intro
234Webhost ("we", "us", "our") operates localhost and provides cloud infrastructure services. This policy describes how we collect, process, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).
This policy applies to account holders, authorized users, website visitors, and anyone who communicates with us. We act as data controller for data collected directly from you and as data processor for data stored within your hosted services.
Where we act as data processor, our Data Processing Agreement governs how we handle that data on your behalf.
data.collected
account: name, email address, billing address, company name, phone number, payment details required for service delivery and invoicing. collected directly from you during registration and account management.
technical: IP addresses, browser type and version, operating system, device identifiers, referring URLs, connection metadata, API request logs. collected automatically when you access our platform for diagnostics and security monitoring.
usage: resource consumption (CPU, memory, bandwidth, storage), login timestamps, session durations, feature utilization. used for platform maintenance, capacity planning, and performance optimization.
communications: support tickets, emails, feedback, and any other messages exchanged with our team. used for issue tracking, quality assurance, and service improvement.
data.purpose
- → delivering and maintaining cloud infrastructure services
- → processing billing, payments, and generating invoices
- → providing technical support and resolving issues
- → monitoring infrastructure security and detecting threats
- → DDoS mitigation and abuse prevention
- → enforcing terms of service and acceptable use policies
- → communicating service updates and maintenance windows
- → capacity planning and performance optimization
- → preventing fraud and unauthorized access
- → meeting legal and regulatory obligations
no automated decision-making. no profiling. no data used for advertising or sold to marketers.
data.legal_basis
contract (Art. 6(1)(b)): processing required to deliver the services you purchased — account provisioning, server deployment, billing, and support.
legitimate_interest (Art. 6(1)(f)): security monitoring, fraud prevention, service improvement, capacity planning.
legal_obligation (Art. 6(1)(c)): tax record-keeping, financial reporting, responding to lawful requests.
consent (Art. 6(1)(a)): where applicable, withdrawable at any time without affecting prior processing.
data.storage
location: European Union data centers exclusively. AES-256 encryption at rest. TLS 1.3 in transit. tenant isolation enforced at network and storage layers.
security stack: role-based access controls, mandatory MFA for administrative access, network segmentation, multi-layer firewall protection, automated vulnerability scanning, patch management, DDoS mitigation.
monitoring: 24/7 intrusion detection, continuous threat response, full audit logging on all administrative access.
breach protocol: notification to affected users and supervisory authority within 72 hours per GDPR Article 33.
data.retention
account_data: active account + 30 days post-closure.
billing_records: 7 years (tax/financial regulation compliance).
server_logs: 14 days for security monitoring.
access_logs: 90 days for security and abuse prevention.
support_tickets: duration of active account + 30 days.
post-retention: cryptographic erasure for encrypted data, multi-pass overwrite for unencrypted data.
data.rights
- → access — obtain a copy of your data (Art. 15)
- → rectification — correct inaccurate data (Art. 16)
- → erasure — request deletion (Art. 17)
- → portability — receive data in machine-readable format (Art. 20)
- → restriction — limit processing (Art. 18)
- → objection — object to processing (Art. 21)
- → withdraw_consent — revoke consent at any time (Art. 7)
- → complaint — lodge a complaint with your supervisory authority
all requests acknowledged within 5 business days, processed within 30 days. contact: legal@localhost.
data.cookies
essential only. no tracking. no analytics. no advertising.
session: maintains login state. csrf: prevents cross-site request forgery.
load_balancer: distributes requests for optimal performance. preferences: stores language and timezone settings.
no pixel trackers, web beacons, or fingerprinting technologies are used.
data.third_parties
payment_processor: PCI DSS-compliant. card data never stored on our servers.
email_provider: transactional emails only — invoices, notifications, password resets.
all providers bound by GDPR-compliant DPAs. we never sell, rent, or trade personal data.
data.transfers
primary processing: EEA only. no routine transfers outside EEA.
where a third-party provider operates outside the EEA, safeguards are enforced: EU adequacy decisions, Standard Contractual Clauses (SCCs), or supplementary technical measures.
data.children
services not directed at individuals under 16. no data knowingly collected from minors.
if you believe a child has provided us with personal data, contact legal@localhost for prompt deletion.
data.updates
posted here with revised date. material changes notified via email at least 14 days before taking effect.
continued use after changes constitutes acknowledgment.
data.contact
we aim to resolve all privacy inquiries promptly. if unsatisfied, you may lodge a complaint with your local data protection supervisory authority.