MyCETO by Ceto Cloud
Entrar Começar grátis

Rascunho legal

Política de privacidade

Esta página é um placeholder e tem de ser revista por advogados antes do lançamento público.

Operated by Ceto Cloud Limited Last updated: June 2026

This Privacy Policy explains how Ceto Cloud Limited collects, uses, and protects your personal data when you use the MyCeto platform. It should be read alongside our Terms & Conditions. If you have any questions, contact us at support@cetocloud.com.

1. Who we are

MyCeto is operated by Ceto Cloud Limited, a company registered in England & Wales (company number [COMPANY NUMBER]), with its registered office at 1247 Christchurch Road, Bournemouth, BH7 6BP, UK. We are the data controller for the personal data processed through the service.

References to “we”, “us”, or “our” mean Ceto Cloud Limited. References to “you” or “your” mean the user of the service.

2. What data we collect

We collect and process the following categories of personal data:

  • Account data — your email address and password, managed through our identity provider (AWS Cognito). Additional account details — your preferred language, measurement and salinity display preferences, and account role — are managed within the MyCeto Portal.
  • Aquarium and Digital Twin data — the systems, containers, equipment, inventory, connections, livestock, consumables, and dosing plans you create within the platform.
  • Water test data — water chemistry readings you enter manually, and laboratory ICP test reports you upload (including the original PDF) together with the results extracted from them.
  • Telemetry data — sensor readings (such as pH, temperature, ORP, and salinity) retrieved from connected third-party controllers and devices, stored against your account.
  • Third-party integration credentials — credentials you provide to connect telemetry providers, stored in encrypted form (see section 8).
  • AI interaction data — the questions you ask MyCeto AI, the context assembled from your Digital Twin, and the responses generated, retained to operate the feature, enforce usage limits, and improve quality.
  • Billing data — subscription status, plan, and transaction records. Card details are handled by our payment processor and are not stored by us.
  • Usage and technical data — log data, feature interactions, IP address, browser and device information, collected automatically to operate, secure, and improve the service.

3. How we use your data

We use your personal data to:

  • provide, operate, and maintain the MyCeto platform and its features;
  • authenticate you and keep your account secure;
  • build and display your Digital Twin and associated snapshots;
  • extract results from ICP test reports you upload (see section 5) and present them to you;
  • retrieve telemetry data from connected providers on your behalf via automated background processes;
  • generate MyCeto AI responses tailored to your aquarium, and apply usage limits and fair-use controls;
  • process payments, manage subscriptions, and meet our tax and accounting obligations;
  • send service and transactional communications (such as email verification, password resets, billing notices, and important service updates) — we do not send marketing emails without your consent;
  • diagnose problems, prevent abuse, and improve the platform; and
  • comply with our legal obligations.

4. Lawful bases (UK GDPR / EU GDPR)

We rely on the following lawful bases for processing:

  • Performance of a contract (Art. 6(1)(b)) — processing necessary to deliver the service you have signed up for, including account management, the Digital Twin, MyCeto AI, and telemetry features.
  • Legitimate interests (Art. 6(1)(f)) — securing the service, preventing abuse and excessive resource usage, diagnosing errors, and improving the platform, balanced against your rights.
  • Legal obligation (Art. 6(1)(c)) — retaining billing and tax records and responding to lawful requests.
  • Consent (Art. 6(1)(a)) — where we ask for it, such as for any optional communications; you may withdraw consent at any time.

5. Automated processing and AI

When you upload an ICP test report, the file is stored securely and processed through an automated extraction pipeline to read the results, after which the extracted values are stored against your account. MyCeto AI uses AI inference together with retrieval over our knowledge base and a snapshot of your aquarium data to generate informational responses.

AI inference and embedding generation are performed within AWS in the London (eu-west-2) region using AWS Bedrock. Your data is not used to train third-party foundation models. MyCeto AI does not make decisions that produce legal or similarly significant effects about you; its output is informational only, as described in our Terms & Conditions.

6. Who we share data with (sub-processors)

We use a limited number of trusted service providers to operate MyCeto. They process data on our behalf under appropriate contractual safeguards:

  • Amazon Web Services (AWS), London / eu-west-2 — cloud hosting, database (Aurora PostgreSQL), file storage (S3), identity (Cognito), encryption (KMS), AI inference and embeddings (Bedrock), transactional email delivery (Amazon SES), and logging (CloudWatch).
  • Stripe — payment processing, subscription management, and tax calculation (Stripe Tax). Ceto Cloud Limited is the merchant of record for your subscription.
  • Google (EEA data-region) — email services used to send and receive account, transactional, and support correspondence.

We also retrieve data from the third-party telemetry providers and ICP laboratories you choose to connect, using credentials you supply, solely to fetch and store your data within MyCeto.

We do not sell your personal data, and we do not share it with third parties for their own marketing.

7. Data residency and international transfers

MyCeto is designed so that user data — including databases, file storage, AI inference, and logs — is stored and processed within the AWS London (eu-west-2) region. We enforce this residency control at runtime.

Where any transfer of personal data outside the UK or EEA becomes necessary (for example, in connection with a payment processor), we rely on an appropriate safeguard such as an adequacy decision or Standard Contractual Clauses.

8. Security

We take the security of your data seriously and apply technical and organisational measures including:

  • encryption of data in transit (HTTPS / TLS) and at rest;
  • encryption of third-party integration credentials using a managed key service (AWS KMS) — credentials are never stored in plaintext;
  • authentication through AWS Cognito, with multi-factor authentication available to all users and mandatory for administrators;
  • role-based access controls and least-privilege access to systems and data;
  • structured logging that excludes credentials and personal data from log lines; and
  • ongoing vulnerability scanning and secure-development practices.

No system is completely secure, but we work to protect your data and to respond promptly to any incident, including notifying the relevant authority and affected users where required by law.

9. Data retention

We retain your personal data for as long as your account is active and for as long as necessary to provide the service.

You can delete individual records (such as a tank, test, or livestock entry) within the application at any time; deletions cascade to associated data. You may also delete your entire account, either through the in-app account-deletion option or by contacting us at support@cetocloud.com. We action account-deletion requests within 30 days, subject to a short grace period during which deletion may be reversed.

We retain certain records where the law requires it — in particular, billing and tax records, which we keep for the statutory retention period — even after account deletion.

10. Your rights

Under the UK GDPR and EU GDPR you have the right to:

  • Access — obtain a copy of the personal data we hold about you;
  • Rectification — correct inaccurate or incomplete data;
  • Erasure — request deletion of your personal data (“right to be forgotten”);
  • Restriction — ask us to limit how we process your data;
  • Portability — receive your data in a structured, commonly used, machine-readable format;
  • Object — object to processing based on our legitimate interests; and
  • Withdraw consent — where processing is based on consent.

To exercise any of these rights, email support@cetocloud.com. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or with your local supervisory authority in the EU.

11. Cookies and local storage

We use only the cookies and local storage necessary to operate the service, such as maintaining your authenticated session and remembering in-app preferences. We do not use third-party advertising or cross-site tracking cookies. Where we introduce any non-essential cookies in future, we will ask for your consent first.

12. Children

MyCeto is not intended for children. You must be at least 18 years old to create an account, and we do not knowingly collect personal data from anyone under 18.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice. Continued use of the service after the changes take effect constitutes acceptance of the updated policy.

14. Contact

For any questions about this Privacy Policy or how we handle your data, contact Ceto Cloud Limited at support@cetocloud.com.

Começar grátis

Construa o gémeo do seu aquário sem cartão de crédito

Começar grátis Comparar planos