Data policy

Hosting4Real is committed to providing a secure hosting environment and transparency towards our customers, how we handle data and what data we collect.

All data is by default only accessible by staff at Hosting4Real, unless we specify otherwise.

As long as you're a customer of Hosting4Real, we log data such as visitor requests to your sites hosted by us, login requests to various systems you access within the Hosting4Real environments.

In case you agree to our data policy, the agreement is valid for the period you're a customer of Hosting4Real and has existing products with us.

Information such as invoices issued to you as a customer is kept even after terminating the products or ending your time as a customer at Hosting4Real. You can, however, change your contact details to something "random" at our Client Area. In case you need a random email added to your account, please let us know by contacting support@hosting4real.net.

Below you will find different sections regarding the various products and tools we use as a company to function; you can click each title to read more:

When using our shared web hosting solution, you agree to specific ways we handle data:

Files (web files, emails, cache files)

We store files on web hosting related servers; these files are stored under each hosting account, it is your job as a customer to ensure the security and integrity of these files.

Whenever your hosting account gets created, it contains a default set of files and configurations - these files can be modified by customers and software from our servers.

All files get scanned for virus/malware and copyrighted data based on signatures.

Emails

When receiving emails, this often goes via our SpamExperts® cluster - this cluster runs on our physical servers however the product gets managed by the SpamExperts® engineering team. No sensitive information is accessible to the engineers.

When sending emails, the emails get sent via an external SMTP relay called MailChannels - MailChannels is an outgoing spam-filtering solution used to prevent accounts from sending spam.

The MailChannels software stores sender address, the receiver address and the email subject of individual emails.

If you want to prevent transmitting any data via MailChannels, we advise you to use an alternative outgoing mail-server than ours.

Databases

Databases are protected by username and password and IP restriction by default; it is up to the customer to take the correct measures to ensure the data is secured (encrypt sensible content) and ensure rotation of credentials.

Databases are permanent storage and only gets removed in case the customer do it, the customer gets terminated, or in case the customer gives permission to Hosting4Real's support staff to make changes to the databases.

Logs (access logs, audit logs, FTP logs, error logs)

Access logs and error logs are fully available to the users, for audit logs and FTP logs - please contact our support to get access to these.

Access logs get sent to our statistics software which we use for doing capacity planning as well as detecting anomalies in traffic to prevent attacks.

There's no defined rotation policy for access or FTP logs; data gets removed during account termination or cleaned up by staff on a regular interval. Customers can contact Hosting4Real's support department to request deletion of the logs.

Backups

Backups are stored on external backup servers managed by Hosting4Real; data is backed up over a secure connection and is stored in plain files for the user to restore via our backup software.

Backups include all hosting account data: files (web, email, logs), databases, cronjobs, DNS zones, account statistics.

Backups do get rotated out automatically after termination of your account within one month or less.

Statistics

Hosting accounts get some metrics done:

Awstats/Webalizer/bandwidth data gets aggregated from the access logs; these statistics are available under the hosting account in the "tmp" folder in their home directory - the user can delete these at any time. The data also gets removed during account termination.

Access logs get sent via Filebeat over a secure connection to ElasticSearch, ElasticSearch is used to perform capacity planning of our platform and to detect attacks on our platform and individual customer's sites. Customers can request deletion of data from our ElasticSearch cluster - by default; we also delete data after ten days.

Our ElasticSearch cluster can only be accessed from trusted networks by Hosting4Real staff.

Hosting4Real also collects metrics regarding the total amount of requests and traffic done - these numbers are split up per day, per server, there's no relation to customers or domains in any way in these statistics - these statistics get used in our yearly reports and for capacity planning.

New Relic

Hosting4Real uses New Relic for performance monitoring of individual hosting accounts. No sensitive data gets transmitted to New Relic; each application gets registered under the primary domain of the hosting account. In case you do not want any performance metrics transmitted towards New Relic, then please contact us at support@hosting4real.net. Be aware that any further troubleshooting regarding performance or scalability issues for your account will no longer be possible in case this is disabled.

Data can be deleted from New Relic at any time by contacting our support. At the same time data gets deleted automatically after seven days.

