Privacy Policy
This Privacy Policy explains what personal data WindowsVPS ("we," "us") collects, how we use it, who we share it with, and the rights available to you. It applies to your use of the WindowsVPS website and client panel at windowsvps.dev.
1. Data We Collect
| Category | Examples | Collected When |
|---|---|---|
| Account data | Full name, email address, phone number, country | Registration |
| Authentication data | Password (stored as a salted hash, never in plain text) | Registration |
| Billing data | Subscription/order history, invoice records | Order & billing |
| Payment data | Handled directly by our payment processors (Stripe, PayPal, Cryptomus) — we do not store full card numbers on our servers | Checkout |
| Service data | Server hostnames, IP addresses assigned to your server, OS image selected, region | Provisioning |
| Support data | Support ticket contents, messages | When you contact support |
| Technical data | IP address, browser/device information, access logs | Automatically, while using the Service |
| Audit data | Records of account and administrative actions (e.g. login, plan changes) for security and fraud-prevention purposes | Automatically |
2. Legal Basis & Purpose of Processing
We process personal data on the following legal bases (consistent with the EU General Data Protection Regulation, where applicable):
- Performance of a contract — to create your account, provision servers, and provide the Service you've subscribed to.
- Legal obligation — to retain billing/invoice records for the periods required by applicable tax and accounting law.
- Legitimate interest — to secure our systems, prevent fraud and abuse, and maintain audit logs of administrative actions.
- Consent — where you opt in to optional communications (e.g. Telegram notifications), which you may withdraw at any time.
3. Who We Share Data With
We share data with the following categories of subprocessors, strictly to the extent necessary to provide the Service:
| Purpose | Provider | Notes |
|---|---|---|
| Cloud server infrastructure | Hetzner Online GmbH (Germany) | Hosts your virtual server; sees your server's technical configuration |
| Dedicated server infrastructure | OVHcloud / Kimsufi | Hosts your dedicated server, where applicable |
| Payment processing | Stripe, PayPal, Cryptomus | Handles payment card / wallet data directly; we receive only transaction status and identifiers |
| Transactional email | Brevo (SMTP relay) | Delivers account, billing, and notification emails |
| Optional notifications | Telegram | Only if you opt in to Telegram notifications |
| Network security / DDoS protection | Cloudflare | Proxies traffic to our website for performance and security |
We do not sell your personal data. We disclose data to law enforcement or regulators only where legally required to do so.
4. International Data Transfers
Our infrastructure providers operate data centers primarily within the European Union. Some subprocessors (e.g. payment processors, Cloudflare) may process data outside the EU/EEA. Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses, as required by applicable data protection law.
5. Data Retention
- Account and billing data is retained for as long as your account is active, and for a limited period afterward as required for tax, accounting, and dispute-resolution purposes.
- Audit logs and records of Terms of Service / policy acceptance are retained indefinitely as evidence of contractual agreement.
- Support ticket data is retained for a reasonable period to allow follow-up, then deleted or anonymized.
- When your server is deleted (on cancellation or for cause), the server's data is deleted from the underlying infrastructure and is not recoverable by us.
6. Your Rights
Subject to applicable law (including GDPR, where it applies to you), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data ("right to be forgotten"), subject to our legal obligation to retain certain billing records.
- Restrict or object to certain processing.
- Receive a copy of your data in a portable format.
- Withdraw consent at any time for processing based on consent (e.g. optional notifications).
- Lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, contact us at [email protected].
7. Cookies
We use strictly necessary cookies (e.g. session and CSRF protection cookies) required for the Service to function, and cookies set by Cloudflare for security and performance. We do not currently run third-party analytics or advertising trackers on the Service.
8. Security Measures
We apply industry-standard safeguards, including:
- TLS encryption for all traffic between your browser and our servers.
- Encryption at rest for sensitive account fields.
- One-time-reveal handling of server root/administrator passwords — shown once at provisioning and not retrievable afterward through the panel.
- Access controls and audit logging on administrative actions.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. Children's Privacy
The Service is not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through your account or by email before they take effect.
11. Contact
Privacy-related questions or requests can be sent to [email protected].