Effective date: October 23, 2025
Thanks for entrusting SplineCloud Inc. ("SplineCloud", "we") with your data, know-how, your projects, and your personal information. Holding on to your private information is a serious responsibility, and we want you to know how we're handling it.
All capitalized terms have their definition in SplineCloud's Terms of Service, unless otherwise noted here.
We use your personal information as this Privacy Statement describes. No matter where you are, where you live, or what your citizenship is, we provide the same high standard of privacy protection to all our users around the world, regardless of their country of origin or location. We comply with the EU General Data Protection Regulation (GDPR) for all users globally.
Of course, the short version and the Summary below don't tell you everything, so please read on for more details.
1. What information SplineCloud collects - SplineCloud collects information directly from you for your registration and user profile. We also automatically collect from you your usage information, cookies, and device information, subject, where necessary, to your consent. SplineCloud may also collect User Personal Information from third parties. We only collect the minimum amount of personal information necessary from you.
2. What information SplineCloud does NOT collect - We don't collect Sensitive Personal Information. We do not profile user behavior, use AI assistants to categorize users, or conduct targeted marketing based on your behavior.
3. How SplineCloud uses your information - In this section, we describe the ways in which we use your information, including to provide you the Service, to communicate with you, for security and compliance purposes, and to improve our Service.
4. How we share the information we collect - We may share your information with third parties under one of the following circumstances: with your consent, with our service providers, for security purposes, to comply with our legal obligations, or when there is a change of control or sale of corporate entities or business units. We do not sell your personal information and we do not host advertising on SplineCloud. You can see a list of the service providers that access your information.
5. Repository contents and data licensing - Currently we only allow public repositories - anyone may view contents of your repositories. You can select data licenses (including Creative Commons licenses) to define how others may use your content.
6. Third-party access to public information - We provide information about how third parties may access public-facing content on SplineCloud.
7. Additional services - We provide information about additional service offerings, like SplineCloud client applications.
8. Your rights under GDPR - We explain your comprehensive rights regarding your personal data, including rights to access, rectification, erasure, data portability, restriction of processing, and objection.
9. How you can access and control the information we collect - We provide ways for you to access, alter, or delete your personal information.
10. Data retention and deletion - We retain your data only as long as necessary and provide clear timelines for data deletion.
11. Our use of cookies and tracking - We only use strictly necessary cookies to provide, secure and improve our service.
12. How SplineCloud secures your information - We take all measures reasonably necessary to protect the confidentiality, integrity, and availability of your personal information on SplineCloud and to protect the resilience of our servers.
13. International data transfers - We explain how we handle data transfers and ensure adequate protection regardless of location.
14. How we communicate with you - We communicate with you by email.
15. Resolving complaints - In the unlikely event that we are unable to resolve a privacy concern quickly and thoroughly, we provide a path of dispute resolution, including contact information for EU data protection authorities.
16. Changes to our Privacy Statement - We notify you of material changes to this Privacy Statement 30 days before any such changes become effective.
17. License - This Privacy Statement is licensed under the Creative Commons Zero license.
"User Personal Information" is any information about one of our Users which could, alone or together with other information, personally identify them or otherwise be reasonably linked or connected with them. Information such as a username and password, an email address, a real name, an Internet protocol (IP) address, and a photograph are examples of "User Personal Information."
User Personal Information does not include aggregated, non-personally identifying information that does not identify a User or cannot otherwise be reasonably linked or connected with them. We may use such aggregated, non-personally identifying information for research purposes and to operate, analyze, improve, and optimize our Website and Service.
We require some basic information at the time of account creation. When you create your own username and password, we ask you for a valid email address. Your username may be a pseudonym or nickname. We do not require your real name or identity for registration.
Your username is always public and visible to other users. Your email address is always kept private and is never displayed to other users or made publicly accessible. Authentication tokens and credentials are securely stored and kept strictly confidential.
You may voluntarily choose to give us more information for your Account profile, such as your full name, an avatar which may include a photograph, your biography, your location, your company, and links to your social profiles or a third-party website. All profile information beyond username and email is entirely optional. This information is used to support social features and help you claim authorship of your contributions. This information may include User Personal Information.
Please note that your profile information may be visible to other Users of our Service. Your email address remains private regardless of your profile settings.
You may select data licenses (including Creative Commons licenses) to define how others may use your content and contributions on SplineCloud.
