Heropa + GDPR

Cloud People Pty Ltd t/a Heropa (Cloud People) has aligned our policies and practices with the General Data Protection Regulation (GDPR). Please contact [email protected] with any questions.


Cloud People, as a Data Processor, collects and stores a minimum of Personal Data only as instructed by our Customer, the Data Controller, for the purposes of delivering the Cloud People Services.

This page covers:

  • The data we collect and store on behalf of our customers
  • How we comply with GDPR with respect to honoring Data Subject Requests, putting in place appropriate contracts, and maintaining appropriate safeguards.
  • Our sub-processors and what we do to ensure they keep customer data safe.

The Data We Collect and Store

Cloud People collects, processes and stores Personal Data about people who use the Customer’s virtual labs via the Heropa platform, and who contact our support channel. Cloud People does not sell any Contact Data collected on behalf of the Customer or market Cloud People Services to the Customer’s users.

Categories of Data Subjects:

  • Customer’s end-users
  • Customer’s employees or other authorized users or administrators of Heropa

Categories of Personal Data:

  • Name
  • Contact information (company, business email address and phone number)
  • IP Address
  • Cookie Data

GDPR Compliance

Keeping your data secure

Per Article 32 of the GDPR, we have in place appropriate technical and organizational measures to keep your data secure. All data is securely stored in Amazon Web Services. In addition, we have achieved ISO27001 compliance which ensures ongoing compliance with numerous controls to keep data secure.


We have a diligence process to ensure that we only trust parties who have stringent standards regarding the safety and security of Personal Data.

We have in place the appropriate Data Processing Agreements (DPAs) with all vendors and sub-processors that process data on our behalf.

Our list of our sub-processors is here

Honoring the rights of data subjects

We have processes in place to honor data subject requests. Cloud People will export, correct, or delete Contact Data upon request by the Customer. If we receive a request directly from a Data Subject, we will work with the Customer to honor the request.

Even though GDPR is geared towards citizens of the European Union, we believe every user has the right to privacy and we will be actioning data requests from any individual, within or outside the EU.