Privacy Policy

How we collect, use, and protect your personal data

Effective: June 4, 2026

1. Introduction

This Privacy Policy explains how Tyga.Cloud Ltd (Company No. 14643275), trading as Cacheroo, ("we", "us", "our") collects, uses, stores, and discloses personal data when you use the Cacheroo website at cacheroo.com and the Cacheroo agent-first cache platform, including our API, dashboard, documentation, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

Our registered office is: Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ.

2. Applicability — Controller vs. Processor

When we are the Controller: We act as the data controller for personal data we collect directly from you, such as your account information, billing details, API key metadata, and usage data. We determine the purposes and means of processing this data to provide and improve the Service.

When we are the Processor: When you store data in your cache clusters, we act as a data processor on your behalf. You (or your organisation) are the data controller for any personal data stored in cache clusters. We process this cache data solely to provide the Service in accordance with your instructions and our Terms of Service. We do not access, inspect, or analyse the content of your cached data except as required for technical operations (e.g., failover, replication) or as required by law.

If you are using Cacheroo on behalf of an organisation, that organisation is the controller of any personal data processed through the cache clusters, and you should refer to your organisation's privacy policy for how that data is handled.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Organisation name (if provided)
  • Account credentials (passwords are hashed and salted; we never store plaintext passwords)

3.2 Billing Information

When you subscribe to a paid plan or pass the $1 verification gate, we collect payment information via our payment processor, Stripe. We do not store full credit card numbers on our servers. Stripe processes and stores your payment details in accordance with PCI-DSS standards. We receive and store:

  • Stripe customer ID
  • Last four digits of your card
  • Card brand and expiration date
  • Billing address
  • Subscription status and plan details

3.3 Cache Cluster Data

You and your agents store data in cache clusters provisioned through the Service. We host this data on our infrastructure but treat it as your data. We do not access the content of your cached data for any purpose other than providing the Service (including replication, failover, and backups). Cache data is stored in-memory on dedicated cluster nodes with tenant isolation.

3.4 API Keys

We generate and store API keys that authenticate your access to the Service. We store:

  • API key identifiers and hashed key values
  • Key creation timestamps and last-used timestamps
  • Key permissions and scopes
  • Associated account and organisation metadata

3.5 Usage Data

We automatically collect usage data when you interact with the Service, including:

  • API request logs (endpoint, method, timestamp, response status, latency)
  • Cluster provisioning and scaling events
  • Cluster metrics (memory usage, operations per second, connection counts, hit rates)
  • IP addresses used to access the API and dashboard
  • Browser type and version (for dashboard access)
  • Dashboard interaction events (page views, feature usage)

4. How We Use Information

We use the information we collect for the following purposes:

  • Providing the Service: To create and manage your account, provision and operate cache clusters, authenticate API requests, process payments, and deliver metrics and monitoring.
  • Billing and Payments: To process subscription payments, generate invoices, enforce plan limits, and manage the $1 card verification process.
  • Security: To detect and prevent fraud, abuse, and unauthorised access. To enforce rate limits, monitor for anomalous activity, and protect the integrity of the platform.
  • Operational Communication: To send transactional emails (account verification, password resets, billing receipts, cluster alerts) via our email processor, tygaemail.com.
  • Improving the Service: To analyse aggregate usage patterns, diagnose technical issues, optimise performance, and develop new features.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service.

We do not sell your personal data. We do not use your personal data for behavioural advertising. We do not use the content of your cache cluster data for any purpose beyond providing the Service.

5. Information Sharing

We share personal data only in the following circumstances:

  • Stripe: We share billing information with Stripe, our payment processor, to process payments and manage subscriptions. Stripe's privacy policy is available at stripe.com/privacy.
  • tygaemail.com: We share email addresses with our transactional email service to deliver account and service notifications.
  • Buggazi: If you submit a bug report or support request, relevant technical details may be processed through our bug tracking platform, Buggazi.
  • Hetzner: Our infrastructure is hosted on Hetzner servers (US East region, with EU availability). Hetzner provides the physical and network infrastructure but does not have access to application-level data.
  • Legal Requirements: We may disclose personal data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Tyga.Cloud Ltd, our users, or others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will notify affected users of any such change.

We do not share personal data with third parties for their marketing purposes.

6. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at dpo@tyga.cloud.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Restriction: Request that we restrict processing of your personal data in certain circumstances.
  • Portability: Request your personal data in a structured, commonly used, machine-readable format.
  • Objection: Object to processing of your personal data for certain purposes.
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at dpo@tyga.cloud. We will respond within 30 days (or the applicable statutory period). We may ask you to verify your identity before processing your request.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit (TLS) for all API and dashboard connections
  • Encryption at rest for persistent storage
  • Tenant isolation — each cache cluster runs in an isolated environment with separate credentials
  • API key authentication with hashed storage
  • Rate limiting and anomaly detection
  • Regular security reviews and updates
  • Access controls limiting employee access to personal data on a need-to-know basis

No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your API keys and account credentials.

9. International Transfers

Our primary infrastructure is hosted on Hetzner servers in the US East region. EU hosting is available for customers who require it. If you are located outside the United States, your data may be transferred to and processed in the United States.

Where we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data is protected.

Tyga.Cloud Ltd is incorporated in England and Wales. Our processing activities are subject to UK data protection law, including the UK GDPR and the Data Protection Act 2018.

10. EU/UK GDPR Rights

If you are located in the European Economic Area or the United Kingdom, the following additional provisions apply:

Legal Bases for Processing: We process your personal data on the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service you have requested, including account creation, cluster provisioning, API authentication, and billing.
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including platform security, fraud prevention, service improvement, and aggregate analytics. We balance these interests against your rights and freedoms.
  • Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as tax and accounting requirements.
  • Consent (Article 6(1)(a)): Where we rely on consent, you may withdraw it at any time.

Data Retention: We retain personal data for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain data for up to 90 days for backup and recovery purposes, and longer where required by law (e.g., billing records for tax compliance). API request logs are retained for the period specified by your plan (up to 1 year for Pro and Enterprise plans).

Data Protection Officer: You may contact our Data Protection Officer at dpo@tyga.cloud.

Supervisory Authority: You have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

11. CCPA Disclosures

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

Categories of Personal Information Collected:

  • Identifiers: Email address, name, IP address, API key identifiers.
  • Commercial Information: Subscription plan, billing history, payment method details (last four digits only).
  • Internet/Network Activity: API request logs, dashboard usage data, browser information.
  • Professional Information: Organisation name (if provided).

Sale of Personal Information: We do not sell personal information as defined by the CCPA. We have not sold personal information in the preceding 12 months.

Your CCPA Rights:

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to exceptions permitted by law.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at dpo@tyga.cloud. We will verify your identity before processing your request.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page with a revised effective date. For material changes that significantly affect your rights, we will also notify you via the email address associated with your account.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Data Protection Officer: dpo@tyga.cloud
  • General Support: support@cacheroo.com
  • Post: Tyga.Cloud Ltd, Ground Floor, Unit 2 Mallard Court, Mallard Way, Crewe Business Park, Crewe, Cheshire, England, CW1 6ZQ
  • Company No: 14643275