Legal

Privacy Policy

Last updated: 31 May 2026

This Privacy Policy explains how Tech Himalaya, operator of Himalaya Cloud (“we”, “us”), collects, uses, and protects your personal data when you use our website and services. We are the data controller for the information described below. Contact us at privacy@himalaya.cloud.

1. Information we collect

  • Account & contact data — name, email, phone, and billing address you provide at sign-up or order.
  • Order & billing records — services purchased, invoices, and payment status.
  • Payment metadata — transaction references and status from our payment gateways. We do not store full card numbers; payments are processed on the gateway’s secure pages.
  • Domain registrant details — the contact information required by the registry to register or transfer a domain.
  • Support data — tickets, emails, and chat you send us.
  • Technical data — IP address, browser, and server logs collected automatically for security and diagnostics.
  • Cookies — essential cookies for login sessions, cart, and your currency preference (see §6).

2. How and why we use it

We process your data to: create and manage your account; provide, provision, and support the services; register and renew domains; issue invoices and take payment; send service notices and renewal reminders; prevent fraud and abuse; and comply with legal, tax, and accounting obligations. We do this on the legal bases of performing our contract with you, our legitimate interests in running and securing the service, and compliance with law.

3. Marketing

We send transactional and service emails as part of providing the service. We will only send promotional email if you have opted in, and you can unsubscribe at any time.

4. Sharing & sub-processors

We share data only with the providers needed to deliver the service, and only as required for that purpose:

  • Payment gateways — eSewa, Khalti, and Stripe, to process payments.
  • Domain registrar — ConnectReseller and the relevant registry, to register and manage domains.
  • Infrastructure & email providers — our data-centre/upstream partner and our email-sending provider.

We do not sell your personal data. We may disclose data where required by law or to protect our rights, users, or platform.

5. International transfers

Some providers (e.g. payment and email services) may process data outside Nepal. Where this happens, we take reasonable steps to ensure your data remains protected to a comparable standard.

6. Cookies

We use strictly necessary cookies to keep you logged in, hold your cart, remember your currency, and protect forms (CSRF). These are required for the site to function. We do not use advertising trackers.

7. Retention

We keep billing and tax records for as long as required by Nepali law, and account data for as long as your account is active plus a reasonable period afterwards. Server logs are retained for a limited period for security and troubleshooting, then deleted or anonymised.

8. Your rights

You may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing, subject to records we are legally required to keep. To exercise these rights, email privacy@himalaya.cloud. We will respond within a reasonable time.

9. Security

We protect your data with TLS encryption in transit, hosted payment pages, access controls, least-privilege administration, and audit logging. No system is perfectly secure, but we work continuously to safeguard your information and will notify you of a breach affecting your data where required by law.

10. Children

Our services are not directed at children under 18, and we do not knowingly collect their personal data.

11. Changes

We may update this Policy from time to time. Material changes will be posted here with a new “last updated” date and, where appropriate, communicated by email.

12. Contact

Questions or requests? Email privacy@himalaya.cloud or open a ticket from your client area.