Most of the personal information we collect and process is provided to us directly by you when you use our website, sign up to use our services, or place an order with us. For example, your email address will be stored in order to verify your identity, during the sign-up process, and for billing.
As a proof of identity, we may also ask you to provide a passport or other ID card. This information is used solely for verifying your identity and is removed from our system within 48 hours.
We also receive personal data indirectly, such as your IP address (including your geo IP location and hostname), which are automatically collected and stored when you sign up online for our services, support, or place an order.
When you use our control panel, your actions are logged and stored along with your IP address, hostname, and browser. This happens during, for example, orders, sign-up, and power reboots/on/off.
Customer emails are automatically stored following an order or sign-up process, for information security and fraud prevention purposes. Additional contact details may also be collected for such purposes.
Likewise, IP address, location, and hostname details are automatically collected and processed to ensure informational tracking and security as well as for identity verification purposes.
Your name, address, and email are used by our third-party payment processors - Stripe and PayPal - in order to verify credit/debit card ownership and provide fraud protection.
Under the UK General Data Protection Regulation (GDPR), the lawful basis for us processing your personal data is that it is necessary for the performance of a contract (service/support, product order) or before entering into a contract (quote).
We also carry out some data processing - to the extent that it is strictly necessary only - for the legitimate interests of fraud prevention and network and information security.
The list of current cookies stored by our services is detailed below. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know:
All data is stored in replicated databases at two locations in Europe and two in the United States: London, United Kingdom; Frankfurt, Germany; Los Angeles, United States; New York, United States.
Sensitive data such as passwords are automatically hashed and salted. Our databases are backed up offsite daily.
We employ the highest levels of encryption for stored passwords, including CRYPT_BLOWFISH one-way encryption; unique salts on a per-user basis, resulting in zero password hash clashing; and high compute time for the PASSWORD_BCRYPT/CRYPT_BLOWFISH algorithm.
Under the UK GDPR and the Data Protection Act 2018, personal data that we collect and that may later be audited by HMRC must not be retained for longer than is necessary for its lawful purpose. The standard retention period for HMRC records is '6 years plus current'. When you no longer have any active services or orders with us and have opted to close your account, this retention period starts. After the HMRC '6 years + 1' retention period has elapsed, this personal data (e.g., personal identifiers, order records, invoices, transaction data) will be securely destroyed.
All other data is stored for 12 months before being purged from our databases. This includes, for example, general logging (actions carried out on the control panel), email logs, ticket attachments, tickets and replies, API logs, and abuse reports.
Based on our lawful bases for processing your personal data, you have certain rights under data protection law:
You are not required to pay any charge for exercising these rights. If you make a request, we have one month to respond to you.
Please contact us using the details provided at the start of this Privacy Notice if you wish to make a request. We may ask for additional proof of identity before we can hand over the requested data - this is a standard security procedure that we carry out from time to time.
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected].
You can also complain to the Information Commissioner's Office (ICO) if you are unhappy with how we have used your data: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; 0303 123 1113; https://www.ico.org.uk.