CloudBees Privacy Policy

Last published on 8 April 2025

CloudBees (“CloudBees”, “we”, “us”, “our”) is a for-profit company that enables enterprises to deliver scalable, compliant, and secure software—empowering developers to do their best work.

This privacy policy describes how we handle your “Personal Data”, which is information that is directly linked, can be linked to you, or identifies you. 

CloudBees is a Controller of Personal Data for the purposes of direct marketing, selling, delivering, and supporting and improving our solutions. 

CloudBees currently offers self-managed and Software-as-a-Service (“SaaS”) solutions. Depending on your particular solution including its configuration, CloudBees may act as a data processor on behalf of its Customers and users when providing its services.

The specific information that we collect and how we use it reflects the nature of your relationship with us, and may depend on the services you use and their configuration. 

We collect Personal Data you provide to us, for example:

• Basic Contact Information: We capture and retain the basic identities (e.g. name, email address, employer) of individuals who interact with us for business purposes.

• Sales and Marketing Data: We may ask for your contact details through marketing and product registration forms to promote and deliver our solutions. This includes creating contact records in our customer relationship management (CRM) and product systems; capturing product interests; and sending marketing emails or contacting you via phone for sales or support purposes. We also track the history of marketing communications to provide relevant information.

• Call Recordings: With your prior consent, we may record video calls and meeting minutes to improve our services and engagement. No recording will occur without explicit consent.

• Customer Support: We collect names, email addresses, support ticket information, usage data, support bundles, and chat logs to manage and track customer queries. This may include email, chat, and phone interactions to understand your needs and improve our support.

• Billing and Contractual Records: We maintain records such as order forms, licenses, billing information, service requests, and service cases. Note: Credit card information is not processed and stored by CloudBees and handled by a third party.

• Employment Application Data: When you apply for a job, we may collect data like your resume, work history, education, salary expectations, and information from background checks, to support recruitment and staffing decisions.

We collect Personal Data automatically, for example:

• Essential Cookies and Similar Tracking Technologies: Browser cookies are used to recognize repeat visitors, provide access to services, and customize user interactions.

• Website Usage Data: We capture your browsing history on our web properties to understand your interest in our solutions.

• Service Usage Information: Helps us understand how our products are used, assess performance and value, and identify opportunities for improvement (e.g. user information and licensing). 

We obtain Personal Data from third parties, for example:

• Publicly Available Sources: We may gather your business identity and profile (e.g., via LinkedIn) for marketing activities, even if not provided to us directly.

• Vendors, Partners, and Affiliates: We may receive information about you from third parties, like vendors, resellers, partners, or affiliates for the purposes outlined in this statement. For example, when you apply for a job, or we receive an employment referral, participate in an open-source project, or sales leads.

We use appropriate Personal Data in order to market, sell, deliver, and support our solutions. 

If you interact with us as a representative of an organization, our obligations to the organization (such as a contract to deliver a solution) may override your individual preferences. For example, our contract with your organization may require that we retain full records of all conversations between us and the organization’s employees, even if those conversations may contain information of personal nature. 

We may use Personal Data, with your consent, for specific purposes as outlined in this privacy policy. Where consent is relied upon as a lawful basis for processing, explicit consent will be obtained prior to the processing of your Personal Data. You may withdraw your consent for the specific purpose or object to the processing of your Personal Data at any time.

We follow applicable laws that may require us to collect and retain Personal Data.

CloudBees is not in the business of monetizing Personal Data. We do not sell Personal Data we collect to third parties. We only share Personal Data if there is a legitimate need to know, enabling us to deliver our products and services and ensure appropriate trust. Privacy and security controls are in place to protect Personal Data, such as encryption and access management. 

The parties and scenarios in which we may share Personal Data with third parties include the following:

• Limited reputable partners involved in the direct selling of our solutions, solely for the purpose of facilitating these sales. 

• Vendors, which are used under our strict control and direction and subject to contractual obligations to protect your data, such as Cloud Service Providers, Customer Relationship Management (“CRM”) software, background check services, insurance providers or financial software.

• Regulatory bodies, legal firms, and advisors, or law enforcement agencies.

We use standard industry practices to maintain the confidentiality and security of the information we collect. Personal Data is retained only as necessary to fulfill the purposes described in this policy, consistent with our CloudBees Data Processing Agreement, Subscription and Service Agreement and Data Retention Standard. 

Applicable laws may provide you with certain rights with respect to your Personal Data. The scope, content, and limits of those rights may be impacted by certain legal provisions applicable to you and/or CloudBees. In general we recognize the following rights:

• Right to be informed and access: You can request us to tell you if we have a record for you, for any of your identities (e.g. email addresses), and what information we have for you. You can request us to tell you why we have a record for you and how we obtained it. You also have the right to access and receive a copy of your Personal Data, and other supplementary information.

• Right to object: You can express your objections to any part of how we handle your information and obtain an answer from us. You can request that we do not contact you for the purpose of selling our solutions. All our general written communication includes an option to unsubscribe.

• Right to rectification: You can request us to correct your information (such as your name, phone number, and address).  

• Right to erasure: You can request us to delete your information in our records that is not necessary for us to provide a service to you (such as your personal phone number) or to adhere to applicable laws.

• Right to data portability: You can request us to provide an export of the information we have for you, if it is technically feasible for us and if this information is essential for you. 

• Right to restrict processing: You can request the restriction or suppression of your Personal Data. You may control tracking technologies through your browser and our cookie management tools. By default, cookie tracking is not enabled on CloudBees website.

• Right to file a complaint: You have the right to lodge a complaint with a data protection authority. If you are in the European Union, you can identify the specific authority where to file a complaint at European Data Protection Board Members List. If you’re based in the UK, under the UK GDPR you have the right to lodge a complaint with the Information Commissioners Office (ICO).

Where (i) Customer transfers Personal Data within the European Economic Area, the United Kingdom, or Switzerland to CloudBees (where such transfer includes Personal Data subject to the GDPR), and (ii) CloudBees will be Processing such Personal Data in a country that (a) is not subject to an adequacy decision of the EU Commission (or in case such adequacy decision is invalidated) and (b) does not provide an adequate level of protection within the meaning of applicable Privacy Laws and Regulations, the Parties shall be subject to the applicable Standard Contractual Clauses. 

Please refer to CloudBees Data Processing Agreement for further information.

CloudBees solutions are not directed to individuals under 16 years of age.

CloudBees does not intentionally collect sensitive Personal Data, such as genetic data, health information, or religious information. 

CloudBees aims to minimize the information processed and to have an objective reason for the processing.

Although CloudBees does not request or intentionally collect any sensitive Personal Data or Personal Data from individuals under 16 years of age, we realize that users might store this kind of information in our products.

If you become aware of any of the data above being captured, please notify us immediately using the contact us information below and we can take reasonable steps to remove it.

Under the California Consumer Privacy Act of 2018 (CCPA), effective January 1, 2020, and the California Privacy Rights Act (“CPRA”), effective January 1, 2023, which amended CCPA, California residents also have the following rights: 

• Right to Know of Automated Decision Making: If automated decision-making technologies are in use you have the right to know how the technology works and the possible outcome.  Please note that CloudBees does not use related technologies in regards to Personal Data. 

• Right to Opt-In for Minors: Minors, parents or guardians have the right to manage the collection and use of Personal Data. Explicit consent via an opt-in versus an implied consent with an opt-out option is required. Please note CloudBees does not knowingly collect the Personal Data of minors. 

• Right to Limit the Use and Disclosure of Sensitive Personal Information (“SPI”): You have the right to limit the use of your Sensitive Personal Data for specific purposes. 

• Right to Authorized Agents: In certain circumstances, California residents are permitted to use an authorized agent on their behalf. The Data Subject must assign an Authorized Agent via a written signed letter and must be able to verify their identity. 

If you are a CloudBees customer (paid, free, or trial), please reach out via CloudBees Customer Support.

If you are not a current customer of CloudBees, but have concerns about privacy in relation to CloudBees, you can contact us at privacy@cloudbees.com. 

We will respond either with the information and actions that you have requested, or with an explanation of why we cannot perform it as requested, or with questions to you to confirm or clarify your request. 

If changes are made to our privacy policy, we will update the date at the top of this page. A notice will be posted on our trust page if any significant changes are made, and notification via email may also be provided.

Return to top of the page