20% off first hosting order with code APEX20 00:00:00 See deals
Hoststack

Legal

Privacy Policy

Effective date: 1 January 2025  ·  Last updated: 28 June 2025

1. Who We Are

Hoststack ("we", "us", "our") is a web hosting provider operating from Kolkata, West Bengal, India. We provide web hosting, VPS, dedicated virtual servers, game servers, email hosting and domain registration services to customers primarily in India and internationally.

For the purposes of Indian data protection law and the Information Technology Act, 2000, Hoststack is the data controller in respect of your personal information. Our contact for data-related matters is [email protected].

2. Data We Collect

We collect data in the following categories:

Account & Identity Data

Name, email address, phone number, company name, billing address and GSTIN (if applicable). Collected when you register or purchase a service.

Payment Data

Payment method details (card type, last 4 digits, expiry). Full card numbers are processed and stored by our PCI-DSS compliant payment processors — we never store complete card numbers on our servers.

Technical & Usage Data

IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and error logs. Collected automatically through server logs and analytics tools.

Communications Data

Support tickets, live chat transcripts, emails and any other correspondence you send to us.

Service Data

Server configurations, domain names, resource usage (CPU, RAM, bandwidth, storage), and content you host on our infrastructure.

3. How We Use Your Data

  • To create, manage and provision your hosting account and services
  • To process payments and issue GST-compliant invoices
  • To send service notifications, billing reminders, renewal notices and security alerts
  • To respond to your support queries and provide technical assistance
  • To detect and prevent fraud, abuse and violations of our Acceptable Use Policy
  • To improve our website, services and customer experience through analytics
  • To send marketing communications where you have opted in (you may opt out at any time)
  • To comply with legal obligations under Indian law, including the IT Act 2000 and GST regulations

We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

5. Data Sharing

We do not sell your personal data. We share it only with the following categories of recipients where necessary:

  • Payment processors: Razorpay, PayU or equivalent PCI-DSS compliant processors to handle transactions securely.
  • Infrastructure providers: Data center and server providers who host our hardware under strict confidentiality agreements.
  • Email and communication platforms: Used to deliver transactional and support emails on our behalf.
  • Analytics platforms: Aggregated, anonymised usage data only. No personally identifiable information is shared for analytics.
  • Legal authorities: Where required by a valid court order, law enforcement request or government directive under Indian law.
  • Business transfers: In the event of a merger, acquisition or asset sale, your data may be transferred to the acquiring entity with the same protections.

6. Cookies

We use cookies and similar tracking technologies. Please read our Cookie Policy for full details. In summary:

  • Essential cookies: Required for site functionality, login sessions and security. Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our site. You may opt out via the cookie banner.
  • Marketing cookies: Used for retargeting and conversion tracking. Only set with your consent.

7. Data Retention

Data Type Retention Period
Account information Duration of account + 5 years for legal compliance
Billing records and invoices 7 years (GST and income tax requirements)
Support tickets 3 years
Server and access logs 90 days
Marketing preferences Until you opt out + 1 year
Website analytics 26 months

8. Your Rights

Under Indian data protection principles and applicable law, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your data (subject to legal retention requirements).

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests, including marketing.

Right to Withdraw Consent

Withdraw consent for marketing or optional processing at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • TLS/HTTPS encryption for all data in transit
  • Encrypted storage for sensitive account data
  • Access controls ensuring only authorised staff can access customer data
  • Regular security audits and vulnerability assessments
  • PCI-DSS compliant payment processing through certified third-party processors

In the event of a data breach that is likely to result in risk to your rights, we will notify you without undue delay as required by applicable law.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact us immediately and we will delete it promptly.

11. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by placing a prominent notice on our website at least 14 days before the change takes effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

12. Contact Us

Privacy & Data Protection

Related Legal Documents

Terms of Service Refund Policy Acceptable Use Policy SLA Cookie Policy Legal Hub
WhatsApp Discord