CloudRentVPS
LOGINCREATE ACCOUNT
// LEGAL

Privacy Policy

LAST UPDATED · 2026-05-17

This Privacy Policy explains how CloudRent Hosting Ltd. ("we", "us", "our") collects, uses, and shares personal data when you use the CloudRent cloud hosting platform (the "Service"). We comply with the EU GDPR, the UK GDPR, and the California Consumer Privacy Act (CCPA).

01.

Information We Collect

We collect the following categories of personal data:

  • Account data: name, email, hashed password, role.
  • Billing data: billing country, VAT ID (if provided). Card numbers are entered on Stripe-hosted Checkout; only a Stripe customer token and the card's last 4 digits reach our servers.
  • Order data: server plans purchased, amount, status, server credentials issued.
  • Usage data: IP address (for security), browser user-agent, log timestamps.
  • Communications: any messages you send to support.

We never receive or store your raw card number, CVC, or expiry date. These are entered on Stripe-hosted Checkout (PCI-DSS Level 1 certified). Only an opaque Stripe customer token and the card's last four digits are stored on our servers for receipt-display purposes.

02.

Why We Process Your Data

  • To create and operate your account (contract).
  • To deliver paid servers and credentials (contract).
  • To process payments and prevent fraud (legitimate interest & legal obligation).
  • To provide customer support (contract).
  • To comply with tax and accounting obligations (legal obligation).
  • To send transactional emails about your orders (contract).
03.

Who We Share Data With

We share data only with vetted sub-processors strictly necessary to run the Service:

  • Stripe Payments Europe, Ltd. / Stripe, Inc. — checkout, payment processing, fraud screening (EU / US).
  • MongoDB Atlas — primary database hosting (EU region).
  • Cloud infrastructure provider — compute & networking (EU/US regions).
  • Email delivery provider — transactional email only.

We do not sell or rent your personal data. We do not share it for cross-context behavioural advertising.

04.

International Transfers

Where data is transferred outside the EEA / UK, we rely on the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision.

05.

Retention

We keep account data while your account is active and up to 7 years after closure for tax/audit reasons. Payment logs are kept for 7 years to satisfy financial-record obligations. You can request earlier deletion of non-mandatory data at any time.

06.

Your Rights

You have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Erase your data (subject to legal-retention obligations).
  • Restrict or object to certain processing.
  • Port your data to another provider (machine-readable format).
  • Lodge a complaint with your local data-protection authority.

Submit any request to privacy@cloudrentvps.com. We respond within 30 days.

07.

Cookies

We use only first-party, strictly-necessary cookies: a session cookie for authentication (httpOnly, SameSite=Lax) and a CSRF token. We do not use third-party advertising cookies that require consent under EU law.

08.

Security

Passwords are hashed with bcrypt. Payment data is never stored on our servers — all card information is handled by Stripe on their PCI-DSS Level 1 certified infrastructure. Database backups are encrypted at rest and in transit. Stripe webhook events are signature-verified before they trigger any provisioning.

09.

Contact

Data Protection Officer: dpo@cloudrentvps.com