If you're accessing our Service or Website, we automatically collect the same basic information that most services collect, subject, where necessary, to your consent. This includes information about how you use the Service, such as the pages you view, the referring site, your IP address and session information, and the date and time of each request. This is information we collect from every visitor to the Website, whether they have an Account or not. This information may include User Personal information.
We do not profile user behavior, use AI assistants to categorize users, or conduct targeted marketing based on your usage patterns.
As further described below, we automatically collect information from cookies (such as cookie ID and settings) to keep you logged in, to remember your preferences, to identify you and your device and to analyze your use of our service.
We may collect certain information about your device, such as its IP address, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer. This information may include User Personal information.
SplineCloud may collect User Personal Information from third parties. For example, this may happen if you sign up for training or to receive information about SplineCloud from one of our vendors, partners, or affiliates. SplineCloud does not purchase User Personal Information from third-party data brokers.
We do not intentionally collect "Sensitive Personal Information", such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.
We do not intentionally collect User Personal Information that is stored in your repositories or other free-form content inputs. Any personal information within a user's repository is the responsibility of the repository owner.
We do not: - Profile user behavior for marketing purposes - Track and store your IP address or physical location - Use AI assistants to categorize or analyze users - Conduct targeted marketing based on your behavior or preferences - Sell, rent, or redistribute your personal information to any third parties - Share your personal information with advertisers or data brokers
We may use your information for the following purposes:
We use your Registration Information to create your account, and to provide you the Service.
We use your User Personal Information, specifically your username, to identify you on SplineCloud.
We use your Profile Information to fill out your Account profile and to share that profile with other users if you ask us to. This information helps support social features and enables you to claim authorship of your contributions.
We use your email address to communicate with you, if you've said that's okay, and to provide you with important service notifications.
We use User Personal Information to respond to support requests.
We may use User Personal Information to invite you to take part in surveys, tests, or other research projects, subject, where necessary, to your consent.
We use Usage Information and Device Information to better understand how our Users use SplineCloud and to improve our Website and Service.
We may use your User Personal Information if it is necessary for security purposes or to investigate possible fraud or attempts to harm SplineCloud or our Users.
We may use your User Personal Information to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.
We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.
We do not use your information for: - Behavioral profiling or user categorization - Targeted advertising or marketing based on your behavior - Automated decision-making that produces legal effects or similarly significantly affects you
To the extent that our processing of your User Personal Information is subject to certain international laws (including, but not limited to, the European Union's General Data Protection Regulation (GDPR)), SplineCloud is required to notify you about the legal basis on which we process User Personal Information. SplineCloud processes User Personal Information on the following legal bases:
Contract Performance: When you create a SplineCloud Account, you provide your Registration Information. We require this information for you to enter into the Terms of Service agreement with us, and we process that information on the basis of performing that contract. We also process your username and email address on other legal bases, as described below.
Consent: We rely on your consent to use your User Personal Information under the following circumstances: when you fill out the information in your user profile; when you decide to participate in a SplineCloud training, research project, test program, or survey; and for marketing purposes, where applicable. All of this User Personal Information is entirely optional, and you have the ability to access, modify, and delete it at any time. While you are not able to delete your email address entirely, you can make it private. You may withdraw your consent at any time.
Legitimate Interests: Generally, the remainder of the processing of User Personal Information we perform is necessary for the purposes of our legitimate interest, for example, for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability, and resilience of SplineCloud's systems, Website, and Service.
If you have questions about the legal basis upon which we collect and use your personal information, please contact us at support@splinecloud.com.
We may share your User Personal Information with third parties under one of the following circumstances:
We share your User Personal Information, if you consent, after letting you know what information will be shared, with whom, and why.
We share User Personal Information with a limited number of service providers who process it on our behalf to provide or improve our Service, and who have agreed to privacy restrictions similar to the ones in our Privacy Statement by signing data protection agreements or making similar commitments. Our service providers perform payment processing, customer support ticketing, network data transmission, security, and other similar services.
List of service provider categories: - Payment processors (for subscription and transaction processing) - Cloud infrastructure providers (for hosting and data storage) - Email service providers (for transactional and notification emails) - Customer support platforms (for support ticket management)
All service providers are contractually bound to protect your data and use it only for the purposes we specify.
SplineCloud strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. SplineCloud may disclose User Personal Information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.
We may share User Personal Information if we are involved in a merger, sale, or acquisition of corporate entities or business units. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our Website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we made in our Privacy Statement or Terms of Service.
