shield Version 1.0 Effective July 6, 2026

Privacy Policy

Privacy Policy

This Privacy Policy explains what personal data WindowsVPS ("we," "us") collects, how we use it, who we share it with, and the rights available to you. It applies to your use of the WindowsVPS website and client panel at windowsvps.dev.

1. Data We Collect

Category Examples Collected When
Account data Full name, email address, phone number, country Registration
Authentication data Password (stored as a salted hash, never in plain text) Registration
Billing data Subscription/order history, invoice records Order & billing
Payment data Handled directly by our payment processors (Stripe, PayPal, Cryptomus) — we do not store full card numbers on our servers Checkout
Service data Server hostnames, IP addresses assigned to your server, OS image selected, region Provisioning
Support data Support ticket contents, messages When you contact support
Technical data IP address, browser/device information, access logs Automatically, while using the Service
Audit data Records of account and administrative actions (e.g. login, plan changes) for security and fraud-prevention purposes Automatically

We process personal data on the following legal bases (consistent with the EU General Data Protection Regulation, where applicable):

  • Performance of a contract — to create your account, provision servers, and provide the Service you've subscribed to.
  • Legal obligation — to retain billing/invoice records for the periods required by applicable tax and accounting law.
  • Legitimate interest — to secure our systems, prevent fraud and abuse, and maintain audit logs of administrative actions.
  • Consent — where you opt in to optional communications (e.g. Telegram notifications), which you may withdraw at any time.

3. Who We Share Data With

We share data with the following categories of subprocessors, strictly to the extent necessary to provide the Service:

Purpose Provider Notes
Cloud server infrastructure Hetzner Online GmbH (Germany) Hosts your virtual server; sees your server's technical configuration
Dedicated server infrastructure OVHcloud / Kimsufi Hosts your dedicated server, where applicable
Payment processing Stripe, PayPal, Cryptomus Handles payment card / wallet data directly; we receive only transaction status and identifiers
Transactional email Brevo (SMTP relay) Delivers account, billing, and notification emails
Optional notifications Telegram Only if you opt in to Telegram notifications
Network security / DDoS protection Cloudflare Proxies traffic to our website for performance and security

We do not sell your personal data. We disclose data to law enforcement or regulators only where legally required to do so.

4. International Data Transfers

Our infrastructure providers operate data centers primarily within the European Union. Some subprocessors (e.g. payment processors, Cloudflare) may process data outside the EU/EEA. Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses, as required by applicable data protection law.

5. Data Retention

  • Account and billing data is retained for as long as your account is active, and for a limited period afterward as required for tax, accounting, and dispute-resolution purposes.
  • Audit logs and records of Terms of Service / policy acceptance are retained indefinitely as evidence of contractual agreement.
  • Support ticket data is retained for a reasonable period to allow follow-up, then deleted or anonymized.
  • When your server is deleted (on cancellation or for cause), the server's data is deleted from the underlying infrastructure and is not recoverable by us.

6. Your Rights

Subject to applicable law (including GDPR, where it applies to you), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data ("right to be forgotten"), subject to our legal obligation to retain certain billing records.
  • Restrict or object to certain processing.
  • Receive a copy of your data in a portable format.
  • Withdraw consent at any time for processing based on consent (e.g. optional notifications).
  • Lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at [email protected].

7. Cookies

We use strictly necessary cookies (e.g. session and CSRF protection cookies) required for the Service to function, and cookies set by Cloudflare for security and performance. We do not currently run third-party analytics or advertising trackers on the Service.

8. Security Measures

We apply industry-standard safeguards, including:

  • TLS encryption for all traffic between your browser and our servers.
  • Encryption at rest for sensitive account fields.
  • One-time-reveal handling of server root/administrator passwords — shown once at provisioning and not retrievable afterward through the panel.
  • Access controls and audit logging on administrative actions.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through your account or by email before they take effect.

11. Contact

Privacy-related questions or requests can be sent to [email protected].