1 Scope & Controller
This Privacy Policy applies to all websites operated by Host Technologies LLC (including host.com and any subdomains), our web hosting, domain registration, SSL certificate, and related cloud services (collectively, the "Services"), and any interactions you have with our sales or support teams.
The data controller responsible for your personal information is:
| Legal entity | Host Technologies LLC |
| Registered address | 4801 Lang Ave NE, Suite 110, Albuquerque, NM 87109, United States |
| Jurisdiction | New Mexico, USA (incorporated) |
| Privacy contact | [email protected] |
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, Host Technologies LLC acts as data controller under the applicable data protection laws (GDPR, UK GDPR, or the Swiss Federal Act on Data Protection).
2 Information We Collect
We collect personal information in three main ways: information you provide directly, information collected automatically, and information from third-party sources.
2.1 Information You Provide
| Category | Examples | When collected |
|---|---|---|
| Account & Identity | Full name, username, email address, password (hashed), phone number, profile photo | Registration, account updates |
| Billing & Payment | Billing name and address, last 4 digits of card (full card numbers handled by PCI-DSS certified processor), VAT/tax ID | Purchase, subscription renewal |
| Business Information | Company name, company size, industry, job title | Account signup (optional) |
| Support & Communications | Messages, attachments, ticket history, chat transcripts, call recordings (with notice) | Support interactions |
| Identity Verification | Government-issued ID (for WHOIS, domain registrations where required by registry policy) | Domain registration for specific TLDs |
2.2 Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Log Data | IP address, browser type and version, operating system, referring URL, pages visited, timestamps | Security, fraud detection, analytics |
| Device Information | Device model, screen resolution, language setting, time zone | Service optimization, fraud prevention |
| Usage Data | Feature interactions, clicks, navigation paths, control panel actions, API calls | Product improvement, support |
| Cookie & Tracker Data | Session tokens, preferences, analytics identifiers, advertising IDs | See Section 6 — Cookies |
| Server & Network Metadata | Bandwidth usage, CPU/memory utilization, uptime events, DNS query logs (aggregated) | Service delivery, billing, abuse prevention |
2.3 Information from Third Parties
- Payment processors (Stripe, PayPal): transaction status, fraud signals, billing address verification
- Identity & fraud services: sanctions screening, risk scores to comply with applicable laws
- Social login providers (Google, GitHub, Microsoft): basic profile data if you choose to sign in via OAuth
- Referral partners & affiliates: referral source identifiers to credit affiliate commissions
- Public sources: WHOIS data, business registries, for fraud prevention and KYC purposes where legally required
3 Legal Bases for Processing (GDPR / UK GDPR)
If you are located in the EEA, UK, or Switzerland, we rely on the following legal bases to process your personal information:
Processing required to deliver the Services you have signed up for — account creation, order processing, billing, service provisioning, and technical support.
Security monitoring, fraud and abuse prevention, product analytics, and direct marketing to existing customers where our interests are not overridden by your rights.
Non-essential cookies, third-party analytics, interest-based advertising, and promotional emails to new prospects. You may withdraw consent at any time.
Compliance with applicable laws including tax regulations, financial reporting requirements, law enforcement requests, and sanctions screening.
4 How We Use Your Information
We use your information only for purposes that are consistent with the legal bases described above. Specific uses include:
- Service Delivery: Provisioning servers, domains, SSL certificates, email accounts, and other ordered services; sending invoices, renewal notices, and service alerts.
- Account Management: Authenticating your identity, managing permissions, enabling two-factor authentication, and processing account changes.
- Customer Support: Responding to tickets, live chat, and phone inquiries; providing technical guidance; escalating issues to engineering teams.
- Security & Fraud Prevention: Detecting and preventing unauthorized access, abuse, spam origination, DDoS attacks, phishing, and other malicious activity.
- Product Improvement: Analyzing aggregated and de-identified usage data to understand feature adoption, identify bugs, and prioritize development work.
- Marketing Communications: Sending newsletters, product announcements, and promotional offers — subject to your communication preferences and applicable opt-out rights.
