Privacy Policy

1. Information We Collect

We collect information you provide directly when creating an account, including your full name, email address, billing address, phone number, and payment details (credit card numbers, UPI IDs, or bank account information). We also collect business information such as company name, tax identification numbers, and authorized contact details when applicable.

We automatically collect technical information when you use our services, including IP addresses, browser type and version, operating system, device identifiers, referring URLs, pages visited, timestamps, server access logs, and usage patterns. Our servers record metadata related to support tickets, live chat interactions, and email communications with our team.

We may also collect information from third-party sources, including identity verification services, fraud prevention databases, credit reporting agencies (for enterprise accounts), and public business registries. This data is used to verify your identity and assess risk in accordance with our compliance obligations.

2. How We Use Your Information

We use your personal information to provide, maintain, and improve our hosting services, including account provisioning, technical support, billing and payment processing, service notifications, and infrastructure management. Your contact information enables us to communicate about service updates, outages, security alerts, and account-related matters.

With your consent, we may use your email address to send marketing communications about new products, promotions, and industry news. You may opt out of marketing emails at any time by clicking the unsubscribe link in any email or by updating your communication preferences in the client area. Opting out of marketing does not affect transactional or service-related communications.

We use aggregated and anonymized data for analytics, service improvement, capacity planning, and security monitoring. We may use your information to detect and prevent fraud, abuse, security incidents, and violations of our Terms of Service. We also process data as necessary to comply with legal obligations, respond to lawful requests, and protect our legal rights.

3. Data Storage & Security

Your data may be stored on infrastructure and service platforms used to operate Hostao services. The exact storage environment, provider controls, and physical-security measures can vary by service, location, and vendor arrangement.

We may use administrative, technical, and organizational safeguards such as access controls, logging, network protections, encryption in transit where supported, and provider-managed security features. Specific controls can vary by product, workflow, and third-party processor.

No method of transmission or storage is completely secure, and we cannot promise absolute security. If a notifiable incident affecting personal data occurs, we may provide notice according to applicable legal requirements and the active service relationship.

4. Cookies & Tracking Technologies

We use essential cookies that are strictly necessary for website functionality, including session management, authentication, and security features. These cookies cannot be disabled without impairing core site functionality. Essential cookies do not require consent under most privacy regulations.

We use analytics cookies (Google Analytics) to understand how visitors interact with our website, including page views, session duration, bounce rates, and traffic sources. Analytics data is aggregated and does not directly identify individuals. We have configured Google Analytics to anonymize IP addresses and have signed a Data Processing Agreement with Google.

Preference cookies remember your settings, language preferences, and display options. You can manage cookie preferences through our cookie consent banner or your browser settings. Disabling non-essential cookies will not affect your ability to use our hosting services. For more details, please see our Cookie Policy page.

5. Third-Party Services

We share personal data with third-party service providers who assist us in operating our business. Payment processing may be handled through providers such as Razorpay and Stripe under their own privacy and compliance terms, and email delivery may use third-party platforms that process email addresses and related message data on our behalf.

We use Google Analytics for website analytics, Cloudflare for content delivery and security, and various data center operators for physical infrastructure. Each third-party provider is contractually obligated to protect your data and to process it only according to our instructions and for the specific purposes outlined in our agreements.

We do not sell your personal information to third parties. We may disclose personal data to law enforcement or regulatory authorities when required by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Retention

We retain your account data for the duration of your active account relationship plus 90 days following account closure to facilitate account recovery and address any post-closure inquiries. After this retention period, personal data is securely deleted or anonymized, except where longer retention is required by law.

Financial and transaction records are retained for a minimum of 7 years as required by tax and financial regulations. Server access logs and security-related data are retained for 12 months for security monitoring and incident investigation purposes. Support ticket records are retained for 3 years to maintain service history and quality assurance.

You may request early deletion of your personal data at any time, subject to our legal obligations and legitimate business interests. We will respond to deletion requests within 30 days and inform you of any data that must be retained and the legal basis for such retention.

7. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data: the right to access and receive a copy of your data; the right to rectify inaccurate or incomplete data; the right to erasure (the "right to be forgotten"); the right to restrict processing; the right to data portability; and the right to object to processing based on legitimate interests.

