Customer Privacy Policy

Last updated: January 7, 2025

This Privacy Policy outlines how we collect, use, store, and protect your personal information during use of The Headless Hostman in compliance with international data protection standards, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

We collect and process the following personal information from users who host WordPress websites with us:

  • Usernames: Collected to facilitate account management and website hosting services.
  • Names: Collected to identify users and associate accounts with individuals or organizations.
  • Email Addresses: Collected to enable communication, account recovery, and other WordPress profile functionalities.
  • Login Timestamps: We log the date, time, and IP address of user logins to monitor account activity, ensure security, and detect unauthorized access attempts.
  • WordPress Behavior: We record actions within WordPress related to modifying pages, posts, or settings to track changes, ensure accountability, and provide support.
  • Other WordPress Profile Information: Any additional information entered by users at their discretion, such as contact details or profile descriptions, is stored and used solely for site functionality.

We do not collect or process payment details, sensitive personal information, or any other data unless explicitly requested or voluntarily provided by you.

2. How We Use Your Information

We use the collected personal information for the following purposes:

  • To provide and manage hosting services for your WordPress websites.
  • To verify and authenticate user accounts.
  • To monitor account activity and ensure security.
  • To maintain audit logs of actions, such as page modifications, for troubleshooting and accountability.
  • To facilitate communication, account recovery, and customer support.
  • To comply with legal and regulatory requirements.
  • We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Retention

We retain your personal information for as long as it is necessary to provide our services or comply with legal obligations. This includes:

  • Login timestamps: Retained for 12 months for security and compliance purposes.
  • WordPress behavior logs: Retained for 12 months for auditing and troubleshooting.
  • Email addresses and profile information: Retained for the duration of your hosting agreement and deleted upon account termination or at your request.

If you request deletion of your personal data, we will securely delete all associated data in accordance with the process outlined in Section 4.

4. Your Rights

We respect your rights under applicable privacy laws, including the GDPR and CCPA. You have the following rights:

  1. Access and Correction: You can request access to or correction of your personal information at any time.
    Deletion: You may request the deletion of your personal data by contacting us at [email protected].
  2. Upon verification of your identity, we will delete your data within 30 days unless we are legally required to retain it.
  3. Data Portability: You can request a copy of your personal information in a machine-readable format.
  4. Opt-Out: Users in California have the right to opt out of the sale of their personal information. However, as we do not sell your personal information, this provision does not apply.

To exercise any of these rights, please contact us at [email protected]

5. Cookies and Tracking Technologies

We use cookies solely to enhance the functionality and performance of our website. These cookies are not used to track or store personal information for marketing purposes.

6. Security Measures

We implement industry-standard security measures to protect your personal information, including:

  • Data encryption during transmission and storage.
  • Access controls to restrict unauthorized access.
  • Regular security audits and vulnerability assessments.
  • While we take every precaution, no method of data transmission or storage is completely secure. Therefore, we cannot guarantee absolute security.

7. International Compliance

We comply with international data protection standards, including:

  1. GDPR: For users in the European Economic Area (EEA), we process your data in accordance with Articles 6(1)(b) (performance of a contract) and 6(1)(f) (legitimate interests) of the GDPR.
  2. CCPA: For users in California, we provide the rights and protections outlined in the CCPA, including access, deletion, and opt-out rights.

8. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in legal requirements or our data processing practices. Any updates will be posted on this page, and we will notify users of significant changes.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: [email protected]