Privacy Policy

Our Promise

At HostUnited, your privacy is a fundamental part of the trust we build with every member. We collect only what we need, we protect it carefully, and we never use it in ways you wouldn't expect. This policy explains exactly how we handle your personal information when you use our hosting services at hostunited.io.

This policy applies to everyone who interacts with our services — account holders, authorized team members, and website visitors alike. We act as a data controller for information collected directly from you, and as a data processor for any personal data stored within your hosted services.

Where we act as a data processor, our Data Processing Agreement governs how we handle that data. You can request a copy of our DPA at any time through our support team.

What We Collect

We collect only the information necessary to provide our services and communicate with you effectively. This includes:

• Account information: Name, email address, company name (if provided), and password (hashed)
• Billing information: Payment method details (processed securely by our payment provider), billing address, and transaction history
• Service data: Server configurations, resource usage metrics, and support interactions
• Technical data: IP addresses, browser type, operating system, and access timestamps for security and service improvement

We do not collect sensitive personal data such as health information, political opinions, or biometric data. We never purchase personal data from third parties.

How We Use Your Data

Your data is used exclusively to provide, maintain, and improve our hosting services:

• Provisioning and managing your servers and services
• Processing payments and managing your billing
• Communicating with you about your account, services, and support requests
• Monitoring and maintaining the security and integrity of our platform
• Improving our services based on aggregate usage patterns
• Complying with legal obligations

We will never sell your personal data. We will never use your data for targeted advertising. We will never share your information with third parties for their marketing purposes.

Who We Share With

We share your data only with trusted partners who help us deliver our services:

• Payment processors: To handle transactions securely
• Infrastructure partners: Data center operators who host our physical servers
• Communication tools: Email delivery services for transactional messages
• Legal authorities: Only when required by law, with appropriate legal process

All partners are contractually bound to handle your data in accordance with GDPR and this privacy policy. We regularly audit our partners for compliance.

Data Storage & Security

Your data is stored exclusively in European data centers located in the Netherlands and Germany. We implement comprehensive security measures:

• AES-256 encryption at rest for all stored data
• TLS 1.3 encryption for all data in transit
• Regular security audits and penetration testing
• Role-based access controls with principle of least privilege
• Multi-factor authentication for all staff access
• 24/7 security monitoring and intrusion detection

Data Retention

We retain your data only as long as necessary to provide our services and fulfill our legal obligations:

• Account data: Retained while your account is active and for 30 days after closure
• Billing records: Retained for 7 years as required by financial regulations
• Support interactions: Retained for 3 years for quality assurance
• Server logs: Retained for 90 days for security purposes

After the retention period, data is securely and permanently deleted using industry-standard methods.

Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct any inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact our privacy team at [email protected]. We'll respond within 30 days as required by GDPR.

Cookies

We use only essential cookies necessary for our platform to function properly — session management, security tokens, and user preferences. We do not use tracking cookies, advertising cookies, or third-party analytics that track you across the web.

Essential cookies cannot be disabled as they are required for the service to function. You can manage cookies through your browser settings at any time.

Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we'll notify you via email at least 30 days before the changes take effect. Minor changes (clarifications, formatting) may be made without notice.

The "Last updated" date at the top of this page always reflects the most recent revision. We encourage you to review this policy periodically.