You may exercise these rights by contacting us at privacy@hostao.com or through the data management section in your client area. We will verify your identity before processing any request and respond within 30 days (or the time frame required by applicable law). We will not charge a fee for reasonable requests, but reserve the right to charge a reasonable fee or refuse manifestly unfounded or excessive requests.

You have the right to opt out of marketing communications at any time. You also have the right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing performed prior to withdrawal. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

8. GDPR Compliance

For customers in the European Union (EU) and European Economic Area (EEA), we process personal data in compliance with the General Data Protection Regulation (GDPR). Our legal bases for processing include: performance of a contract (providing hosting services you have purchased); legitimate interests (security monitoring, fraud prevention, service improvement); consent (marketing communications); and compliance with legal obligations (tax records, law enforcement requests).

As a data controller for applicable services, Hostao LLC determines the purposes and means of processing the personal data it collects. Where we engage sub-processors, we may use contractual or vendor-governed data-processing terms appropriate to the service relationship. Information about key processing vendors may be requested through our privacy contact path.

EU/EEA residents may have rights to request access, correction, deletion, restriction, portability, objection, or complaint handling under applicable law, subject to valid verification and any legal retention requirements. Privacy-related requests can be sent to privacy@hostao.com.

9. CCPA Compliance

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include: the right to know what personal information we collect, use, disclose, and sell; the right to delete your personal information; the right to opt out of the sale or sharing of your personal information; and the right to non-discrimination for exercising your privacy rights.

Hostao does not sell personal information as defined under the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide our services. In the preceding 12 months, we have collected the following categories of personal information: identifiers, commercial information, internet activity, geolocation data, and professional information.

To exercise your CCPA rights, submit a verifiable consumer request by emailing privacy@hostao.com or by calling our support line. We will verify your identity using at least two pieces of identifying information. You may also designate an authorized agent to submit requests on your behalf with proper written authorization. We will respond to verified requests within 45 days.

10. International Data Transfers

Hostao LLC is based in the United States. If you access our services from outside the United States, your personal data may be transferred to, stored, and processed in the United States or other countries where our servers and service providers are located. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the EU/EEA to countries not recognized as providing an adequate level of data protection, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission and supplementary technical and organizational measures to ensure your data remains protected.

By using our services and providing your personal data, you acknowledge and consent to the transfer of your data to the United States and other jurisdictions as described in this policy. We take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed or stored.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Hostao will notify affected individuals without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Notification will be provided via email to your registered email address and, where appropriate, through prominent notices on our website.

Where breach notice is required, it may include the nature of the incident, the categories of affected data, likely consequences as then understood, mitigation steps already taken or planned, and a contact path for follow-up questions.

We maintain an incident response plan that is tested and updated regularly. Where required by applicable law (including GDPR Article 33 and various US state breach notification laws), we will also notify the relevant supervisory authorities within the required time frames. We encourage customers to enable two-factor authentication and monitor their accounts for unauthorized activity.

12. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. At this time, there is no universally accepted standard for how companies should respond to DNT signals. Hostao currently does not alter its data collection and use practices in response to DNT signals from browsers.

Regardless of DNT settings, you can manage your privacy preferences through our cookie consent mechanism, opt out of analytics tracking through your browser settings or browser extensions (such as the Google Analytics Opt-out Browser Add-on), and control marketing communications through your account preferences. We will update this policy if a uniform DNT standard is adopted in the future.

13. Children's Privacy

Our services are designed for use by individuals who are at least 18 years of age, or the age of majority in their jurisdiction. We do not knowingly collect, use, or disclose personal information from children under the age of 13 (or 16 in the EU/EEA). If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us at privacy@hostao.com. We will verify the claim and delete the child's personal information from our systems within a reasonable time frame.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When material changes are made, we may update the website notice, the policy date, or customer communications as appropriate to the situation and applicable law.

The "Last updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically. Your continued use of our services after changes become effective constitutes your acceptance of the revised policy. Previous versions of this policy are available upon request.

15. Contact

For privacy-related questions, data access requests, or concerns about our data practices, please contact our privacy team:

Hostao LLC
Email: privacy@hostao.com
Support Portal: https://my.hostao.com/submitticket.php

We review privacy inquiries through our support and legal workflow. Where response deadlines are required by applicable privacy law, we will use the timing and verification standards that apply to that request.