Legal

Privacy Policy

How The Cloud Analyst handles information about visitors, what is collected, what is not, and what choices you have.

Last updated: 28 May 2026

The Cloud Analyst (cloudanalyst.net) is operated by Higashi Interactive Analytics, an independent research and publishing company founded by Steven Higashi. This policy explains what information is collected when you visit the site, how that information is used, and how you can contact the operator with questions or requests.

Information collected automatically

When you visit any page on cloudanalyst.net, a first-party analytics script (tracker.js) records information about the visit so the site can understand which articles are read and how readers move through the site. The script is hosted on the same domain as the site itself, and the data it sends does not leave the site's own servers. No third-party advertising network, social pixel, or external analytics provider receives this data.

What the analytics script records

  • The URL of the page you visited
  • The URL of the page you arrived from, where available
  • Your approximate location at the country and region level, derived from the IP address
  • The type of device, browser, and operating system
  • Anonymous interaction signals such as scroll depth, time on page, and clicks within the page
  • A randomly generated session identifier that does not contain your name, email, or any personal information

The site does not record your full IP address in long-term storage, does not attempt to identify individual readers, and does not build advertising profiles. Aggregate statistics may be reviewed to understand which topics are most useful to readers.

Information you provide directly

Some areas of the site let you submit information voluntarily, and in every case the only information stored is what you choose to send.

  • Contact form: Your name, email address, and the message you send are received by the editor and used only to reply to your inquiry.
  • Vendor claim form: Companies that wish to claim or update their directory listing submit business contact details that are used to verify the listing and respond to the request.

Information collected from paying customers

Several services on the site are paid, including enhanced and featured vendor directory profiles, sponsored research and showcase placements, and custom partner work. When you purchase any of these services, additional information is collected and stored so that the transaction can be completed and the service delivered.

  • Billing identity: Legal or trading name of the company, billing contact name, billing email, billing address, and applicable tax identifier where required for invoicing
  • Payment information: Card or bank details are processed by the third-party payment processor used at checkout (Stripe or a comparable PCI-compliant processor), and the full payment instrument is never stored on cloudanalyst.net servers. The site stores only a payment reference, the last four digits of the card, the brand of the card, and the expiry date
  • Invoice and receipt history: A record of every transaction, including the date, amount, currency, line items, and renewal status of any subscription
  • Profile content you submit: Logos, descriptions, product copy, links, contact details, and any other material you provide for the listing or showcase you have paid for

How the data is used

The two main categories of data on the site, web traffic data and paying-customer data, are used for different and clearly defined purposes. Neither set of data is sold, rented, or licensed to third parties, and neither is used to deliver third-party advertising.

How web traffic data is used

  • Editorial decisions: Aggregate readership signals, including which articles get read, how far down the page readers scroll, which links they click, and which referring sources send the most engaged readers, inform decisions about what to write next, which topics deserve deeper analysis, and which formats work
  • Site performance and reliability: Error signals and timing data help identify pages that load slowly, scripts that break, and pages that need to be rebuilt
  • Audience reporting to sponsors and advertisers in aggregate form only: Where the site sells sponsored research, partner placements, or vendor packages, the operator may share aggregated and anonymized readership figures (for example, total monthly readers of a topic, country mix at the country level, or industry mix derived from referrer patterns). Individual visitors are never identified to sponsors, and no sponsor receives raw analytics records
  • Abuse prevention: Suspicious traffic patterns are reviewed to detect scraping, credential stuffing, denial-of-service attempts, and AI-training crawlers that ignore robots.txt directives. Where necessary, IP addresses or user agents associated with such activity are blocked

How paying-customer data is used

  • Delivering the service you paid for: Building and maintaining your enhanced directory profile, publishing your sponsored content, processing renewals, and providing customer support
  • Billing and accounting: Issuing invoices and receipts, processing refunds where applicable, complying with tax reporting obligations, and retaining records required for audit purposes
  • Service-related communication: Sending transactional messages about your account, including receipts, renewal reminders, security alerts, scheduled maintenance, material changes to the service, and responses to support requests. These messages are operational and are not marketing
  • Product improvement: Reviewing aggregated usage patterns across paying customers to understand which features get used and which need improvement. Individual customer accounts are not held up as case studies, and identifying details are never published without separate written permission
  • Limited promotional outreach to existing customers: Occasional emails about new services, package changes, or research that is directly relevant to a customer's existing relationship with the site. Every such message includes a clear opt-out, and customers who opt out continue to receive only transactional service messages
  • Fraud and abuse prevention: Cross-referencing payment, account, and usage signals to detect chargebacks, account sharing in violation of the terms of service, and abuse of free trial or credit limits

Cookies and local storage

The site uses cookies and browser local storage only for purposes that are necessary for the site to function. These include remembering display preferences such as the motion toggle, holding a session identifier for vendors and partners signed in to manage their directory listing, and storing the anonymous session identifier used by the first-party analytics script. There are no advertising cookies, no cross-site tracking cookies, and no social-media tracking cookies on the site.

