collection and processing.
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. For more information, visit Microsoft Privacy Statement.
We may also use advertising pixels in the future where permitted and subject to your cookie consent choices.
We may create aggregated statistics and, where feasible, anonymized reports about the use of our website and services (for example, overall traffic or usage trends). These reports are used for service improvement, capacity planning, security, and analytics and are not intended to identify you.
We share personal data only when necessary to operate the platform, provide support, prevent fraud/abuse, or comply with legal obligations. We do not sell personal data.
We may use third-party service providers (“processors”) to support our operations (for example: email services, analytics, payment processing, and backup storage). Processors process personal data on our behalf and under our instructions, subject to confidentiality and security obligations.
We may also disclose personal data to authorities and regulators when legally required.
We use a limited number of trusted third-party service providers (“subprocessors”) to help operate our website and cloud platform. Subprocessors process personal data only on our behalf and under our instructions, subject to confidentiality, security, and data protection obligations.
Our current subprocessors include:
| Subprocessor | Purpose | Categories of data | Processing location |
|---|---|---|---|
| Google (Gmail) | Customer support communications | Email address, support messages, attachments | EEA and/or other countries (including possible U.S.) |
| Google Analytics | Website analytics and performance measurement | Cookie identifiers, IP address, device and usage data | EEA and/or other countries (including possible U.S.) |
| Microsoft Clarity | Website analytics and session replay | Cookie identifiers, device and usage data | EEA and/or other countries (including possible U.S.) |
| Cookiebot | Cookie consent management | Consent status, cookie identifiers | EEA |
| Google Drive (encrypted backups) | Encrypted backup storage | Encrypted configuration and metadata backups | EEA and/or other countries (including possible U.S.) |
| Payment service provider (to be selected) | Payment processing and invoicing | Name, email, billing address, invoice data, payment status, transaction identifiers, dispute/chargeback references (if applicable) | EEA and/or other countries (depending on provider) |
We may update this list from time to time as our services evolve. Any new subprocessors will be required to provide appropriate contractual and technical safeguards for the protection of personal data. Where required for international transfers, we rely on suitable safeguards such as Standard Contractual Clauses or other legally recognized transfer mechanisms.
Personal data is primarily processed in Serbia. Where we use third-party service providers, data may be processed in the EEA and/or other jurisdictions. Where required, we use appropriate safeguards (such as contractual protections and Standard Contractual Clauses) to protect personal data that is transferred internationally.
We retain personal data only for as long as necessary to provide services, comply with legal obligations, and maintain platform security. Our current retention approach is:
| Data type | Typical retention |
|---|---|
| Account data | While the account is active (and for a limited period after deletion requests to complete closure) |
| Business profile & invoicing data | For as long as needed to manage the account and comply with accounting/tax obligations |
| Billing records / invoices | Up to 10 years (legal/accounting obligations) |
| Security, authentication and audit logs | Up to 24 months |
| Support communications | Up to 36 months |
| Disputes / chargebacks (if applicable) | Up to 36 months (or longer if required to resolve disputes or comply with legal obligations) |
| Cookie consent logs | As required to demonstrate consent and compliance |
You may request account deletion by contacting office@redu.cloud.
Upon deletion, we intend to:
Certain data may be retained where required or justified, such as invoices (accounting law) and security logs (fraud/security purposes) for the retention periods described above.
We implement security measures appropriate for a cloud infrastructure provider, including:
No system is completely secure. In the event of a personal data breach, we will take reasonable steps to contain and remediate the incident. Where required by applicable law, we will notify relevant authorities and affected individuals.
We may send registered users marketing emails and product updates. Where required, you can opt out at any time through an unsubscribe link or by contacting office@redu.cloud.
Transactional messages (e.g., password resets, security notices, invoices) are sent as necessary to operate the service.
Depending on your location and applicable law, you may have rights to:
To exercise your rights, contact office@redu.cloud. To protect your account and personal data, we may ask you to verify your identity before acting on your request (for example, by requesting the request be sent from the email address associated with your account, or by other reasonable verification steps).
We typically respond within 30 days, subject to applicable law and the complexity of the request.
The platform is intended for business/professional users and is not directed to children. We do not knowingly collect personal data from children under the age of 13.
If you believe your rights have been violated, you may lodge a complaint with the Serbian supervisory authority:
This Privacy Policy is governed by the laws of the Republic of Serbia, without prejudice to any mandatory rights you may have under applicable data protection laws.
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.