Privacy Policy

We collect information you provide directly:

• Account data — name, email, profile picture (via Google Sign-In).
• KYC data — first/last name, government ID number, phone, country (basic verification); biometric and document scans (full verification, processed by Stripe Identity).
• Billing data — top-up amounts and timestamps. Card details are processed by Polar and never stored on our servers.
• Content — the files, sites, and domains you create or register through the platform.

We also collect information automatically:

• Technical logs — IP address, browser/user-agent, timestamps, requested URLs.
• Cookies — a session cookie (session) for authentication and a PHP session cookie (PHPSESSID) for flash messages and CSRF protection. We do not use third-party advertising cookies.

We use your information to:

• Provide, maintain, and improve the Service.
• Verify your identity (KYC) and prevent fraud, abuse, or money-laundering.
• Process payments and manage your account balance.
• Send transactional emails — login notifications, invoice confirmations, security alerts, and service updates. You can disable login notifications from your account settings.
• Comply with legal obligations and enforce our Terms.

We share limited data with the following service providers, each bound by their own privacy commitments:

• Google — OAuth sign-in.
• Cloudflare — DNS, CDN, WAF, and domain registration.
• Hetzner Cloud — server infrastructure (data centre in Germany / Finland).
• Stripe Identity — full KYC verification.
• Polar — payment processing and merchant of record.
• Anthropic — AI assistant ("Hostie") completions; chat content is sent to Anthropic's API for response generation. Anthropic does not retain your prompts for training.

For users in the European Economic Area, we process your personal data under one or more of the following legal bases: (a) contract — to deliver the services you have signed up for; (b) legitimate interests — security, fraud prevention, and product improvement; (c) legal obligation — KYC, tax, and accounting; (d) consent — for optional emails or features that explicitly request your consent.

We retain account and billing records for as long as your account is active and for up to seven (7) years after closure, as required by US tax and accounting law. Server logs are retained for 30 days. KYC records (including identity documents) are retained for the duration required by anti-money-laundering regulations (typically 5 years after account closure).

Content you upload to your sites is retained as long as your account is active and is deleted within 30 days of account termination unless a legal hold applies.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion (subject to retention obligations).
• Export your data in a portable format.
• Object to or restrict processing.
• Withdraw consent at any time (where processing is based on consent).

To exercise these rights, email us at [email protected]. We will respond within 30 days.

We are a US company; our servers are operated by Hetzner in the European Union. Personal data may be transferred to the US (Anthropic, Stripe, Cloudflare, Polar) or other jurisdictions where our service providers operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

We use HTTPS/TLS for all connections, encrypted database backups, restricted server access, and automated patching. No system is perfectly secure: if we become aware of a personal-data breach affecting you, we will notify you and the relevant authorities as required by law.

Webhostric is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We use a strict-necessary set of cookies needed for authentication, sessions, and CSRF protection. We do not run third-party analytics, advertising, or tracking cookies. The "Hostie" assistant stores conversation history in your browser's localStorage only — never on our servers.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or through the panel. The "Last updated" date at the top of this page reflects the most recent revision.