Privacy Policy
Last update: 01.06.2025
Who we are
1.1. LuxHost (hereinafter — «we», «LuxHost» or «Service») provides hosting services. LuxHost is not a registered law firm.
1.2. However, we act as a «data controller» in the sense of the EU General Data Protection Regulation 2016/679 («GDPR») and other applicable data protection laws, as we define the purposes and methods of processing the personal data of our users.
1.3. Important: Not registering a company does not exempt us from complying with data protection legislation.
1.4. We are committed to protecting the privacy of users and using their data in good faith.
What data we collect
2.1. Category: Identification data. Data: Email address. Required: Required to create an account.
2.2. Category: Payment data. Data: Not stored on our servers — bank card data is processed by our payment provider; When paying with cryptocurrency, we only see the public address/hash of the transaction. Mandatory: Optional; transmitted directly to the provider.
2.3. We do not collect name, address, phone number or any other personal information unless the user provides it voluntarily (for example, by contacting support).
Legal basis for processing
3.1. We process personal data on one or more of the following legal grounds:
3.2. Contract: for the provision and support of hosting services art. 6).
Consent: to receive service or marketing notices art. 6).
Legitimate interests: ensuring security and preventing fraud art. 6).
Purposes of data use
4.1. Create and manage an account;
4.2. Providing customer support; Sending critical service notifications;
4.3. Processing payments (via a third-party processor); Maintaining security and monitoring abuse.
Cookies and similar technologies
5.1. By default, we do not use marketing or analytics cookies.
5.2. Functional cookies are used only for session authentication.
If in the future we implement analytical solutions (for example, Matomo or Plausible), the user will be offered a separate notification and the opportunity to opt out.
5.3. Who we share data with
Recipient: Payment provider (eg Stripe, PayPal, Coinbase Commerce). Purpose of transfer: Processing of cards and crypto payments.
Recipient: Server service providers (eg Hetzner, OVH, DigitalOcean). Purpose of the transfer: Location of infrastructure.
We enter into Data Processing Agreements with all third party providers to ensure security and confidentiality.
International data transfers
6.1. If your data leaves the European Economic Area, we apply Standard Contractual Clauses or select EU–US Data Privacy Framework certified providers.
6.2. Data retention period: Account: until it is deleted by the user or closed due to‑violation of the rules.
6.3. Backups: up to 30 days after removal, for recovery purposes only.
6.4. Security logs: up to 90 days unless otherwise required for incident investigation.
Rights of data subjects
7.1. The user has the right to: Access his data; Correct inaccuracies;
7.2. Delete data («right to be forgotten»); Restrict processing.
Data security
8.1. We apply technical and organizational measures: TLS encryption, two-factor authentication for administrators, isolated runtime environments, regular audits and infrastructure testing.
8.2. Children: Our services are not intended for persons under 16 years of age. We do not knowingly collect children's data.
Policy changes
9.1. For significant policy changes, we will notify users 14 days before the changes take effect via email.
