1. Who We Are
3 Clouds AI is an accounting automation platform operated by ASK Business Solutions Ltd, a company incorporated in the Republic of Cyprus (HE 488671), with registered offices at 10 Iasonos Street, Jason Building, CY-1082 Nicosia.
For the purposes of EU data protection law, ASK Business Solutions Ltd is the data controller in respect of personal data collected directly from visitors to our website and prospective customers. In respect of personal data uploaded to the Platform by our customers for processing, we act as a data processor on the customer's behalf.
This Privacy Policy applies to personal data we collect and process as a controller. If you are a customer of 3 Clouds AI and your data is processed on the Platform, the relevant document is the Data Processing Agreement executed between you and ASK Business Solutions Ltd.
Contact for data protection matters:
Data Protection Contact: Stelios Kyranides
Email: dpo@askbusinesssolutions.com
2. What Personal Data We Collect and Why
2.1 Website Visitors
When you visit our website, we may collect:
IP address, browser type, and device information — for security and analytics purposes, on the basis of our legitimate interests.
Cookie data — subject to your consent, as described in our Cookie Policy (Section 10).
2.2 Prospective Customers (Enquiries and Sign-ups)
When you enquire about 3 Clouds AI or begin the onboarding process, we collect:
Name, email address, company name, phone number — to respond to your enquiry or facilitate sign-up, on the basis of pre-contractual necessity (GDPR Article 6(1)(b)).
Company registration number, VAT number — for KYC/KYB verification, on the basis of legal obligation (GDPR Article 6(1)(c)) and legitimate interests.
2.3 Customers and Users
When you use the Platform as an authenticated User, we collect:
Account information: name, email address, role, employer, and contact number — to provide the service (GDPR Article 6(1)(b)).
Authentication data: login timestamps, IP address, session tokens, MFA records — for security and fraud prevention (GDPR Article 6(1)(f) — legitimate interests).
Usage data: actions performed on the Platform, features accessed, documents processed, Review Queue decisions — for service delivery and improvement (GDPR Article 6(1)(b) and legitimate interests).
Identity verification records: government-issued ID, liveness check data (for Admin and Active Users) — to comply with our onboarding verification obligations (GDPR Article 6(1)(c)).
2.4 Financial Document Data
Customer Data uploaded to the Platform (invoices, bank statements, payroll records, etc.) may contain personal data about third parties (suppliers, employees, counterparties). We process this data as a data processor on the Customer's instructions. Our privacy policy as controller does not govern this data. Please refer to the relevant DPA.
3. How Long We Keep Your Data
Data Category | Retention Period | Basis |
Website visitor logs | 90 days | Legitimate interests (security) |
Enquiry and pre-contract data | 3 years from last contact | Legitimate interests (potential contract) |
Account and User data | Duration of subscription + 1 year | Contractual necessity |
KYC/KYB verification records | 7 years | Legal obligation (regulatory) |
Platform audit logs | 7 years | Legal obligation (tax and accounting records) |
Support communications | 3 years from resolution | Legitimate interests |
Financial document data (as processor) | Per DPA / Customer instruction | Processing under DPA |
4. Who We Share Your Data With
We do not sell personal data. We may share personal data with:
Sub-processors engaged to deliver the Platform, as listed in the Data Processing Agreement (Annex III). These include cloud infrastructure providers, ERP hosting, AI model providers, and identity verification services.
Professional advisors (lawyers, auditors) under confidentiality obligations.
Law enforcement or regulatory bodies where required by law.
A successor entity in the event of a merger, acquisition, or restructuring — subject to the same privacy obligations.
5. International Transfers
Your personal data is primarily stored and processed within the European Economic Area (EEA) on AWS infrastructure hosted in Ireland.
6. Your Rights
Under GDPR, you have the following rights in relation to your personal data:
Right | Description |
Access (Art. 15) | Request a copy of the personal data we hold about you. |
Rectification (Art. 16) | Request correction of inaccurate or incomplete personal data. |
Erasure (Art. 17) | Request deletion of your personal data where there is no lawful basis for continued processing. |
Restriction (Art. 18) | Request that we restrict processing of your personal data in certain circumstances. |
Data portability (Art. 20) | Receive your personal data in a structured, machine-readable format. |
Objection (Art. 21) | Object to processing based on legitimate interests or for direct marketing purposes. |
Automated decision-making (Art. 22) | Not be subject to solely automated decisions that produce legal effects on you (subject to limited exceptions). |
Withdraw consent | Where processing is based on consent, withdraw that consent at any time without affecting prior processing. |
To exercise any of these rights, contact us at dpo@askbusinesssolutions.com. We will respond within 30 days. You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection (www.dataprotection.gov.cy) or your local Supervisory Authority.
7. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. A detailed description of our security measures is set out in our Security Policy and in Annex II of the Data Processing Agreement.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Cyprus Commissioner for Personal Data Protection within 72 hours of becoming aware of the breach, and affected individuals where required.
8. Children's Data
The Platform is designed for use by businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we hold data about a minor, please contact us at dpo@askbusinesssolutions.com and we will take prompt action to delete it.
9. AI Processing Transparency (EU AI Act)
The 3 Clouds AI platform uses artificial intelligence systems to automate accounting processes. In accordance with our obligations under the EU AI Act (Regulation 2024/1689), we disclose:
AI systems on the Platform classify documents, extract data, assign accounting codes, and post transactions to the Odoo ERP.
AI outputs include a confidence score. Entries below configured confidence thresholds are flagged for human review.
AI systems do not make autonomous legal decisions about individuals. AI outputs are accounting entries subject to human review.
If you have questions about how our AI systems affect you, contact dpo@askbusinesssolutions.com.
10. Cookies
We use essential cookies to operate the Platform (session management, security). We may use analytics cookies with your consent. A full Cookie Policy describing each cookie, its purpose, duration, and opt-out mechanism is available at www.3cloudsai.com cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified to registered Users by email at least 30 days before they take effect. The current version is always published on our website. Continued use of the Platform after the effective date of any update constitutes acceptance of the revised Policy.
12. Contact
For any questions or requests relating to this Privacy Policy or your personal data:
ASK Business Solutions Ltd
10 Iasonos Street, Jason Building, CY-1082 Nicosia, Republic of Cyprus
Email: dpo@askbusinesssolutions.com
Data Protection Supervisory Authority: Commissioner for Personal Data Protection, Cyprus (www.dataprotection.gov.cy)