General

The customer should use secure passwords for all services (cPanel, FTP, email accounts, databases) and rotate them frequently.

Hosting4Real runs a Content Delivery network with servers located all over the world.

All web content on servers are cached based on the customers defined "Cache-Control" when the cache time is up; the data gets automatically deleted within 10 seconds after it expired.

Access logs for the CDN get processed by our ElasticSearch cluster to aggregate statistics for each domain running on our CDN. Deletion of statistical data can happen by contacting our support at support@hosting4real.net.

In case you use our support, you at the same time have to agree our support department accessing the required information about your account to resolve the issue.

We might require access to files (web files, emails, cache files), databases, logs, backups, statistics and/or IP information about logged in accounts.

In case you do not allow us to access any of the data, be aware that resolution of your problem might get prolonged or not possible to resolve.

When you create a support ticket, ticket information gets stored in our support software (shop.hosting4real.net) indefinitely and temporary for less than 24 hours on our Hosted Exchange (Office365) email.

Any emails coming from our support system gets sent via Amazon SES via secure connections.

Requesting deletion of data from our ticketing system requires you to contact support@hosting4real.net.

When registering domains, information such as full name, company name if applicable, phone number, address, the email address gets transmitted to the domain registry (Enom, Freenom or Hexonet). If you do not like any information getting transmitted to any of the registrars we use - then just do not register a domain.

The registrars submit the information to public whois databases accordingly to each registry (owner of the gTLD or ccTLD).

Maxmind fraud lookups

When you place an order on our website, your data will get sent to MaxMind Fraud service.

The following information will get transmitted to MaxMind:

  • IP address
  • Full address
  • Phone number
  • Email address
  • Browser User-Agent

The data gets transmitted to MaxMind to perform fraud lookups - this prevents abuse of credit cards.

MaxMind will store this information in a non-identifying or de-identified version, and they also use the IP addresses to make a database to plot IP addresses to a "likely location" where an IP address may be used. The precision of this database is at postal code level of resolution.

The IP addresses are also aggregated into larger subnets, meaning that they cannot be used to identify a single customer.

Account data

When you register on our billing/client software shop.hosting4real.net, we store data such as contact information (full name, full address, phone number, IP address, VAT number) according to European and Dutch law.

Emails

We use Amazon SES to send emails to you as a customer; emails are transmitted via Amazon SES using a secure connection.

SMS

We use Txty to send SMS's to customers; we use SMS to reach customers in some instances where we require immediate action or as a last resort. SMS also gets used for 2FA for our different services.

Payments

When you pay on our website, you will be given multiple options to pay your invoices:

Credit Card

By using Credit Card payments, your details will be encrypted on your computer and sent to our payment gateway Braintree Payments (Braintree is a service of PayPal).

The details you transmit towards Braintree Payments during payment may include:

  • Company
  • Full name
  • Full address and country
  • Email address
  • Phone number
  • Credit card details

We do not store any full credit card details within our billing software; we will, however, store your expiry date, card type as well as the last four digits of your card number.

Bank Transfer

If you select Bank Transfer, then transactions and any data you supply in these transactions will be handled either by Sparekassen Vendsyssel or ABN AMRO.

iDEAL

iDEAL transactions gets handled by Mollie. Mollie will receive your personal information from your bank.

We use multiple suppliers to deliver our infrastructure, we make sure that all partners are GDPR compliant in case we'll store information on the server or service that requires GDPR-compliance.

Our CDN servers are spread across multiple providers in multiple continents. Normal access logs are gathered on these servers, and doesn't contain any personal information.

The remaining services we offer such as webhosting, email spam filtering, backup, support, billing and statistics are stored on either physical or virtual servers managed by us, and/or hosted with partners that are GDPR-compliant.

We use analytics across sites owned by "Hosting4Real" or "Lucas Rolff". The below software is configured with the highest privacy settings possible.

Google Analytics

We use Google Analytics to track visitor statistics and user behavior when visiting our sites.

Sentry (self-hosted)

We use Sentry to watch for javascript errors - this allows us to spot issues in code and resolve it for a better (bug-free) experience.

Piwik/Matomo (self-hosted)

we do host our own Piwik/Matomo instance for statistics.