Skip to main content

Legal

Privacy Policy

Last updated: 6 July 2026

1. Who we are

Vintony Host is the data controller for personal data processed in connection with the Services described at https://vintonyhost.com. For questions about this policy or to exercise your rights, contact us at privacy@vintonyhost.com.

Where you use Vintony Host to host applications that themselves process personal data of your end users, you are the controller of that data and Vintony Host acts as your processor under a separate Data Processing Addendum (available on request at trust@vintonyhost.com).

2. What we collect

We collect only the information needed to deliver, support, and improve the Services.

**Account data**: name, email address, and a securely hashed password (bcrypt with per-record salt). For two-factor authentication we may store an encrypted secret or short-lived one-time codes.

**Billing data**: full card details are held by our payment processor (Stripe) and never reach our servers; we retain only a tokenised reference, the card brand, last four digits, expiry month/year, and the invoicing history.

**Service telemetry**: per-second resource metrics (CPU, RAM, network, storage IOPS) for the compute and storage you provision. We use this to render your dashboard, bill you accurately, and provide support.

**Support data**: any information you share with us via tickets, live chat, or email, including attachments you choose to send.

**Logs and security**: HTTP request logs (IP, user agent, timestamp, response code), authentication events, and audit-log entries for administrative actions.

**Cookies and similar**: a single first-party session cookie for sign-in, plus optional analytics cookies described in section 8.

3. Why we collect it (lawful bases under UK GDPR)

**Performance of a contract** (Art. 6(1)(b)): account, billing, telemetry, and support data are processed to perform our contract with you.

**Legitimate interests** (Art. 6(1)(f)): security logging, fraud prevention, and product improvement, balanced against your rights and reasonable expectations.

**Legal obligation** (Art. 6(1)(c)): VAT and tax records, retention windows imposed by applicable law.

**Consent** (Art. 6(1)(a)): the newsletter, marketing emails, and any non-essential cookies. Consent is freely given and may be withdrawn at any time without affecting the lawfulness of prior processing.

4. How long we keep it

**Active account data**: kept while your account is open and for 30 days after closure to allow recovery.

**Backups**: retained for 30 days after deletion; thereafter purged from cold storage on the next monthly rotation.

**Billing records**: retained for 7 years to meet UK accounting and VAT obligations.

**Support tickets**: retained for 3 years after the last reply so we can recall context for repeat issues.

**Security and access logs**: retained for 12 months; aggregated and anonymised analytics retained indefinitely.

5. Third-party processors

We share personal data only with a small set of processors who help us deliver the Services, all bound by data-protection agreements:

• **Stripe** — payment processing (card data, billing address). • **Resend** — transactional and newsletter email delivery (recipient address, message content). • **Supabase** — managed Postgres for the application database and authentication store. • **Cloudflare** — DNS, DDoS protection, edge caching, and front-of-platform request routing. • **Google Analytics 4 / Search Console** — anonymised traffic and search-impression data, where you have consented.

A current list of sub-processors is available on request at privacy@vintonyhost.com and is updated when material changes occur.

6. International transfers

Our primary data location is the European Economic Area (EEA). Some of our processors operate globally; where personal data is transferred outside the EEA or UK, we rely on the European Commission's Standard Contractual Clauses (and the UK addendum where applicable) and, where appropriate, supplementary technical measures such as encryption at rest and in transit.

7. Your rights

Subject to applicable law you have the right to access, rectify, erase, restrict the processing of, and port your personal data, and to object to processing based on our legitimate interests. You may exercise any of these rights by emailing privacy@vintonyhost.com; we respond within 30 days.

Where you are based in the EU/UK you also have the right to lodge a complaint with your local supervisory authority — for example, the UK's Information Commissioner's Office at ico.org.uk.

8. Cookies and similar technologies

We use the following cookies:

• **Session cookie** (strictly necessary): keeps you signed in; cannot be disabled while using the dashboard. • **Two-factor trusted-device cookie** (strictly necessary if you enable 2FA): identifies a device you trust for 30 days. • **Analytics cookies** (optional): set only with your consent; used by Google Analytics 4 to count visits and improve the site.

You can change your analytics consent at any time from the cookie banner or your browser settings. We do not use cross-site tracking pixels or third-party advertising cookies.

9. Children's data

The Services are not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact privacy@vintonyhost.com and we will delete it promptly.

10. How we protect your data

All data is encrypted in transit (TLS 1.2+; HSTS preload) and at rest (AES-256-XTS on managed compute and storage). Per-tenant encryption keys are sealed in FIPS 140-2 Level 3 HSMs. Access to production systems is gated by SSO, hardware MFA, and the principle of least privilege; every administrative action is recorded in an immutable audit log streamed to a separate region.

For more detail on our security practices, see https://vintonyhost.com/security and https://vintonyhost.com/compliance.

11. Contact

For privacy enquiries or to exercise your rights, contact privacy@vintonyhost.com. For security disclosures, contact security@vintonyhost.com. For general support, contact support@vintonyhost.com.

12. Updates to this policy

Material updates will be notified by email or in-app banner at least 30 days before they take effect. The most current version of this policy is always available at https://vintonyhost.com/legal/privacy.

This privacy policy is a working draft prepared in good faith. Replace with counsel-reviewed text before relying on it for material commercial relationships.