Privacy Policy

1. Information We Collect

When you register for our hosting services, we collect and process the following personal data:

Account Information

• Username: Your chosen username for account identification
• Password: Securely hashed using industry-standard encryption (bcrypt with salt)
• Email Address: For account verification, communication, and service notifications
• SSH Keys: Public keys for secure server access (private keys are never stored)

Technical Data

• IP Addresses: Your public IP address for security monitoring and access control
• Session Data: Login sessions, authentication tokens, and session duration
• Server Logs: Access logs, error logs, and system performance data
• Usage Statistics: Resource consumption, bandwidth usage, and service utilization

Financial Information

• Payment Information: Billing details processed through secure payment providers
• Invoice Data: Transaction history, payment records, and billing addresses
• Tax Information: VAT numbers and tax-related data where applicable

2. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Contract Performance: Processing necessary to provide hosting services you've purchased
• Legitimate Interest: Security monitoring, fraud prevention, and service improvement
• Legal Obligation: Compliance with tax laws, anti-money laundering regulations
• Consent: Marketing communications (where explicitly consented)

3. How We Use Your Information

• Provide and maintain hosting services (VPS, Discord bots, dedicated servers)
• Process payments and generate invoices
• Communicate service updates, maintenance notifications, and support
• Monitor system security and prevent unauthorized access
• Analyze usage patterns to improve service quality
• Comply with legal obligations and law enforcement requests
• Prevent fraud, abuse, and violations of our Terms of Service

4. Data Retention

We retain your personal data for the following periods:

• Active Accounts: Data retained while your account is active
• Closed Accounts: Account data deleted within 30 days of closure
• Financial Records: Retained for 7 years for tax and legal compliance
• Security Logs: Retained for 12 months for security analysis
• Backup Data: Automatically purged from backups within 90 days

5. Your GDPR Rights

As a data subject under GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications

6. Data Security

We implement comprehensive security measures to protect your data:

• End-to-end encryption for data transmission (TLS 1.3)
• AES-256 encryption for data at rest
• Multi-factor authentication for administrative access
• Regular security audits and penetration testing
• Isolated network segments and firewalls
• 24/7 security monitoring and incident response
• Regular staff security training and background checks

7. Data Sharing and Transfers

We may share your data in limited circumstances:

• Service Providers: Trusted partners who assist in service delivery
• Legal Requirements: When required by law or court orders
• Business Transfers: In case of merger, acquisition, or asset sale
• Consent: When you explicitly authorize data sharing

For international transfers outside the EU, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

8. Cookies and Tracking

Our website uses cookies and similar technologies:

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Help us analyze website usage and improve performance
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for targeted advertising (with consent)

You can manage cookie preferences through our cookie banner or browser settings.

9. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected users without undue delay
• Provide details about the nature and scope of the breach
• Describe measures taken to address the breach
• Offer guidance on protective steps you can take

11. Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes through:

• Email notification to your registered address
• Prominent notice on our website
• In-app notifications for active users

Continued use of our services after policy updates constitutes acceptance of the revised terms.