Email and newsletters

The Cloud Analyst does not maintain an in-house email mailing list. Readers who wish to receive new analysis by email can subscribe to the related Substack newsletter at routingtable.substack.com, which is operated under Substack's own privacy practices. Subscribing or unsubscribing on Substack has no effect on your activity on cloudanalyst.net.

Sharing

The Cloud Analyst does not sell, rent, trade, or share personal information with third parties for their own marketing purposes, and there are no programmatic advertising partners on the site. Limited information may be processed by infrastructure providers that host the site, deliver email replies, or process payments for paid services. Those providers are bound by their own confidentiality and data-protection obligations, and they process information only as needed to provide the underlying service.

Data retention

Analytics data is retained in aggregated form for as long as it is useful to understand reader interest, typically up to twenty-four months for fine-grained records and longer for aggregate summaries. Contact form messages and vendor claim submissions are retained for as long as needed to respond and for a reasonable period afterward in case the conversation resumes. Paid customer records, including invoices and the directory or sponsored content delivered, are retained for the life of the commercial relationship and for the period required by tax and accounting law afterward, and they are deleted on request once those retention obligations have lapsed.

Your rights under GDPR and other privacy laws

The Cloud Analyst is operated from France and processes personal data in accordance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679), the French Data Protection Act (Loi Informatique et Libertés), and equivalent privacy laws that may apply to readers and customers outside the European Economic Area, such as the United Kingdom Data Protection Act, the California Consumer Privacy Act, and similar statutes elsewhere.

For the purposes of the GDPR, the data controller is Higashi Interactive Analytics, founded and run by Steven Higashi, and the controller can be reached at the contact address below. Where the site relies on a legal basis other than your consent (for example, legitimate interest for editorial analytics and abuse prevention, contractual necessity for the delivery of paid services, or legal obligation for invoice retention), that basis is identified in the relevant section above.

Whatever your jurisdiction, you have a recognizable set of rights with respect to the personal data the site holds about you, which include the following.

  • The right to know what information is held about you and the right to request a copy in a portable, machine-readable form
  • The right to ask that inaccurate information be corrected or updated
  • The right to ask that information be deleted, subject to legal retention obligations such as those that apply to invoices and tax records
  • The right to restrict or object to specific processing, including any processing based on the operator's legitimate interest
  • The right to withdraw consent at any time where consent was the legal basis for processing, without affecting the lawfulness of processing carried out before withdrawal
  • The right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (no such decisions are made by the site at this time)
  • The right to lodge a complaint with a supervisory authority. In France, that authority is the Commission nationale de l'informatique et des libertés (CNIL), reachable at cnil.fr. Readers elsewhere in the European Economic Area can contact the supervisory authority in their own country. Readers in the United Kingdom can contact the Information Commissioner's Office

To exercise any of these rights, send an email to the address below and identify the request as clearly as possible so the operator can respond within the timeframes required by applicable law, which is one month under the GDPR unless an extension is justified by the complexity of the request.

International transfers

Some of the infrastructure used to operate the site, including hosting, email delivery, and payment processing, is provided by companies whose servers are located outside France or outside the European Economic Area. Where personal data is transferred to a country that has not been recognized by the European Commission as offering an adequate level of protection, the operator relies on Standard Contractual Clauses or another transfer mechanism permitted under Chapter V of the GDPR to ensure the data continues to receive equivalent protection. A list of the relevant providers and the safeguards in place can be requested at the contact address below.

Children

The Cloud Analyst is a publication for technology professionals and is not directed at children under the age of sixteen. Children are not knowingly identified, profiled, or contacted through the site, and any account or submission found to belong to a minor will be removed on discovery.

Security

The site is served over HTTPS, sensitive data such as paid-customer account credentials is stored with hashed credentials and restricted access, and administrative tooling is reachable only by the operator. No internet-connected service can guarantee perfect security, however the operator takes reasonable steps to protect information and to respond promptly to any incident that could affect readers or customers.

Changes to this policy

This policy may be updated from time to time as the site changes or as the law evolves. The date at the top of the page shows when the policy was last revised, and material changes will be announced on the site before they take effect.

Contact

Questions, requests, or concerns about privacy can be sent to steve@higashi.edu, or through the contact form. The operator of the site is Higashi Interactive Analytics, founded and run by Steven Higashi.