- Legal & Compliance: Responding to lawful requests from government authorities; maintaining records required by applicable laws; exercising or defending legal claims.
- Research & Analytics: Conducting internal research on user experience and hosting industry trends using de-identified or aggregated data.
5 Sharing & Disclosure
We do not share your personal information with third parties except as described below.
5.1 Service Providers
We work with carefully vetted third-party vendors who assist in operating our Services. These vendors are contractually bound to process data only on our instructions and implement appropriate security measures.
| Vendor Category | Purpose | Data Shared |
|---|---|---|
| Payment Processors (Stripe, PayPal) | Payment handling, fraud scoring | Billing details, transaction amounts |
| Domain Registries & Registrars | Domain registration per ICANN policy | Registrant contact data (WHOIS) |
| Cloud Infrastructure (AWS, Hetzner) | Server hosting, storage, CDN | Encrypted account and service data |
| Email Service Providers | Transactional and marketing emails | Name, email address |
| Customer Support Platforms | Ticket management, live chat | Name, email, support history |
| Analytics Providers | Website analytics (privacy-preserving) | Pseudonymous identifiers, usage events |
| Security & Abuse Services | DDoS protection, bot detection, abuse reporting | IP addresses, traffic patterns |
5.2 Legal & Compliance Disclosures
We may disclose personal information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) protect the rights, property, or safety of Host.com, our customers, or the public; or (c) enforce our Terms of Service or other agreements.
When we receive a government request for customer data, we will notify the affected customer unless legally prohibited from doing so. We publish an annual Transparency Report summarizing the number and type of requests received.
5.3 Business Transfers
If Host.com is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your personal information may be transferred as a business asset. We will provide notice on our website and, where required, by email before your information becomes subject to a materially different privacy policy.
5.4 Aggregated or De-Identified Data
We may share aggregate or de-identified information that cannot reasonably be used to identify you, including for industry research, marketing materials, and partner reports.
6 Cookies & Tracking Technologies
We use cookies, web beacons, local storage, and similar tracking technologies on our websites and in our Services. The following table describes the types of cookies we use:
| Cookie Type | Description | Can you opt out? |
|---|---|---|
| Strictly Necessary | Required for the website and control panel to function (session management, CSRF protection, load balancing) | No — these are essential |
| Functional / Preference | Remember your language, currency, and display preferences across sessions | Yes — via cookie settings |
| Analytics | Measure page views, user flows, and feature adoption (using privacy-preserving tools; no cross-site tracking) | Yes — via cookie settings or browser opt-out |
| Marketing / Advertising | Track conversions from ad campaigns; used with Google Ads, LinkedIn Insight Tag, and similar platforms | Yes — via cookie consent banner or industry opt-out tools |
You can manage cookie preferences through our Cookie Preference Center, through your browser's settings, or through the industry opt-out mechanisms at optout.aboutads.info (US) and youronlinechoices.eu (EU). Please note that disabling certain cookies may affect the functionality of our Services.
We respect "Do Not Track" (DNT) browser signals. When a DNT signal is detected, we disable analytics and marketing cookies for that session.
7 Data Retention
We retain personal information only as long as necessary for the purposes set out in this Policy, or as required by applicable law.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account information | Duration of account + 90 days post-cancellation (then deleted or anonymized) | Contract, legitimate interest |
| Billing records & invoices | 7 years from transaction date | Legal obligation (tax law) |
| Support tickets | 3 years from ticket closure | Legitimate interest (dispute resolution) |
| Server access logs | 90 days (security events: 12 months) | Legitimate interest (security) |
| Marketing consent records | Until consent withdrawn + 3 years | Legal obligation (consent audit trail) |
| Abuse & fraud investigation records | Duration of investigation + 5 years | Legal obligation, legitimate interest |
After the applicable retention period, we securely delete or irreversibly anonymize your personal information. You may request earlier deletion subject to the exceptions described in Section 10.
8 International Data Transfers
Host.com operates globally, which means your personal information may be transferred to and processed in countries outside your country of residence, including the United States, Germany, and other countries where our infrastructure or service providers are located.
