opshosts

Privacy Policy

Effective: 20 April 2026 · Version 1.0

Draft pending lawyer review. UAE PDPL + GDPR alignment in progress.

1. What we collect

  • Account data: name, email, password (hashed), company, phone, country.
  • Service data: domains, DNS records, VPS configuration, mailboxes — anything needed to deliver the service.
  • Billing data: billing address, tax IDs. Card details go directly to Stripe; we never see them.
  • Usage data: IP, user-agent, pages visited, errors. For security and product improvement.

2. Why we collect it

  • To provide the services you bought (legal basis: contract).
  • To bill you and prevent fraud (legal basis: contract + legitimate interest).
  • To send transactional emails — receipts, security alerts, renewal reminders (legal basis: contract).
  • To send marketing emails — only if you opt in. You can opt out any time.

3. Who we share it with

We share data only with sub-processors that help deliver the service:

  • Hostinger International — domain registration, VPS provisioning. Data: domain WHOIS, server IPs.
  • Stripe — payment processing. Data: billing email, address, amount.
  • Resend — transactional email. Data: recipient email, message content.
  • Cloudflare — DDoS protection, DNS. Data: IP, request metadata.
  • Hostinger VPS (in our control) — where opshosts runs. Data: everything in the database.

We don't sell your data, ever.

4. Where it lives

Primary database: a VPS in Mumbai (India) operated by Hostinger and managed by us. Backups: encrypted, stored in the same region. Stripe and Resend store data in the US/EU per their own policies.

5. How long we keep it

  • Account data: while your account is active. Deleted within 30 days of closure.
  • Billing records: 7 years (UAE tax law).
  • Audit logs: 2 years, then archived.
  • Email log: 180 days.
  • Backups: 7 daily + 4 weekly + 12 monthly rolling.

6. Your rights

You can:

  • Access a copy of your data — email privacy@opshosts.com.
  • Correct or update it from your account settings.
  • Delete it — close your account from settings, or email us.
  • Export it — JSON download via account settings (coming soon — for now request via email).
  • Object to processing where the legal basis is legitimate interest.

We respond to requests within 30 days. EU/UK residents can lodge a complaint with their local data-protection authority.

7. Cookies

See our Cookie Policy. Essentials only by default; analytics and marketing require opt-in.

8. Security

TLS in transit, password hashing, daily DB backups, restricted SSH access to production. We'll notify you within 72 hours if we detect a breach affecting your data.

9. Children

Services aren't directed at anyone under 18. We don't knowingly collect data from minors.

10. Contact

Questions or requests: privacy@opshosts.com.