CloudExa-Hosting Privacy Policy

CloudExa-Hosting Ltd is a private limited company registered in England and Wales.

Company number: 16504313

Registered office: 128 City Road, London, United Kingdom, EC1V 2NX

This Privacy Policy explains how CloudExa-Hosting collects, uses, stores, shares, and protects personal data when you visit our website, create an account, use our panels, buy or use our services, contact support, join our community spaces, or otherwise interact with us.

In this Privacy Policy:

• "CloudExa-Hosting", "we", "us", and "our" mean CloudExa-Hosting Ltd.
• "Customer", "you", and "your" mean the account holder, user, sub-user, reseller, partner, visitor, or other person whose personal data we process.
• "Services" means our websites, billing systems, panels, game hosting, VPS hosting, VDS hosting, Semi-Dedicated Server hosting, Extreme Dedicated plans, dedicated server hosting, bare metal hosting, Discord bot hosting, colocation, support services, databases, backup services, proxy services, and related hosting or infrastructure services.
• "Panel" means any customer, billing, game server, VPS, VDS, dedicated server, colocation, or service management panel operated by or for CloudExa-Hosting.
• "Personal data" means information that identifies, relates to, or could reasonably be linked to an individual.

1. Who We Are

1.1 CloudExa-Hosting Ltd is the controller for personal data we process for account management, billing, service operation, support, security, fraud prevention, legal compliance, marketing, and business administration.

1.2 Our contact details are:

• Company: CloudExa-Hosting Ltd
• Company number: 16504313
• Registered office: 128 City Road, London, United Kingdom, EC1V 2NX
• Support and privacy contact: [email protected]

1.3 We have not appointed a data protection officer unless we publish otherwise. Privacy questions, data protection requests, and complaints should be sent to [email protected] or raised through our official support system.

1.4 Where you upload, store, transmit, or otherwise process personal data belonging to your own users, players, staff, customers, or community members using our hosting infrastructure, you are usually the controller of that data and CloudExa-Hosting usually acts as your processor or hosting provider. Section 12 explains this in more detail.

2. Scope of This Policy

2.1 This Privacy Policy applies to personal data processed through:

• our website;
• our billing and customer account systems;
• our hosting and service panels;
• our game hosting, VPS, VDS, Semi-Dedicated Server, dedicated server, bare metal, Discord bot hosting, and colocation services;
• support tickets and customer communications;
• fraud prevention, security, abuse handling, and network monitoring;
• community spaces, including Discord where connected to CloudExa-Hosting support or verification;
• marketing, service notices, and business administration.

2.2 This Privacy Policy does not apply to third-party websites, game publishers, software vendors, Discord, PayPal, Stripe, or other services that have their own privacy policies, except where we explain how we receive or share data with them.

3. Personal Data We Collect

3.1 Account and identity data:

• name;
• email address;
• username or display name;
• account ID;
• customer ID;
• company or organisation name where provided;
• country, address, or billing location;
• age or confirmation that you are old enough to use the Services, where required.

3.2 Contact and communication data:

• support tickets;
• email messages;
• Discord ticket content where used for support;
• live chat or community messages where available;
• notices, replies, complaint records, and customer service notes.

3.3 Billing and transaction data:

• invoices;
• payment status;
• payment method type;
• PayPal transaction IDs;
• Stripe payment IDs, transaction IDs, payment hashes, card last four digits, and card expiry details where supplied by Stripe;
• account credit records;
• refund records;
• chargeback, dispute, and fraud review records.

3.4 Service and technical data:

• service IDs;
• server names;
• IP addresses;
• SFTP usernames and hashed SFTP passwords;
• assigned ports;
• service location;
• resource allocations;
• bandwidth usage;
• power, rack, and hardware records for colocation where applicable;
• panel login records;
• device, browser, and operating system information;
• access logs, audit logs, error logs, security logs, and abuse logs.

3.5 Security and fraud prevention data:

• IP addresses;
• login attempts;
• failed authentication records;
• session identifiers;
• suspicious activity indicators;
• fraud screening results;
• chargeback evidence;
• abuse reports;
• vulnerability reports;
• information needed to investigate misuse, attacks, malware, copyright complaints, prohibited content, or legal requests.

3.6 Customer content and hosted data:

• files, databases, backups, configuration files, logs, server content, player data, bot data, and other material you upload, store, transmit, or process using the Services.

3.7 Community and Discord data:

• Discord username, ID, messages, tickets, verification status, support history, and moderation records where you interact with CloudExa-Hosting through Discord or link Discord to your CloudExa-Hosting account.

