Data policy

When using our shared web hosting solution, you agree to specific ways we handle data:

Files (web files, emails, cache files)

We store files on web hosting related servers; these files are stored under each hosting account, it is your job as a customer to ensure the security and integrity of these files.

Whenever your hosting account gets created, it contains a default set of files and configurations - these files can be modified by customers and software from our servers.

All files get scanned for virus/malware and copyrighted data based on signatures.

Emails

When receiving emails, this often goes via our SpamExperts® cluster - this cluster runs on our physical servers however the product gets managed by the SpamExperts® engineering team. No sensitive information is accessible to the engineers.

When sending emails, the emails get sent via an external SMTP relay called MailChannels - MailChannels is an outgoing spam-filtering solution used to prevent accounts from sending spam.

The MailChannels software stores sender address, the receiver address and the email subject of individual emails.

If you want to prevent transmitting any data via MailChannels, we advise you to use an alternative outgoing mail-server than ours.

Databases

Databases are protected by username and password and IP restriction by default; it is up to the customer to take the correct measures to ensure the data is secured (encrypt sensible content) and ensure rotation of credentials.

Databases are permanent storage and only gets removed in case the customer do it, the customer gets terminated, or in case the customer gives permission to Hosting4Real's support staff to make changes to the databases.

Logs (access logs, audit logs, FTP logs, error logs)

Access logs and error logs are fully available to the users, for audit logs and FTP logs - please contact our support to get access to these.

Access logs get sent to our statistics software which we use for doing capacity planning as well as detecting anomalies in traffic to prevent attacks.

There's no defined rotation policy for access or FTP logs; data gets removed during account termination or cleaned up by staff on a regular interval. Customers can contact Hosting4Real's support department to request deletion of the logs.

Backups

Backups are stored on external backup servers managed by Hosting4Real; data is backed up over a secure connection and is stored in plain files for the user to restore via our backup software.

Backups include all hosting account data: files (web, email, logs), databases, cronjobs, DNS zones, account statistics.

Backups do get rotated out automatically after termination of your account within one month or less.

Statistics

Hosting accounts get some metrics done:

Awstats/Webalizer/bandwidth data gets aggregated from the access logs; these statistics are available under the hosting account in the "tmp" folder in their home directory - the user can delete these at any time. The data also gets removed during account termination.

Access logs get sent via Filebeat over a secure connection to ElasticSearch, ElasticSearch is used to perform capacity planning of our platform and to detect attacks on our platform and individual customer's sites. Customers can request deletion of data from our ElasticSearch cluster - by default; we also delete data after ten days.

Our ElasticSearch cluster can only be accessed from trusted networks by Hosting4Real staff.

Hosting4Real also collects metrics regarding the total amount of requests and traffic done - these numbers are split up per day, per server, there's no relation to customers or domains in any way in these statistics - these statistics get used in our yearly reports and for capacity planning.

Temporary URLs (hosting-panel.net only)

For temporary URLs for hosting-panel.net, we utilize a system developed by SkylonHost called https://site.slowtest.net. The system works by proxying traffic via temporary URLs, which rewrites the content of HTML, CSS and Javascript files to match the temporary domain, similar to how many Content Delivery Networks (CDNs) might process optimizations. No data is collected as a part of this process.

The URLs are only generated when requested, and no traffic will pass through these URLs unless the user explicitly does it themselves.

General

The customer should use secure passwords for all services (cPanel, FTP, email accounts, databases) and rotate them frequently.

Hosting4Real runs a Content Delivery network with servers located all over the world.

All web content on servers are cached based on the customers defined "Cache-Control" when the cache time is up; the data gets automatically deleted within 10 seconds after it expired.

Access logs for the CDN get processed by our ElasticSearch cluster to aggregate statistics for each domain running on our CDN. Deletion of statistical data can happen by contacting our support at support@hosting4real.net.

In case you use our support, you at the same time have to agree our support department accessing the required information about your account to resolve the issue.

We might require access to files (web files, emails, cache files), databases, logs, backups, statistics and/or IP information about logged in accounts.

In case you do not allow us to access any of the data, be aware that resolution of your problem might get prolonged or not possible to resolve.

When you create a support ticket, ticket information gets stored in our support software (shop.hosting4real.net and Zendesk) indefinitely and temporary for less than 24 hours on our Hosted Exchange (Office365) email.

Any emails coming from our support system gets sent via Amazon SES, MailChannels or Zendesk via secure connections.

Requesting deletion of data from our ticketing system requires you to contact support@hosting4real.net.

When registering domains, information such as full name, company name if applicable, phone number, address, the email address gets transmitted to the domain registry (Enom, Freenom, OpenProvider or Hexonet). If you do not like any information getting transmitted to any of the registrars we use - then just do not register a domain.

The registrars submit the information to public whois databases accordingly to each registry (owner of the gTLD or ccTLD).

Maxmind fraud lookups

When you place an order on our website, your data will get sent to MaxMind Fraud service.

The following information will get transmitted to MaxMind:

• IP address
• Full address
• Phone number
• Email address
• Browser User-Agent

The data gets transmitted to MaxMind to perform fraud lookups - this prevents abuse of credit cards.

MaxMind will store this information in a non-identifying or de-identified version, and they also use the IP addresses to make a database to plot IP addresses to a "likely location" where an IP address may be used. The precision of this database is at postal code level of resolution.

The IP addresses are also aggregated into larger subnets, meaning that they cannot be used to identify a single customer.

Account data

When you register on our billing/client software shop.hosting4real.net, we store data such as contact information (full name, full address, phone number, IP address, VAT number) according to European and Dutch law.

Emails

We use Amazon SES, Postmarkapp and/or Mailchannels to send emails to you as a customer; emails are transmitted using a secure connection.

SMS

We use Txty to send SMS's to customers; we use SMS to reach customers in some instances where we require immediate action or as a last resort. SMS also gets used for 2FA for our different services.

Payments

When you pay on our website, you will be given multiple options to pay your invoices:

Credit Card

By using Credit Card payments, your details will be encrypted on your computer and sent to our payment gateways Braintree Payments (Braintree is a service of PayPal) or a combination of OnPay and Clearhaus.

The details you transmit towards Braintree Payments or OnPay + Clearhaus during payment may include:

• Company
• Full name
• Full address and country
• Email address
• Phone number
• Credit card details

We do not store any full credit card details within our billing software; we will, however, store your expiry date, card type as well as the last four digits of your card number.

Bank Transfer

If you select Bank Transfer, then transactions and any data you supply in these transactions will be handled either by Sparekassen Vendsyssel or ABN AMRO BANK N.V.

iDEAL

iDEAL transactions gets handled by Mollie. Mollie will receive your personal information from your bank.

We use multiple suppliers to deliver our infrastructure, we make sure that all partners are GDPR compliant in case we'll store information on the server or service that requires GDPR-compliance.

Our CDN servers are spread across multiple providers in multiple continents. Normal access logs are gathered on these servers, and doesn't contain any personal information.

The remaining services we offer such as webhosting, email spam filtering, backup, support, billing and statistics are stored on either physical or virtual servers managed by us, and/or hosted with partners that are GDPR-compliant.

We use analytics across sites owned by "Hosting4Real" or "Lucas Rolff". The below software is configured with the highest privacy settings possible.

Sentry (self-hosted)

We use Sentry to watch for javascript errors - this allows us to spot issues in code and resolve it for a better (bug-free) experience.

Piwik/Matomo (self-hosted)

we do host our own Piwik/Matomo instance for statistics.