Privacy Policy

Your privacy and data protection are our top priorities. Learn how we handle your information.

Last updated: December 2024 GDPR Compliant

Table of Contents

1. Introduction

AquaHosts ("we," "our," or "us") operates the Aqua RDP website and provides Remote Desktop Protocol (RDP) hosting services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

We are committed to protecting your privacy and ensuring transparent data practices in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

Data Controller: AquaHosts is the data controller for the personal information we collect and process through our services.

By using our services, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

We collect information you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.

Personal Information

  • Account Information: Name, email address, phone number, billing address
  • Payment Information: Credit card details, billing information (processed securely by payment processors)
  • Communication Data: Messages sent through our support channels, feedback, and correspondence
  • Identification Data: Information required for identity verification and fraud prevention

Usage Information

  • Service Usage: Server resource utilization, bandwidth consumption, connection logs
  • Website Analytics: Pages visited, time spent, browser type, device information
  • IP Address: Your internet protocol address for security and service delivery
  • Cookies: Small files stored on your device for website functionality and analytics

Technical Information

  • Server Configuration: Operating system, software installations, custom configurations
  • Performance Metrics: Server uptime, response times, error logs
  • Security Logs: Access attempts, authentication events, security incidents

3. How We Use Your Information

We use the information we collect for various purposes, including:

Service Provision

  • Providing and maintaining our RDP hosting services
  • Processing payments and managing billing
  • Deploying and configuring servers according to your specifications
  • Monitoring service performance and uptime
  • Providing technical support and customer service

Security and Compliance

  • Detecting and preventing fraud, abuse, and security threats
  • Implementing DDoS protection and network security measures
  • Complying with legal obligations and regulatory requirements
  • Maintaining audit logs for security and compliance purposes

Business Operations

  • Analyzing usage patterns to improve our services
  • Communicating about service updates, maintenance, and new features
  • Conducting research and development for service enhancement
  • Marketing communications (with your consent where required)

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to perform our contract with you, including service delivery, billing, and support.

Legal Obligation

Processing required to comply with legal obligations, such as tax reporting, data retention laws, and regulatory compliance.

Legitimate Interest

Processing for our legitimate business interests, such as security monitoring, fraud prevention, and service improvement, balanced against your privacy rights.

Consent

Processing based on your explicit consent, such as marketing communications or optional data collection.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

6. Data Security

We implement comprehensive security measures to protect your personal information:

Encryption

  • Data encrypted in transit using TLS 1.3
  • Data encrypted at rest using AES-256 encryption
  • Database encryption for all stored personal information

Access Controls

  • Role-based access control for all systems
  • Multi-factor authentication for administrative access
  • Regular access reviews and privilege management

Monitoring

  • 24/7 security monitoring and incident response
  • Intrusion detection and prevention systems
  • Regular security audits and vulnerability assessments

Infrastructure Security

  • ISO 27001 certified data centers
  • Physical security controls and environmental monitoring
  • Redundant systems and disaster recovery procedures

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

Account Information

Retained for the duration of your account plus 7 years for legal and tax compliance requirements.

Billing Records

Maintained for 7 years after the last transaction for accounting and tax purposes.

Support Communications

Kept for 3 years to maintain service quality and resolve ongoing issues.

Usage Logs

Retained for 12 months for security monitoring and service optimization.

Server Data

Customer data on servers is retained for 30 days after service termination, then permanently deleted.

8. Your Rights

Under GDPR and other privacy laws, you have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you, including information about how it's processed.

Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data we have about you.

Right to Erasure

You can request deletion of your personal data in certain circumstances, subject to legal retention requirements.

Right to Restrict Processing

You can ask us to limit how we process your personal data in specific situations.

Right to Data Portability

You can request a copy of your data in a structured, commonly used format to transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

How to Exercise Your Rights: Contact us at [email protected] or @stefancharge on Telegram. We will respond to your request within 30 days.

9. International Transfers

Your personal data is processed and stored within the European Union to ensure GDPR compliance. Our primary data centers are located in Frankfurt, Germany.

Third-Country Transfers: In limited cases where we use service providers outside the EU, we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

Payment Processing: Payment data may be processed by payment providers in other jurisdictions under adequate protection mechanisms and PCI DSS compliance.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience on our website:

Essential Cookies

Required for website functionality, security, and service delivery. These cannot be disabled.

Analytics Cookies

Help us understand how visitors use our website to improve user experience and service quality.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness (with your consent).

Cookie Management: You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected].

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification: We will notify you of any material changes by:

  • Posting a notice on our website
  • Sending an email to your registered address
  • Updating the "Last Modified" date at the top of this policy

Your Continued Use: Your continued use of our services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email

[email protected]

For general privacy inquiries and data subject requests

Telegram

@stefancharge

For urgent privacy-related matters

Data Protection Officer

AquaHosts Privacy Team
Frankfurt, Germany

Available via email for GDPR-related inquiries

Response Time: We will acknowledge your privacy-related inquiries within 2 business days and provide a full response within 30 days as required by applicable privacy laws.

Privacy Questions or Concerns?

We're committed to transparency and protecting your privacy rights. Contact us anytime with questions about how we handle your data.

Email Privacy Team Telegram Support