1. Who we are

This Privacy Policy describes how CHERNOMOR LLC ("CHERNOMOR", "we", "our", "us") collects, uses, stores, and protects personal data when we deliver cloud infrastructure, telecom integrations, automation engineering, and related B2B services.

Controller details: CHERNOMOR LLC, 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801, USA. Contact: sales@chernomor.cc.

2. Scope and applicability

This policy applies to personal data we process through our website, pre-contract discussions, onboarding, service delivery, support, security operations, and vendor management.

This policy does not replace contractual obligations in a signed Master Services Agreement (MSA), Data Processing Addendum (DPA), or regulator-mandated obligations that may apply to a specific service.

3. Categories of personal data we process

• Identity and contact data: name, business email, phone number, company role.
• Business and onboarding data: legal entity records, KYC/KYB verification documents, authorized representative information.
• Commercial and contractual data: proposals, order forms, billing contacts, support communications.
• Technical and usage data: IP addresses, device and browser metadata, service logs, API telemetry, incident traces.
• Compliance and security data: sanctions-screening outputs, abuse flags, audit trail events, policy acceptance records.

4. How we collect data

• Directly from you and your team during inquiries, contracting, onboarding, and operations.
• Automatically from systems and endpoints used to deliver, monitor, and secure services.
• From trusted third parties such as identity-verification providers, sanctions data sources, and infrastructure vendors.
• From publicly available business records and regulator notices where required for risk and compliance controls.

5. Why we process personal data

• To evaluate, negotiate, and execute contracts and service requests.
• To provision and operate cloud, telecom, and automation services.
• To enforce security, reliability, anti-fraud, and abuse-prevention controls.
• To comply with legal, sanctions, and regulatory obligations.
• To maintain auditability, incident response, and service quality reporting.
• To communicate business updates, support notices, and operational alerts.

6. Telecommunications, datacenter, and network-regulator alignment

Our operating model depends on datacenter operators, internet providers, telecom carriers, and related infrastructure partners that enforce anti-abuse and lawful-use controls. We align our processing activities with those control frameworks.

Where required by law or regulator notice, we may disclose limited account, traffic, or audit information to competent authorities, including telecommunications regulators, courts, or law-enforcement bodies.

We do not support deceptive routing, sender spoofing, or unauthorized outbound traffic patterns. We may suspend service or specific traffic flows if a carrier, upstream provider, or regulator requires immediate risk mitigation.

7. Telecommunications and messaging integrations

Where our services include messaging infrastructure, we process SMS and authentication-message metadata as needed to provision, route, monitor, and secure verification-related workflows.

We integrate with telecom and connectivity providers to deliver messaging and identity-verification services. Integration logs and delivery telemetry may include destination identifiers, message-routing context, and operational status signals.

Phone numbers and authentication-related message data are handled under access-control and least-privilege principles. We apply technical and organizational safeguards designed to protect message-processing workflows from unauthorized access, abuse, and tampering.

• Processing of SMS and authentication traffic required for service delivery and monitoring.
• Integration with telecom providers and routing partners under contractual and policy controls.
• Handling of phone-number and authentication-message data for operational, compliance, and security purposes.
• Security measures including logging, anomaly monitoring, and incident-response procedures for messaging systems.

8. How we share personal data

• With subprocessors and service providers under contractual confidentiality and data-protection obligations.
• With datacenter, telecom, and connectivity vendors when required to provide and secure services.
• With professional advisors (legal, compliance, audit) on a need-to-know basis.
• With competent authorities where legally required or necessary to protect rights, safety, and infrastructure integrity.
• As part of a corporate transaction (merger, acquisition, restructuring), subject to lawful safeguards.

9. International data transfers

When personal data is transferred across borders, we apply reasonable safeguards appropriate to the transfer context, such as contractual protections and security controls.

Where required by law, we use transfer mechanisms recognized by applicable data-protection frameworks.

10. Data retention

We retain personal data only for as long as required for the purpose collected, contractual commitments, legal obligations, dispute resolution, and audit requirements.

Compliance, fraud-prevention, and sanctions-related records may be retained longer when justified by legal and operational risk controls.

11. Security controls

• Access controls and least-privilege practices for systems handling sensitive records.
• Encryption in transit and appropriate protections at rest where supported by the service.
• Monitoring, logging, and incident-response procedures for infrastructure and traffic anomalies.
• Periodic review of vendor and subprocessor controls relevant to service delivery.

12. Your privacy rights

Subject to applicable law, you may request access, correction, deletion, restriction, objection, portability, and withdrawal of consent where consent is the legal basis for processing.

California residents may have additional rights to know, delete, correct, and limit use of sensitive personal information under California privacy law.

To submit a rights request, email sales@chernomor.cc with the subject line "Privacy Request". We may need to verify identity and authority before processing the request.

13. Marketing communications

We send business communications relevant to our services and relationship with your organization. You can opt out of non-essential marketing emails at any time.

Operational and security notices may still be sent when necessary for service continuity and compliance.

14. Children data

Our services are designed for business use and are not directed to children. We do not knowingly collect personal data from children in violation of applicable law.

15. Policy updates and contact

We may update this policy to reflect legal, operational, or service changes. Updated versions are published on this page with a revised "Last updated" date.

Questions about this policy can be sent to sales@chernomor.cc.

This document is provided for transparency and operational governance. It does not constitute legal advice.