Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last Updated: January 1, 2025  ·  Effective: January 1, 2025

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Payment Processing (PayPal & Stripe)
  4. Sharing & Disclosure
  5. Data Retention
  6. Cookies & Tracking
  7. Your Rights
  8. Children's Privacy
  9. Security
  10. Changes to This Policy
  11. Contact Us

Summary: HostKum Inc. ("HostKum", "we", "us", "our") is committed to protecting your privacy. This Policy explains exactly what personal data we collect when you use our website and hosting services, why we collect it, how we process it, who we share it with, and your rights regarding your data. We never sell your personal data.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account, purchase a hosting plan, or contact our support team, we collect:

  • Identity data: Full name, username or similar identifier
  • Contact data: Email address, billing address
  • Account credentials: Email address and hashed password (we never store plaintext passwords)
  • Financial data: Billing address, payment method details (processed and tokenized by PayPal or Stripe — we do not store raw card numbers)
  • Transaction data: Details of services purchased, invoice history, and payment records
  • Communications data: Support tickets, chat transcripts, and emails exchanged with our team
  • Profile data: Your preferences, account settings, and feedback you provide

1.2 Information We Collect Automatically

When you visit our website or use our services, we automatically collect:

  • Technical data: IP address, browser type and version, operating system, device identifiers
  • Usage data: Pages visited, time spent on each page, links clicked, referral URLs
  • Log data: Server access logs, error logs, and API request logs
  • Hosting performance data: CPU usage, bandwidth consumption, storage usage, uptime statistics for your hosted services
  • Cookie data: Session identifiers, preference cookies, and analytics identifiers (see Section 6)

1.3 Information from Third Parties

We may receive limited information from:

  • Payment processors: PayPal and Stripe provide us with transaction confirmations and basic billing details
  • Analytics providers: Aggregated, anonymised website traffic data
  • Domain registrars: Domain registration and WHOIS data when you register domains through us

2. How We Use Your Information

We use your personal data only for legitimate purposes, including:

  • Service delivery: Provisioning, maintaining, and improving your hosting account and services
  • Account management: Creating and administering your customer account
  • Payment processing: Billing, invoicing, and processing payments via PayPal and Stripe
  • Customer support: Responding to your requests, tickets, and questions
  • Security: Detecting and preventing fraud, abuse, unauthorized access, and security incidents
  • Legal compliance: Meeting our legal and regulatory obligations (e.g., tax records, anti-fraud requirements)
  • Service communications: Sending important notices about your account, services, renewals, and downtime
  • Marketing (with consent): Sending promotional emails and special offers — you can opt out at any time
  • Product improvement: Analysing usage patterns to improve our platform (using anonymised and aggregated data)

3. Payment Processing — PayPal & Stripe

Important: HostKum does not store, process, or transmit your full credit card or bank account numbers on our servers. All payment data is handled exclusively by PCI-DSS-compliant third-party processors.

3.1 Stripe

We use Stripe, Inc. to process credit and debit card payments. When you enter payment card details on our checkout:

  • Your card details are entered directly into Stripe's secure, PCI-DSS Level 1 certified systems
  • Stripe tokenizes your card data — we receive only a secure token, not your raw card number
  • Stripe may store your payment method for recurring billing purposes in accordance with their own Privacy Policy
  • Stripe collects and processes data necessary to detect fraud and comply with financial regulations

3.2 PayPal

We use PayPal Holdings, Inc. as an alternative payment method. When you pay via PayPal:

  • You are redirected to PayPal's secure platform to authorise the transaction
  • We receive only confirmation of payment and basic billing information from PayPal
  • Your PayPal credentials and financial data remain entirely within PayPal's systems
  • PayPal processes your data in accordance with their own Privacy Policy

3.3 Billing Records

We retain billing and transaction records for a minimum of 7 years to comply with applicable tax and accounting laws. This includes invoice amounts, dates, and service descriptions — not raw payment card data.

4. Sharing & Disclosure

We never sell your personal data. We may share your information only in the following circumstances:

  • Service providers: We engage trusted third-party vendors (data centres, CDN providers, email delivery services, analytics tools) who process data on our behalf under strict data processing agreements
  • Payment processors: PayPal and Stripe receive the minimum data necessary to process your payments
  • Legal compliance: We may disclose data when required to by law, court order, subpoena, or other governmental authority
  • Protection of rights: We may disclose data when necessary to protect the rights, property, or safety of HostKum, our customers, or the public
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify affected users prior to any such transfer.
  • With your consent: We may share data for other purposes with your explicit prior consent

5. Data Retention

We retain your personal data for as long as is necessary to fulfil the purposes described in this Policy, including:

  • Active accounts: Data is retained for the full duration of your customer relationship with us
  • Closed accounts: We retain a limited record of account information for up to 3 years after account closure for fraud prevention and legal compliance
  • Billing records: Invoices and transaction records are retained for 7 years as required by tax law
  • Support tickets: Retained for 2 years after resolution to assist with future queries
  • Server logs: Access logs are retained for 90 days then purged

You may request deletion of your personal data at any time (subject to legal retention requirements) by contacting us at support@hostkum.com.

6. Cookies & Tracking Technologies

6.1 What We Use

We use cookies and similar technologies (local storage, session tokens) to operate and improve our services:

  • Essential cookies: Required for account login, session management, and security. Cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., language, billing cycle preference)
  • Analytics cookies: Help us understand how visitors use our website (anonymised data)
  • Marketing cookies: Used to deliver relevant advertisements (only with your consent)

6.2 Managing Cookies

You can control and delete cookies through your browser settings. Disabling essential cookies will prevent you from logging in. Most browsers allow you to refuse new cookies, delete existing cookies, or be notified before a cookie is stored.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data for direct marketing or legitimate interest purposes
  • Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at support@hostkum.com. We will respond within 30 days. We may need to verify your identity before processing certain requests.

8. Children's Privacy

Our services are not directed to, and we do not knowingly collect personal information from, children under the age of 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@hostkum.com and we will promptly delete such information.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • 256-bit TLS/SSL encryption for all data in transit
  • Bcrypt hashing for all stored passwords
  • JWT-based session authentication with short expiry windows
  • Regular security audits and penetration testing
  • Strict access controls — only authorised personnel can access personal data
  • DDoS protection and intrusion detection systems

While we strive to protect your data, no method of Internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you promptly in the event of a material data breach.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Send an email notification to all registered customers at least 30 days before changes take effect
  • Display a prominent notice on our website

Your continued use of our services after any changes constitutes acceptance of the revised Policy.

11. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your data, please contact our Data Protection team: