Privacy Policy
Last updated: May 11, 2026
This policy covers both the cloudconsultingmastery.com website and the Orion Chrome extension (id: gleiicepcciipebnldaegahgibgfhnio). Both are operated by Cloud Consulting Mastery (contact details at the end of this document). This policy explains in detail how your data is collected, processed, stored and shared.
1. Data Collection
Website cloudconsultingmastery.com Data you provide directly via the contact form: • First and last name • Email address • Phone number • Company • Project description Technical data collected automatically: • Anonymized analytics (pages visited, duration, traffic source) via Google Analytics and Google Tag Manager. • No personally identifiable information is collected without your explicit interaction. Orion Chrome Extension Orion is an agentic AI extension that drives your active browser tab only on your explicit request via the side panel. No passive background reading. Data collected: • Email and password: provided by you at signup, to authenticate against the Orion backend. • Session token (JWT): issued by the backend after successful login. • Agent conversation history: the messages you send to the agent and the generated responses. • Active-tab DOM content: read ONLY at the moment you issue an agent command (e.g. "summarize this page"). No passive background reading, no reading on tabs you have not designated. • Active-tab URL and title: captured at command time, to provide context to the agent. • Technical telemetry (optional, OFF by default): extension version, OS, browser type, anonymized error stack traces. Data the extension does NOT collect: • No third-party site passwords. • No third-party session cookies. • No payment card data (payments are handled exclusively by Stripe, outside the extension). • No background DOM reads. • No keylogger, no silent keystroke recording. • No collection on manifest-blocked sites (banks, PayPal, Coinbase, Binance, Kraken, MetaMask, Ledger, accounts.google.com, Google payment pages, PDF files).
2. Data Processing
Website cloudconsultingmastery.com Your contact form data is processed solely to: • Respond to your commercial or support request. • Offer you a meeting booking (via Calendly). • Keep you informed about your ongoing case. It is NEVER: • Sold to third parties. • Used for unsolicited commercial prospecting. • Profiled for targeted advertising. Legal basis: contract performance / pre-contractual measures at your request (GDPR art. 6.1.b) and legitimate interest for analytics tools (GDPR art. 6.1.f). Orion Chrome Extension Extension data is processed solely to: • Authenticate you (email/password → JWT). • Allow the AI agent to understand your command and act on the active tab (DOM, URL, title). • Persist your conversation history so you can resume it. • Diagnose bugs (anonymized telemetry, opt-in). It is NEVER: • Used for advertising. • Used to train AI models without your explicit consent. • Sold, rented or traded with third parties (apart from the necessary subprocessors listed in section 4). • Used for purposes unrelated to providing the Orion service. Legal basis: performance of the service contract (GDPR art. 6.1.b).
3. Data Storage
Website cloudconsultingmastery.com • Contact form submissions are stored in Google Sheets (Google Workspace), accessible only to the Cloud Consulting Mastery team. • Site hosting: Vercel (EU datacenter). • Retention period: maximum 24 months, or until your deletion request. Orion Chrome Extension • Client side (on your machine): the JWT is stored in chrome.storage.local — NEVER in chrome.storage.sync. This means your session token is NEVER replicated through your Google account to your other devices. • Server side (Orion backend): your account (email, Argon2id password hash) and conversation history are stored on Hetzner Cloud servers located in Germany (European Union, GDPR-aligned data residency). • Database: encrypted SQLite at rest. • Communications: HTTPS / WSS only (TLS 1.3). • Retention periods: - Agent conversations: 90 days by default, configurable, automatic purge afterwards. - Technical logs: 30 days, anonymized afterwards. - User account: kept while your account is active. Complete deletion within 30 days of your request. - Billing data (via Stripe): 10 years (legal accounting obligation). The LLM used for agent conversations is self-hosted on Vast.ai (dedicated instance). No data is transferred to OpenAI, Anthropic, or other third-party AI providers by default. Security: • Passwords hashed with Argon2id (OWASP parameters). • JWT authentication signed with HMAC-SHA256. • Strict CSP on the extension (script-src 'self', no remote code loading). • No remote JavaScript code is loaded: the extension is shipped fully bundled at build time.