3.8 Website, cookie, and analytics data:

• cookie identifiers;
• consent choices;
• website pages visited;
• approximate location derived from IP address;
• browser and device data;
• referral information;
• session analytics, clicks, scrolls, navigation patterns, and technical metadata where analytics tools are used.

3.9 Colocation and hardware data:

• equipment records;
• serial numbers;
• asset labels;
• shipping records;
• delivery and collection information;
• remote hands requests;
• data-centre access records;
• identity or authority checks required for access, collection, or service management.

4. How We Collect Personal Data

4.1 We collect personal data directly from you when you:

• create an account;
• place an order;
• update your profile;
• open a ticket;
• contact support;
• use the Panel;
• configure a Service;
• upload content;
• join or use our Discord support channels;
• request a refund, transfer, cancellation, data change, or data removal;
• respond to fraud, abuse, copyright, legal, or security investigations.

4.2 We collect personal data automatically when you:

• visit our website;
• log in to the Panel;
• use the Services;
• connect to our network;
• use SFTP or other access methods;
• trigger security, abuse, billing, or service logs.

4.3 We may receive personal data from third parties, including:

• payment processors such as PayPal and Stripe;
• fraud prevention and payment dispute providers;
• Discord, where you use Discord support or verification;
• data-centre, network, DDoS protection, and infrastructure providers;
• copyright owners or complainants;
• law enforcement, regulators, courts, or other authorities;
• resellers, account owners, sub-users, or service users who provide your details to us.

5. Why We Use Personal Data and Our Lawful Bases

5.1 We use personal data only where we have a lawful basis under UK data protection law.

5.2 We use account and contact data to:

• create and manage accounts;
• provide access to the Panel;
• identify customers;
• communicate about Services;
• provide support;
• manage cancellations, refunds, and transfers.

Lawful bases: contract performance, legitimate interests, legal obligation where records are required.

5.3 We use billing and payment data to:

• generate invoices;
• process payments;
• record transactions;
• manage account credit;
• review refunds;
• handle chargebacks and payment disputes;
• meet accounting and tax obligations.

Lawful bases: contract performance, legal obligation, legitimate interests.

5.4 We use service and technical data to:

• provide, maintain, monitor, and improve the Services;
• allocate resources;
• manage servers, databases, storage, bandwidth, power, rack space, and IP addresses;
• diagnose faults;
• carry out maintenance;
• support migrations;
• enforce service limits and acceptable use rules.

Lawful bases: contract performance, legitimate interests.

5.5 We use security and fraud prevention data to:

• secure accounts, panels, servers, and networks;
• prevent unauthorised access;
• detect abuse, malware, attacks, phishing, spam, proxy misuse, fraud, and prohibited activity;
• investigate vulnerabilities;
• protect customers, providers, staff, and infrastructure;
• preserve evidence where needed.

Lawful bases: legitimate interests, legal obligation, contract performance.

5.6 We use customer content and hosted data to:

• host, transmit, store, back up, restore, secure, troubleshoot, support, and maintain the Services;
• investigate abuse, security incidents, copyright complaints, prohibited content, or legal requests where permitted or required.

Lawful bases: contract performance, legitimate interests, legal obligation. Where we act as your processor, we process hosted personal data on your documented instructions unless the law requires otherwise.

5.7 We use support and communication data to:

• answer questions;
• resolve problems;
• keep support records;
• train staff;
• improve documentation and service quality;
• manage complaints and disputes.

Lawful bases: contract performance, legitimate interests, legal obligation where records are required.

5.8 We use website, cookie, and analytics data to:

• operate the website and Panel;
• authenticate users;
• remember settings;
• secure sessions;
• measure performance;
• understand how our website and Panel are used;
• improve usability and reliability.

Lawful bases: legitimate interests for essential operation and security, consent where required for non-essential cookies or similar technologies, legal obligation where security records are required.

5.9 We use marketing and announcement data to:

• send service announcements;
• send security, billing, maintenance, and policy notices;
• send optional marketing where permitted;
• manage marketing preferences and unsubscribe requests.

Lawful bases: contract performance for service notices, legitimate interests for limited existing-customer communications where lawful, consent where required by law, legal obligation for certain notices.

5.10 We use legal, compliance, and dispute data to:

• comply with law;
• respond to lawful requests;
• enforce our Terms of Service;
• defend or bring legal claims;
• handle copyright complaints;
• cooperate with regulators, courts, payment processors, data-centres, network providers, and law enforcement where appropriate.

Lawful bases: legal obligation, legitimate interests, establishment, exercise, or defence of legal claims.