For transfers of personal data from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of data protection, we rely on the following transfer mechanisms:
- EU Standard Contractual Clauses (SCCs) — adopted by the European Commission under GDPR Article 46(2)(c), applied to transfers to our US entities and applicable sub-processors.
- UK International Data Transfer Agreements (IDTAs) — for transfers from the UK post-Brexit.
- Swiss Standard Contractual Clauses — for transfers from Switzerland.
- EU-US Data Privacy Framework (DPF) — where applicable, for transfers to DPF-certified recipients.
A copy of the applicable SCCs or other transfer mechanisms can be requested by contacting [email protected].
9 Security
We take the security of your personal information seriously and employ a defense-in-depth approach that includes:
Encryption in Transit & at Rest
TLS 1.2+ for all connections; AES-256 encryption for stored data and backups
Access Controls & Least Privilege
Role-based access, MFA enforced for all internal systems, background-checked employees
Vulnerability Management
Continuous vulnerability scanning, penetration testing (annual, by third party), bug bounty program
SOC 2 Type II Certified
Annually audited by independent third-party auditors; report available under NDA
Incident Response
Documented incident response plan; we will notify affected customers and regulators within 72 hours of discovering a qualifying breach
Physical Security
Tier III+ data centers with 24/7 CCTV, biometric access controls, and multi-layer perimeter security
10 Your Rights & Choices
Depending on your location, you may have the following rights with respect to your personal information. We honor these rights regardless of where you are located.
Obtain a copy of the personal information we hold about you and information about how we process it.
Request that we correct inaccurate or incomplete personal information.
Request deletion of your personal information ("right to be forgotten") subject to legal retention obligations.
Request that we restrict processing of your information in certain circumstances (e.g., while a dispute is resolved).
Receive your personal data in a structured, machine-readable format and transfer it to another controller.
Object to processing based on legitimate interests or for direct marketing at any time.
Withdraw any consent given at any time without affecting the lawfulness of prior processing.
California, Colorado, Connecticut, and Virginia residents may opt out of the "sale" or "sharing" of personal data for cross-context behavioral advertising. Use our Do Not Sell or Share My Data link or email [email protected].
How to Exercise Your Rights
Submit a verifiable request via:
- Email: [email protected]
- Account portal: Settings → Privacy & Data
- Postal mail: Privacy Office, Host Technologies LLC, 4801 Lang Ave NE, Suite 110, Albuquerque, NM 87109
We respond to verified requests within 30 days (GDPR) or 45 days (CCPA), extendable by 30/45 days with notice where permitted. We do not charge a fee unless requests are manifestly unfounded or excessive. We may need to verify your identity before processing requests.
If you believe we have not adequately addressed your request, you have the right to lodge a complaint with the supervisory authority in your country of residence. For EEA residents: your national data protection authority. For UK residents: the Information Commissioner's Office (ICO). For Swiss residents: the Federal Data Protection and Information Commissioner (FDPIC).
11 Children's Privacy
Our Services are not directed to individuals under the age of 16 (or under 18 in jurisdictions where that age applies). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child under the applicable age of consent, we will delete that information promptly. If you believe we have collected information from a child, please contact us at [email protected].
12 Third-Party Links & Integrations
Our websites and Services may contain links to third-party websites, integrate third-party applications (such as payment gateways or monitoring tools), or allow you to connect third-party accounts. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform. We are not responsible for the privacy practices or content of third-party sites.
13 Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Post a notice on our website and/or in the control panel for at least 30 days
- Send an email notification to registered account holders for changes that materially affect your rights
Your continued use of our Services after the effective date of the revised Policy constitutes your acceptance of the changes. We encourage you to periodically review this page for the latest information on our privacy practices.
Previous versions of this Privacy Policy are available upon request by contacting [email protected].
14 Contact & Data Protection Officer
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:
Privacy Office
Host Technologies LLC
4801 Lang Ave NE, Suite 110
Albuquerque, NM 87109
United States
EU / UK Representative
For individuals in the EEA and UK, our EU representative for GDPR purposes can be reached at: [email protected].
Security Disclosures
To report a security vulnerability, please use our responsible disclosure program at [email protected]. Do not include personal data in vulnerability reports.