Privacy Policy
Effective Date: January 1, 2026
Document Contents
1. Lawful Basis for Processing
Under the UK General Data Protection Regulation (UK GDPR), we must have a valid lawful basis for each type of data processing we undertake. We process your data under the following bases:
| Data Category | Purpose | Lawful Basis (Article 6) |
|---|---|---|
| Account Info & Billing | To provide hosting services and process payments. | Contract (Art. 6(1)(b)): Necessary to fulfill our service agreement with you. |
| IP Logs & File Scans | Fraud detection, DDoS mitigation, and malware prevention. | Legitimate Interests (Art. 6(1)(f)): Necessary for network security and abuse prevention. |
| Discord Data | Identity verification and ban evasion prevention. | Legitimate Interests (Art. 6(1)(f)): Ensuring platform integrity. |
| Transaction Records | Tax compliance and financial auditing. | Legal Obligation (Art. 6(1)(c)): Compliance with HMRC tax laws. |
2. Information We Collect
A. Information You Provide
- Account Data: Email Address, First/Last Name, Username, and Password (stored encrypted).
- Discord Integration (Mandatory): via OAuth2, we access your Discord ID, Username, Avatar, and server memberships (Guilds).
- Join Permission: Used to automatically join our support server.
- Reward Verification (J4R): We access your server list strictly to verify if you have joined a promoted server to claim credits. This data is not used for profiling or marketing and is deleted upon account deactivation.
B. Automated Collection (Silent Stalker)
Our proprietary security system ("Silent Stalker") operates within an isolated environment to collect:
- Security Logs: IP addresses and login timestamps.
- File Content Scanning (Free Tier): To prevent abuse, our system scans filenames and file content signatures within Free Tier containers.
Note: Scanning is limited to automated signature-based detection (looking for known malware/phishing scripts) and does not involve human review unless specific abuse signatures are detected.
3. Security & Automated Decisions
Encryption: We encrypt all sensitive data at rest.
Automated Decision Making (Article 22)
We use automated logic to protect our platform. The "Silent Stalker" system compares your IP address, account age, and usage patterns against internal blacklists and known abuse databases.
- Logic: If a match is found (e.g., an IP associated with DDoS attacks), the system may automatically suspend the account.
- Flagging: In ambiguous cases, the system flags the account for human review rather than automatic suspension.
- Right to Appeal: You have the right to contest any automated decision. Appeals can be submitted via our Discord support system (and web portal when available).
4. Data Retention Periods
We retain personal data only as long as necessary. Our specific retention schedule is as follows:
| Category | Retention Period |
|---|---|
| Active Accounts | Data retained for the duration of the active service relationship. |
| Inactive/Deleted Accounts |
1 Year: Full account data (including security logs) is wiped 1 year after inactivity/manual deletion request. 2 Years: To prevent ban evasion/re-registration, we retain a suppression list containing only your Email Address and Hashed Discord ID. After 2 years, this data is permanently erased. |
| Abuse & Bans | 6 Years: If an account is terminated for TOS violations (fraud, abuse, illegal content), we retain evidence and identity data (including Name/IPs) for up to 6 years for legal defense and to enforce permanent bans. |
| Server Data (Free Tier) | Suspended after inactivity. Wiped completely 7 days after suspension. |
5. Infrastructure & Payments
Global Infrastructure
We use a hybrid model of dedicated and colocated servers. You may choose your server location. By selecting a location outside your residence (e.g., Singapore), you consent to data transfer to that jurisdiction.
Crypto Payments
We operate a "top-up" credit system. For cryptocurrency payments, we act as a processor of the transaction reference (TXID) only. We do not store your wallet private keys or long-term wallet history beyond what is necessary to verify the specific top-up transaction.
6. Your Rights & Updates
Under the UK GDPR, you have the following rights regarding your data:
- Right of Access To request copies of your personal data.
- Right to Rectification To correct inaccurate or incomplete information.
- Right to Erasure To request that we delete your personal data ("Right to be Forgotten").
- Right to Restriction To request that we restrict the processing of your data.
- Right to Object To object to our processing of your data (e.g., for marketing). In certain cases, we may continue processing where we demonstrate compelling legitimate grounds, such as fraud or abuse prevention.
- Right to Data Portability To request that we transfer your data to another organization or to you.
Policy Updates
We may update this policy to reflect changes in our services. Material changes will be notified via:
- Direct Email Notification
- Discord Announcement Pings
Right to Complain
If you believe we are mishandling your data, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF