all systems operational
Get started
§01 · Privacy

Privacy Policy

How Onehostplanet s.r.o. ("hostfory", "we") collects, uses and protects information you share with us when you use our infrastructure services.

Effective: January 1, 2026Last updated: April 12, 2026Version: 3.2
01Privacy Policy02Terms of Service03Acceptable Use Policy

01Overview

This Privacy Policy describes how Onehostplanet s.r.o. (operating the brand "hostfory", referred to as "we", "us" or "the Company") processes personal data in connection with our infrastructure services — dedicated servers, VPS, GPU compute, storage and network products — as well as our website at hostfory.com.

We are committed to processing personal data lawfully, fairly and transparently in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable Czech law.

02Data controller

The data controller responsible for your personal data is:

Legal name
Onehostplanet s.r.o.
Registered office
Prague, Czech Republic
Company ID (IČO)
17284091
Privacy contact
privacy@hostfory.com

03Information we collect

We collect only the data necessary to provide and operate our services, comply with legal obligations, and protect our infrastructure.

3.1 Account information

  • Full name (or company name and contact person)
  • Billing address and country
  • Email address and phone number
  • Tax identification number, where applicable
  • Password hash (we never store passwords in plain text)

3.2 Payment information

Payments are processed by third-party providers (Stripe, PayPal, cryptocurrency processors). We do not store full card numbers on our systems — only the last four digits, card brand and expiry date for invoicing.

3.3 Service operational data

  • Server hostnames, IP allocations, ASN announcements
  • Authentication logs (login IPs, timestamps, user-agent)
  • Network flow records (NetFlow / sFlow) used for capacity planning, abuse detection and DDoS mitigation
  • Support ticket history and correspondence

3.4 Website data

When you visit hostfory.com, our servers automatically log your IP address, browser type, referring page and pages visited. This data is used solely for security and aggregate analytics.

Important

We do not inspect, access or analyze the content of your servers, virtual machines, GPU workloads, or storage volumes. Your data on our infrastructure remains your data.

04How we use your data

We process personal data for the following purposes:

  • Service delivery: provisioning, configuring, supporting and billing your services.
  • Security & abuse prevention: detecting fraud, mitigating attacks, protecting the integrity of the network.
  • Legal compliance: meeting tax, accounting, anti-money-laundering and law-enforcement obligations.
  • Customer communications: service notices, maintenance alerts, security advisories, billing reminders.
  • Improvement of services: analyzing aggregate, non-identifying usage patterns to improve performance and reliability.

Under Article 6 of the GDPR, we rely on the following lawful bases for processing:

  • Performance of a contract (Art. 6(1)(b)) — to deliver the services you have purchased.
  • Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting and law-enforcement requirements.
  • Legitimate interests (Art. 6(1)(f)) — to secure our network, prevent abuse, and operate our business.
  • Consent (Art. 6(1)(a)) — for optional communications such as product newsletters, where requested.

06Sharing with third parties

We do not sell, rent, or trade personal data. We share data only with carefully selected processors or partners, and only to the extent necessary:

  • Payment processors (Stripe, PayPal) — to process invoices.
  • Data-center operators (Equinix and similar facilities) — for physical access logs where applicable.
  • Upstream carriers and IXPs — for technical operation of BGP peering and routing (no personal customer data is shared).
  • Email delivery providers — for transactional notifications.
  • Legal and tax advisors — under professional duty of confidentiality.
  • Public authorities — only when required by a valid legal order or to comply with mandatory obligations.

07Data retention

Account data
Retained for the duration of the contract plus 4 years (Czech accounting law).
Invoices
Retained for 10 years (Czech VAT Act).
Authentication logs
Up to 12 months from the date of the event.
NetFlow / sFlow
Aggregated within 30 days; raw flows retained no longer than 90 days.
Support tickets
3 years after closure.
Website logs
90 days, then deleted.

08Security measures

We maintain organizational and technical safeguards aligned with ISO/IEC 27001:

  • Encrypted transit (TLS 1.3) for all customer-facing services.
  • Encryption at rest for billing and authentication databases.
  • Hardware-token MFA for all staff with access to production systems.
  • Role-based access control with documented audit trails.
  • Quarterly internal security reviews and annual third-party penetration testing.
  • Tier-III+ data-center facilities with biometric access, CCTV, and 24/7 on-site security.

09Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — obtain confirmation and a copy of your data (Art. 15).
  • Right to rectification — correct inaccurate or incomplete data (Art. 16).
  • Right to erasure — request deletion where legally permitted (Art. 17).
  • Right to restriction — limit processing in specific circumstances (Art. 18).
  • Right to data portability — receive your data in a structured, machine-readable format (Art. 20).
  • Right to object — object to processing based on legitimate interests (Art. 21).
  • Right to withdraw consent at any time, where consent is the basis (Art. 7(3)).
  • Right to lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ).

To exercise any of these rights, contact privacy@hostfory.com. We respond to verified requests within 30 days.

10Cookies & tracking

Our website uses a minimal set of cookies:

  • Strictly necessary cookies — session management, CSRF protection, language preference. These cannot be disabled.
  • Analytics cookies — aggregated, IP-anonymized statistics. Set only with your consent.

We do not use advertising cookies, third-party trackers, or social-media pixels.

11International transfers

Our infrastructure operates from data centers in the European Union (Amsterdam, Warsaw) and partner facilities in Ukraine and the United States (Miami).

Where personal data is transferred outside the EEA, we rely on European Commission Standard Contractual Clauses (SCCs) and conduct transfer-impact assessments to ensure equivalent protection.

12Changes to this policy

We may update this Privacy Policy to reflect operational, legal or regulatory changes. The "Last updated" date at the top of this document indicates when the most recent revision was published. Material changes are announced by email at least 30 days before they take effect.

13Contact

For privacy questions or to exercise your rights, write to privacy@hostfory.com. For abuse reports, write to abuse@hostfory.com. For all other inquiries, see our contact page.

Operator

Onehostplanet s.r.o.

Registered in the Czech Republic

IČO 17284091

Prague, Czech Republic

Contact

General: hostfory.com/contact

legal@hostfory.com

privacy@hostfory.com

abuse@hostfory.com

Chat with us@hostfory