Privacy Policy

1. Introduction

This Privacy Policy explains how Hostwares LLC (“Hostwares,” “we,” “us,” or “our”), a limited liability company organized in the State of Wyoming, USA, collects, uses, shares, and protects your personal information when you use our platform at hostwares.com.

By using our Service, you consent to the data practices described in this policy.

2. Data Controller Information

The data controller responsible for your personal data is:

• Entity: Hostwares LLC
• Jurisdiction: State of Wyoming, USA
• Contact: [email protected]

3. Data We Collect

Account Data: Email address, full name, and password (stored as a bcrypt hash — we never store plain-text passwords).

Payment Data: Payment transactions are processed by PayPal and Stripe. We do not store credit card numbers, CVVs, or full bank account details. We retain transaction IDs, amounts, and payment status for invoicing purposes.

Usage Data: Pages visited, features used, deployment metadata (site names, domains, resource usage, status), and interaction timestamps.

AI Conversation Data: Messages exchanged with our AI assistant are stored for 30 days to maintain conversation context and improve service delivery.

Server Logs: IP addresses, browser user agent, request URLs, and timestamps. Retained for 7 days.

Cookies: We use essential session cookies only. No third-party advertising or tracking cookies are used.

4. Legal Basis for Processing

We process your data under the following legal bases (per GDPR Article 6):

• Contract Performance: Processing necessary to provide the Service you signed up for (account management, hosting, billing)
• Legitimate Interest: Security monitoring, fraud prevention, service improvement, and analytics
• Consent: Marketing communications, AI assistant usage, and optional data sharing
• Legal Obligation: Tax records, fraud prevention, and compliance with law enforcement requests

5. How We Use Data

• Provide, operate, and maintain the Service
• Process payments and manage billing
• Improve the platform and develop new features
• Ensure security and prevent abuse
• Provide customer support
• Send transactional notifications (invoices, security alerts, service updates)
• Comply with legal obligations

6. Data Sharing

We share data only with the following categories of service providers, solely as needed to operate the Service:

• Payment Processors (PayPal, Stripe): Email, name, and transaction data for payment processing
• Infrastructure Provider (Hetzner): Server hosting in EU/Germany — deployment data for provisioning
• AI Provider (Anthropic): Conversation messages for AI assistant functionality — no personally identifiable information (PII) is sent; conversations are anonymized
• Domain Registrar (Namecheap): Contact information required for domain registration per ICANN rules

We do NOT sell, rent, or trade your personal data to third parties for marketing or any other purpose.

7. Data Security

• All data in transit is encrypted via TLS 1.2+
• Data at rest is encrypted on our servers
• User credentials (database passwords, API keys) are encrypted with AES-256
• User-deployed application data is isolated per account
• Access to production systems is restricted and audited
• Regular security assessments and vulnerability monitoring

8. Data Retention

• Account data: Retained while account is active + 30 days after deletion
• AI chat history: 30 days
• Server logs: 7 days
• Invoices and billing records: 7 years (required by tax law)
• Support tickets: Duration of account + 30 days

After the retention period, data is permanently deleted or anonymized.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Opt-Out: Opt out of marketing communications at any time
• Withdraw Consent: Withdraw consent for processing based on consent
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interest

To exercise these rights, contact [email protected]. We will respond within 30 days.

10. International Transfers

Our primary servers are located in the European Union (Germany) via Hetzner. Some services (payment processing, AI features) may involve data transfer to the United States.

For EU/EEA residents: transfers to the US are conducted under Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure adequate data protection.

11. Children's Privacy

Hostwares is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we discover that a minor has created an account, we will promptly delete it and all associated data.

12. Cookie Policy

We use only essential cookies required for the Service to function:

• Session cookie: Maintains your authenticated session (expires on logout or after inactivity)
• CSRF token: Prevents cross-site request forgery attacks

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. No consent banner is required as we only use strictly necessary cookies.

13. CCPA Disclosure (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request what personal information we collect, use, disclose, and sell
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You have the right to opt out of the sale of personal information — however, we do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of personal information collected: Identifiers (name, email), commercial information (transaction history), internet activity (usage data), and inferences drawn from the above.

To submit a CCPA request, email [email protected] with the subject line “CCPA Request.”

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email at least 14 days before the changes take effect. Non-material clarifications may be made without notice.

The “Last updated” date at the top reflects the most recent revision.

15. Contact

For privacy-related questions or to exercise your data rights:

• Email: [email protected]
• General support: [email protected]

Hostwares LLC · State of Wyoming, USA