Privacy Policy

1. INTRODUCTION

At Hostaffin, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy describes how we collect, use, process, and share your personal information when you use our website and services. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Singapore Personal Data Protection Act (PDPA), and the Bangladesh ICT Act.

2. DATA WE COLLECT

We collect information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("Personal Information").

• Account Information: Name, email address, physical address, phone number, and company name.
• Billing Data: Credit card information (processed by third-party gateways), VAT/GST IDs, and transaction history.
• Technical Data: IP address, browser type, device identifiers, and server logs.
• Service Data: Domain names, website content (as a processor), and support ticket communications.

3. LAWFUL BASIS FOR PROCESSING (GDPR)

Under GDPR, we process your data based on the following legal grounds:

• Performance of a Contract: To provide the services you purchased.
• Legal Obligation: To comply with tax, accounting, and anti-abuse laws.
• Legitimate Interests: To improve our services, prevent fraud, and ensure network security.
• Consent: Where you have explicitly opted-in to marketing communications.

4. HOW WE USE YOUR DATA

We use your information to:

• Provision and maintain your hosting services.
• Process payments and prevent fraudulent transactions.
• Provide technical support and respond to inquiries.
• Send administrative notifications and security alerts.
• Enforce our Terms of Service and AUP.

5. DATA SHARING AND TRANSFERS

We do not sell your personal data. We share data only with trusted third parties necessary for service delivery:

• Payment Processors: To handle secure transactions (e.g., Stripe, PayPal, SSLCommerz).
• Domain Registries: Necessary for domain registration (WHOIS data).
• Data Centers: Where your servers are physically located (USA, Singapore, BD, Germany).
• Compliance/Law Enforcement: When required by a valid legal order (e.g., court order or subpoena).

International Transfers: Data may be transferred to and processed in countries outside your residence. We ensure such transfers are protected by Standard Contractual Clauses (SCCs) or other recognized adequacy mechanisms.

6. YOUR RIGHTS (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights:

• Right to Access: Request a copy of the data we hold about you.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements).
• Right to Data Portability: Request your data in a machine-readable format.
• Right to Opt-Out: (CCPA) Request that we do not "sell" or "share" your personal information.

To exercise these rights, please submit a request via our support portal or email [email protected].

7. DATA RETENTION

We retain personal information for as long as your account is active or as needed to provide services. We also retain and use information as necessary to comply with legal obligations, resolve disputes, and enforce agreements (typically up to 7 years for financial records).

8. COOKIES AND TRACKING

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. For detailed information on the types of cookies we use and how to manage them, please refer to our Cookie Policy.

9. SECURITY

We implement industry-standard technical and organizational measures to protect your data, including encryption (SSL/TLS), firewalls, and strict access controls. However, no method of transmission over the internet is 100% secure.