We share certain aggregated, non-personally identifying information with others about how our users, collectively, use SplineCloud, or how our users respond to our other offerings, such as our conferences or events.
We do not sell, rent, or redistribute your User Personal Information for monetary or other consideration to any third party, including advertisers, data brokers, or marketing companies.
Currently we only allow public repositories. It means that anyone may view contents of your repositories. If you include User Personal Information, Sensitive Personal Information, or confidential information, such as email addresses or passwords, in your public repository, that information may be indexed by search engines or used by third parties.
You may select data licenses for your content, including Creative Commons licenses and other open data licenses. These licenses define how others may use, modify, and distribute your contributions. The license you select will be displayed with your content and applies to all data within the licensed repository.
SplineCloud is a platform for open data in first place. It means that your content is public-facing and third parties may access and use it in compliance with our Terms of Service and the data licenses you have selected, such as by viewing your profile or repositories or pulling data via our API. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing SplineCloud information in accordance with applicable data licenses. Other third parties, such as data brokers, may scrape SplineCloud and compile data as well.
Your User Personal Information associated with your content could be gathered by third parties in these compilations of SplineCloud data. Users' email addresses are private by default.
If you would like to compile SplineCloud data, you must comply with our Terms of Service regarding information usage and privacy described in our Acceptable Use Policies, respect all data licenses applied to content, and you may only use any public-facing User Personal Information you gather for the purpose for which our user authorized it. For example, where a SplineCloud user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for the purposes of sending unsolicited emails to users or selling User Personal Information, such as to recruiters, headhunters, and job boards, or for commercial advertising. We expect you to reasonably secure any User Personal Information you have gathered from SplineCloud, and to respond promptly to complaints, removal requests, and "do not contact" requests from SplineCloud or SplineCloud users.
Similarly, projects on SplineCloud may include publicly available User Personal Information collected as part of the collaborative process. If you have a complaint about any User Personal Information on SplineCloud, please contact us at support@splinecloud.com.
Always Public: - Your username - Your voluntary profile information (if you choose to provide it) - Your repository content and contributions (applied for public repositories only) - Your selected data licenses
Always Private: - Your email address (never displayed or made publicly accessible) - Your password and authentication tokens - Your platform usage statistics and activity logs
You can use additional applications from SplineCloud, such as our desktop clients. These applications each have their own terms and may collect different kinds of User Personal Information; however, all SplineCloud client applications are subject to this Privacy Statement, and we collect the amount of User Personal Information necessary, and use it only for the purpose for which you have given it to us.
SplineCloud complies with the EU General Data Protection Regulation (GDPR) for all users worldwide, regardless of location. Under GDPR, you have the following rights:
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information about how it is being used.
You have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
You have the right to obtain the erasure of personal data concerning you without undue delay under certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
You have the right to obtain restriction of processing under certain circumstances, such as when you contest the accuracy of your personal data or object to processing.
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit that data to another controller.
You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on legitimate interests. You also have an absolute right to object to processing of your personal data for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. SplineCloud does not engage in automated decision-making or profiling that produces legal effects.
To exercise any of these rights, please contact us at support@splinecloud.com with the subject line "GDPR Rights Request" or access your user profile settings. We will respond to your request within 30 days. You may also lodge a complaint with your local data protection authority (see Section 15 for contact information).
If you're already a SplineCloud user, you may access, update, alter, or delete your basic user profile information by editing your user profile or by contacting us at support@splinecloud.com.
You can control the information we collect about you by: - Limiting what information is in your profile - Choosing what license applies to your content - Adjusting your notification preferences - Requesting a copy of your data in a portable format - Requesting deletion of your account and associated data
SplineCloud retains different types of data for different periods:
Account and Profile Information: - We retain your registration information (username, email) and profile information for as long as your account is active. - If you delete your account, we will delete this information within 30 days, except where we must retain it to comply with legal obligations.
Usage Information: - Server logs and usage information are typically retained for 90 days for security and service improvement purposes. - Aggregated, anonymized analytics data may be retained indefinitely.
Repository Content: - Public repository content remains publicly accessible unless you delete it. - When you delete a repository, the content is removed from public access immediately. - Backup copies may be retained for up to 30 days for disaster recovery purposes.
Communication Records: - Support tickets and email communications are retained for 3 years for customer service quality and legal compliance purposes.
If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile or by contacting us at support@splinecloud.com with the subject line "Account Deletion Request."
Upon account deletion: 1. Your profile information will be deleted within 30 days 2. Your public repositories will be deleted or transferred according to your instructions 3. Your username may be released for others to use after 30 days 4. We may retain certain information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements
You have the right to request a copy of your data before deletion (data portability right under GDPR Article 20).
We may retain and use your information as necessary to: - Comply with our legal obligations - Resolve disputes - Enforce our agreements - Prevent fraud and abuse - Maintain security
In such cases, we will retain only the minimum necessary information for the shortest period required.
SplineCloud only uses strictly necessary cookies. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors.
We use cookies solely to provide, secure, and improve our service. For example, we use them to keep you logged in, remember your preferences, identify your device for security purposes, analyze your use of our service, compile statistical reports, and provide information for future development of SplineCloud. We use our own cookies for analytics purposes, but do not use any third-party analytics service providers.
We do not use cookies for: - Tracking users across different websites - Targeted advertising - Behavioral profiling - Sharing data with third-party advertisers
By using our service, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device's ability to accept these cookies, you will not be able to log in or use our service.
Strictly Necessary Cookies: These cookies are essential for the website to function and cannot be switched off. They are usually only set in response to actions made by you, such as logging in or setting privacy preferences.
You can manage your cookie preferences through your browser settings. For more information about cookies and how to control them, visit www.aboutcookies.org.
SplineCloud takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Technical measures: - Encryption of data in transit using TLS/SSL - Secure authentication mechanisms (password hashing, secure session management) - Access controls and principle of least privilege - Regular security updates and patch management - Network security measures (firewalls, intrusion detection)
Organizational measures: - Employee training on data protection and security - Confidentiality agreements with employees and contractors - Access restrictions based on role and need-to-know basis - Incident response procedures - Regular backup procedures - Business continuity and disaster recovery plans
In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected Users without undue delay and, where feasible, within 72 hours of becoming aware of the breach. We will also notify relevant supervisory authorities as required by law.
Notification will include: - The nature of the personal data breach - The likely consequences of the breach - Measures taken or proposed to address the breach - Contact point for more information
We require all third-party service providers to implement appropriate security measures and only process your personal data on our instructions and in compliance with this Privacy Statement and applicable law.
SplineCloud servers are located in Germany (Frankfurt), we process and store information in Germany and other countries. When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to other countries, we ensure appropriate safeguards are in place.
For transfers of personal data to countries that have not been deemed to provide an adequate level of protection by the European Commission, we rely on:
Regardless of where your data is processed, we apply the same strong privacy protections described in this Privacy Statement. We comply with GDPR requirements for all users globally, ensuring that: - Your data is protected with appropriate technical and organizational measures - You can exercise all your rights under GDPR - We limit data transfers to what is necessary - We maintain records of data processing activities
If you have questions about international data transfers, please contact us at support@splinecloud.com.
We use your email address to communicate with you. We use your email to inform you about critical updates that change behavior of the Service, change repository access preferences, introduce new features, important policy changes, etc. SplineCloud may also occasionally send notification emails about changes in a repository you're watching, requests for feedback, or to offer customer support.
We may also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There's an "unsubscribe" link located at the bottom of each of the marketing emails we send you. Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails.
If you have concerns about the way SplineCloud is handling your User Personal Information, please let us know immediately. We want to help. You may email us directly at support@splinecloud.com with the subject line "Privacy Concerns." We will respond promptly – within 45 days at the latest.
In the unlikely event that a dispute arises between you and SplineCloud regarding our handling of your User Personal Information, we will do our best to resolve it.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority.
EU Data Protection Authorities: Contact information for EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en
We would appreciate the opportunity to address your concerns before you contact a supervisory authority, so please contact us first at support@splinecloud.com.
SplineCloud may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your SplineCloud account.
For changes that we determine are material, we will also provide a summary of key changes.
We encourage you to review this Privacy Statement periodically. Your continued use of the Service after any changes to this Privacy Statement constitutes your acceptance of such changes.
If you have questions or concerns about this Privacy Statement or our data practices, please contact us:
Email: support@splinecloud.com
Subject line for privacy matters: "Privacy Inquiry"
Subject line for GDPR rights requests: "GDPR Rights Request"
Subject line for account deletion: "Account Deletion Request"
This Privacy Statement is a modified version of the GitHub's Privacy Statement and is licensed under the Creative Commons Zero license.