6. Marketing Communications

6.1 We may send operational emails about your account or Services, including invoices, payment reminders, suspension warnings, termination warnings, maintenance notices, security notices, policy updates, and support replies. These are service communications and are not optional marketing.

6.2 We may send marketing emails only where allowed by law. This may include consent-based marketing or limited communications to existing customers about similar services where the law permits.

6.3 You can unsubscribe from marketing at any time by using the unsubscribe option where provided or by contacting support. We may still send non-marketing service communications after you unsubscribe.

6.4 We do not sell personal data to third parties for marketing.

7. Cookies and Similar Technologies

7.1 We use cookies and similar technologies to operate, secure, authenticate, improve, and understand our website, Panel, and Services.

7.2 Strictly necessary cookies and similar technologies may be used without consent where they are essential to provide a service requested by the user or to transmit communications over a network. We will still provide information about them where practical.

7.3 Non-essential cookies, analytics cookies, advertising cookies, session replay tools, or similar technologies will be used only where we have a lawful basis and where any required consent has been obtained.

7.4 Cookie categories may include:

• strictly necessary and security cookies;
• authentication cookies;
• payment fraud-prevention cookies;
• performance and analytics cookies;
• session analytics technologies.

7.5 Cookie and analytics data may include cookie identifiers, IP address, browser details, device details, pages visited, clicks, scrolls, navigation patterns, and technical metadata.

7.6 Sensitive fields such as passwords and payment forms will be excluded from session analytics recording where reasonably possible. IP addresses will be anonymised where applicable.

7.7 Session analytics data may be retained for up to 30 days unless a shorter or longer period is required for security, investigation, legal, or operational reasons.

7.8 We may publish or make available a separate Cookie Notice with more detailed information about the cookies and similar technologies we use.

8. Who We Share Personal Data With

8.1 We share personal data only where reasonably necessary for the purposes described in this Privacy Policy.

8.2 We may share personal data with:

• payment processors, including PayPal and Stripe;
• billing, account, and service management systems such as WHMCS, Pterodactyl, Upstash, or replacement systems;
• data-centre, colocation, network, transit, DDoS protection, and infrastructure providers;
• email, ticketing, support, monitoring, logging, and security providers;
• fraud prevention, payment dispute, and chargeback handlers;
• Discord, where you use Discord support or verification;
• analytics and session analytics providers or internally hosted analytics systems;
• professional advisers, including accountants, insurers, auditors, and legal advisers;
• debt recovery providers where lawful and necessary;
• copyright complainants, rights holders, or affected customers where necessary to handle a complaint;
• law enforcement, regulators, courts, tax authorities, payment processors, banks, or other authorities where required or appropriate;
• another organisation involved in a merger, acquisition, restructuring, sale of assets, or transfer of business, subject to appropriate safeguards.

8.3 We require service providers who process personal data for us to process it only for authorised purposes and to apply appropriate security and confidentiality measures.

9. International Transfers

9.1 Some of our providers, systems, customers, or support operations may be located outside the United Kingdom.

9.2 Where personal data is transferred outside the United Kingdom, we will use an appropriate transfer mechanism where required by law. This may include adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or another lawful safeguard.

10. How Long We Keep Personal Data

10.1 We keep personal data only for as long as reasonably necessary for the purpose it was collected, including service operation, support, security, accounting, tax, legal, dispute, fraud prevention, and business-record purposes.

10.2 Typical retention periods are:

• Account data: for the life of the account and for up to 7 years after account closure where needed for legal, tax, accounting, fraud prevention, dispute, or business-record purposes.
• Billing and invoice data: for at least 7 years where required for tax, accounting, and business records.
• Payment records: for as long as needed for payment processing, refunds, chargebacks, accounting, tax, fraud prevention, and dispute handling.
• Support tickets and communications: for up to 6 years after the issue is closed, unless a shorter or longer period is appropriate.
• Service logs and security logs: for as long as needed for service operation, security, abuse prevention, legal compliance, or investigations. Routine logs may be kept for shorter periods.
• Hosted files, databases, and customer content: while the Service is active and for any backup or grace period we provide. Content may be deleted permanently after cancellation, expiry, suspension, or termination in line with our Terms of Service.
• Backups: retained according to backup rotation and operational requirements. Backups are not guaranteed and should not be treated as your only copy.
• Session analytics data: normally up to 30 days unless needed longer for security, investigation, legal, or operational reasons.
• Marketing preferences: until you unsubscribe or update your preferences, and then as needed to maintain a suppression record.
• Colocation and hardware records: for the life of the service and for up to 6 years after termination where needed for billing, ownership, shipping, insurance, security, legal, or dispute purposes.

