Privacy Policy

1. Controller and contact details

NWave Cloud is operated by Next Wave Technologies for software development, IT services and trade, established in Croatia, European Union. For personal data that we collect for our own business purposes, we act as the data controller.

Contact: support@nwavecloud.com. Provider details are listed at the end of this policy.

2. Scope

This policy applies to nwavecloud.com, the NWave Cloud console, support communications, billing interactions and managed Oracle APEX hosting services.

For personal data contained inside customer Oracle APEX applications, customer databases, uploaded files and application logs, the customer is usually the data controller and NWave Cloud acts as a processor or infrastructure provider, unless a written agreement says otherwise.

3. Personal data we may collect

Depending on how you use the services, we may process:

• Account details such as name, company, email address, phone number, login identifiers and role.
• Billing details such as billing address, tax/VAT information, invoices, payment status and subscription records.
• Support and communication data such as emails, tickets, migration notes and troubleshooting information.
• Technical data such as IP address, browser details, access timestamps, security events, server logs and diagnostic data.
• Hosting data such as environment identifiers, domain names, configuration details, database connection information and operational metadata.
• Customer Content that you provide for hosting, migration, backup, troubleshooting or support.

4. How we use personal data

We use personal data to:

• Provide, secure, maintain and improve managed Oracle APEX hosting services.
• Create and administer accounts, subscriptions, invoices and support requests.
• Configure hosting environments, domains, TLS, ORDS, databases, monitoring and backups.
• Detect, prevent and respond to fraud, abuse, security incidents and technical problems.
• Communicate service notices, operational updates and support responses.
• Comply with legal, tax, accounting and regulatory obligations.
• Send marketing or product updates where permitted by law or with consent, with an option to unsubscribe.

5. Legal bases under GDPR

Where the GDPR applies, we process personal data on one or more of these legal bases: performance of a contract, steps requested before entering a contract, legitimate interests in operating and securing the service, compliance with legal obligations, consent where required, and protection of legal claims.

6. Cookies and similar technologies

The public NWave Cloud marketing website is designed as a static site and does not currently use analytics or advertising cookies. The console may use essential cookies or similar storage for login sessions, account security, fraud prevention and user preferences.

More detail is available in our Cookie Policy.

7. Service providers and subprocessors

We may use trusted providers to operate the service, including cloud infrastructure providers, payment processors, email and support tools, DNS/domain providers, monitoring tools, backup systems and AI integration providers when enabled by a customer.

Providers may process personal data only as needed to deliver their service to us, under appropriate confidentiality, security and data protection commitments.

8. Payments

We do not intentionally store full payment card details on the public website. Payment information is processed through payment providers or banking/payment systems used by the NWave Cloud console or invoicing process. Those providers may process payment data under their own privacy and security terms.

9. International transfers

Personal data may be processed in the European Union and, where necessary, in other countries by service providers or infrastructure partners. Where GDPR transfer rules apply, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, processor commitments or other lawful transfer mechanisms.

10. Retention

We keep personal data only for as long as needed for the purposes described in this policy, including service delivery, security, backups, accounting, tax, dispute resolution and legal compliance. Retention periods vary by data type and plan. Backup copies may persist for a limited period before being overwritten or deleted.

11. Security

We use technical and organizational measures intended to protect personal data, including access controls, TLS, operational monitoring, backup processes and restricted administrative access. No internet or hosting service can be guaranteed to be completely secure.

12. Your GDPR rights

Where GDPR applies, you may have the right to request access, rectification, erasure, restriction, portability, objection to processing, withdrawal of consent and information about automated decision-making. These rights may be subject to legal limits, identity verification and the rights of others.

Requests can be sent to support@nwavecloud.com. You also have the right to lodge a complaint with a competent data protection authority. In Croatia, the supervisory authority is the Croatian Personal Data Protection Agency.

13. Customer responsibility for hosted applications

Customers are responsible for the personal data they collect through their Oracle APEX applications, including privacy notices, lawful bases, consent flows, data subject requests and application-level security. NWave Cloud may assist with hosting, operational support and technical recovery, but customers remain responsible for their own application content and end-user data unless a written agreement provides otherwise.

14. Children

NWave Cloud services are intended for business and developer use and are not directed to children under 18. We do not knowingly collect personal data from children through the public website or console.

15. Changes to this policy

We may update this Privacy Policy from time to time. Changes are effective when posted on this page. Material changes may also be communicated through the console or by email where appropriate.