4. Data Sharing
General principle We NEVER sell, rent or trade your personal data. No data broker is involved. No third-party advertising pixel or tracker is embedded in the Chrome extension. Subprocessors with access to all or part of the data (GDPR art. 28) Website cloudconsultingmastery.com: • Google LLC (Google Workspace / Sheets, Google Analytics, Google Tag Manager) — United States, under Data Privacy Framework. • Calendly Inc. (meeting booking) — United States, standard contractual clauses. • Vercel Inc. (hosting) — EU datacenter. • LinkedIn Corporation (Insight Tag) — United States, standard contractual clauses. Orion Chrome Extension: • Hetzner Online GmbH (backend hosting) — Germany. • Vast.ai (self-hosted LLM hosting) — dedicated instance, no leak to third-party providers. • Stripe Inc. (payment, only for paying users) — United States, standard contractual clauses and PCI-DSS compliance. • Optional LLM providers (only if you explicitly enable them in settings): OpenAI, Anthropic, Google (Gemini), Groq, DeepSeek. By default, none of these providers receive your data — the extension uses the self-hosted LLM. • ElevenLabs Inc. (voice synthesis, optional) — United States. • Resend (transactional email delivery) — EU/US depending on routing. Legal obligations We may be required to disclose data if compelled by law (judicial order, competent supervisory authority). In such cases, we notify you unless legally prohibited. No transfers to advertisers or ad networks Your data is never shared with advertisers, ad networks, data brokers or marketing aggregators.
5. Sites blocked by the Orion extension
The Orion extension is technically UNABLE to operate on the following domains — blocked at the Chrome manifest level: • Banks (*.bank/*) • PayPal (*.paypal.com) • Crypto platforms: Coinbase, Binance, Kraken, MetaMask, Ledger • Google accounts: accounts.google.com • Google payment pages: *.google.com/*/pay* • Online PDF files Even if you attempt to authorize these domains, the extension refuses to run code on them. This protection is hard-coded into the manifest and cannot be bypassed at runtime.
6. Chrome extension permissions
The extension requests runtime access to specific sites (chrome.permissions.request) — NEVER automatically. You see the standard Chrome permission prompt and can revoke at any time via chrome://extensions. Main permissions and their justification: • sidePanel: display the agent's main user interface. • storage: locally persist your JWT (chrome.storage.local). • activeTab: act on the tab where you explicitly invoked the agent. • tabs: follow multi-tab navigations YOU initiate. • tabGroups: group tabs opened by Orion under a labeled color, so you always see what the agent owns. • notifications: alert you when a long task completes. • alarms: keep the agent reliable across Chrome service worker lifecycle. • offscreen: offload heavy DOM parsing outside the service worker. • debugger: dispatch isTrusted mouse/keyboard events via Chrome DevTools Protocol. Attached only for the duration of an explicit command, immediately detached. • host_permissions (https://orion.cloudconsultingmastery.com/*): WebSocket communication with the Orion backend. • optional_host_permissions (https://*/*, http://*/*): optional permissions, granted site by site on your request, NEVER global.
7. Cookies
Website cloudconsultingmastery.com This site uses: • Technical cookies necessary for site operation. • Analytical cookies (Google Analytics, Google Tag Manager) to measure audience. • Marketing tracking cookies (LinkedIn Insight Tag). You can disable cookies in your browser settings. Orion Chrome Extension The extension uses NO cookies. It only uses chrome.storage.local to persist your JWT.
8. Your rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights: • Right of access: obtain a copy of your personal data. • Right to rectification: correct inaccurate or incomplete data. • Right to erasure (right to be forgotten): delete your account and associated data. • Right to portability: receive your data in a structured, readable format (JSON or CSV). • Right to object: object to a processing activity. • Right to restriction: restrict the processing of your data. • Right to withdraw consent at any time, without affecting the lawfulness of prior processing. To exercise these rights or for any data-related question: • Orion extension: privacy@cloudconsultingmastery.com • Website: hamza140598@hotmail.com Legal response time: 30 days. Right to lodge a complaint If you believe your rights are not respected, you may lodge a complaint with the Belgian Data Protection Authority (https://www.autoriteprotectiondonnees.be), the French CNIL (https://www.cnil.fr) for French users, or the competent national supervisory authority in the EU.
9. Minors
The Orion service is not intended for minors under 16 years of age. We do not knowingly collect data from this age group. If unintentional collection is observed, the data is deleted without delay upon request.
10. Changes to this policy
Any material change is notified 30 days before taking effect via: • The extension itself (notification at startup). • The Cloud Consulting Mastery website. • An email to registered users. You retain the right to delete your account before a change you disagree with takes effect. The last update date appears at the top of this page.
11. Contact
Data Controller (GDPR art. 4.7): Cloud Consulting Mastery Maalbeeklaan 8/7 1860 Meise Belgium Phone: +32 498 19 28 94 Website: https://www.cloudconsultingmastery.com Privacy contact (Orion extension): privacy@cloudconsultingmastery.com General contact: hamza140598@hotmail.com Support contact: support@cloudconsultingmastery.com