10.3 We may retain data longer where required by law, court order, regulator request, law enforcement request, tax or accounting obligation, active dispute, fraud concern, abuse investigation, security incident, or legal claim.

10.4 Where we no longer need personal data, we will delete it, anonymise it, or securely restrict it where deletion is not immediately possible.

11. Security

11.1 We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

11.2 Measures may include access controls, password hashing, multi-factor authentication, network segmentation, encryption, firewalls, DDoS protection, staff access limits, logging, monitoring, backups, data-centre controls, vendor review, and incident response procedures.

11.3 No online service can be guaranteed completely secure. You are responsible for keeping your account, email address, passwords, SFTP credentials, devices, software, and sub-user access secure.

11.4 You should contact us promptly at [email protected] if you believe your account, Service, or personal data has been accessed without permission.

12. Customer-Hosted Personal Data

12.1 You may upload, store, process, or transmit personal data belonging to your own players, users, staff, customers, community members, or other individuals when using our Services.

12.2 For that customer-hosted personal data, you are usually the controller and CloudExa-Hosting is usually your processor, unless we decide how and why that data is used for our own purposes.

12.3 You are responsible for:

• having a lawful basis for the personal data you upload or process;
• providing privacy information to your own users where required;
• obtaining consent where required;
• responding to data protection requests from your own users;
• ensuring your use of the Services complies with data protection law;
• keeping your own backups;
• securing your applications, passwords, plugins, mods, databases, and access controls.

12.4 We will process customer-hosted personal data only as needed to provide, maintain, secure, support, investigate, or comply with legal obligations relating to the Services, unless otherwise required by law.

12.5 We may access, restrict, delete, disclose, or preserve customer-hosted data where reasonably necessary for security, abuse prevention, support, legal compliance, provider requirements, copyright complaints, payment disputes, or enforcement of our Terms of Service.

12.6 If you require a separate data processing agreement, you should contact us before placing an order or before processing personal data that requires one.

13. Your Data Protection Rights

13.1 Depending on the circumstances and subject to legal exemptions, you may have the right to:

• access your personal data;
• request correction of inaccurate personal data;
• request deletion of personal data;
• request restriction of processing;
• object to processing based on legitimate interests or direct marketing;
• request data portability;
• withdraw consent where processing is based on consent;
• complain to the Information Commissioner's Office.

13.2 Some rights are not absolute. We may need to keep certain data for legal, accounting, tax, fraud prevention, security, dispute, or contractual reasons.

13.3 To exercise your rights, contact us through the official support system or email [email protected].

13.4 We may ask for information to verify your identity before responding to a request.

13.5 We aim to respond to valid data protection requests within one month unless the law allows more time because the request is complex or there are multiple requests.

14. Complaints

14.1 Please contact us first if you have a privacy concern so we can try to resolve it.

15. Automated Decision-Making and Profiling

15.1 We do not currently use solely automated decision-making that produces legal or similarly significant effects on customers.

15.2 We may use automated or semi-automated systems to help detect fraud, abuse, payment risk, security threats, spam, attacks, or suspicious activity. These systems may flag accounts, orders, payments, logins, or Services for manual review or protective action.

15.3 If we introduce solely automated decision-making with legal or similarly significant effects, we will update this Privacy Policy and provide information required by law.

16. Children's Privacy

16.1 Our Services are not directed at children.

16.2 You must not create an account or use paid Services unless you are old enough to enter into a legally binding contract or have appropriate permission from a parent or guardian.

16.3 If we learn that we have collected personal data from a child without appropriate authority, we may delete the data, restrict the account, or take other appropriate action.

17. Third-Party Services

17.1 The Services may connect to or rely on third-party services, including payment processors, Discord, game publishers, software vendors, plugin developers, modpack providers, data-centres, network providers, and DDoS protection providers.

17.2 Third-party services may process personal data under their own privacy policies. You should review those policies before using those services.

17.3 We are not responsible for third-party privacy practices except where they process personal data for us under our instructions.

18. Changes to This Privacy Policy

18.1 We may update this Privacy Policy from time to time.

18.2 If we make material changes, we will take reasonable steps to notify affected customers, such as by email, dashboard notice, website notice, or another appropriate method.

18.3 The latest version of this Privacy Policy will be available on our website.

18.4 If we plan to use personal data for a new purpose that is not compatible with the purpose for which it was collected, we will provide updated privacy information before starting that processing where required by law.

19. Contact

19.1 Questions about this Privacy Policy or our handling of personal data should be sent to:

CloudExa-Hosting Ltd

128 City Road

London

United Kingdom

EC1V 2NX

Email: [email protected]