Privacy Policy

Effective Date: December 20, 2024

1. Introduction

DRP Solutions ltd ("we," "us," or "our") operates HostJamstack.com and provides web hosting, domain registration, and deployment services. This Privacy Policy explains how we collect, use, and protect your personal information.

Data Controller Information

DRP Solutions ltd
Company number: 208392740
Address: Trakia, bl 216, Vh B, ap 8, Plovdiv, Bulgaria
Email: hello@hostjamstack.com
Website: hostjamstack.com

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, billing address, phone number
• Payment Information: Credit card details, billing address (processed by secure payment providers)
• Support Communications: Messages, files, and information you provide when contacting support
• Domain Registration: Contact information required for WHOIS databases
• Profile Information: Optional profile details you choose to provide

2.2 Information Collected Automatically

• Usage Data: How you interact with our services, pages visited, features used
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Server logs, error reports, performance metrics
• Cookies and Tracking: See Section 6 for detailed information

2.3 Information from Third Parties

• Payment Processors: Transaction confirmations and payment status
• Authentication Services: Information from OAuth providers (Google, GitHub, etc.)
• Domain Registries: Public WHOIS information for domain management

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Process payments and billing
• Provide hosting, domain, and support services
• Deploy and maintain your applications
• Manage domain registrations and DNS

3.2 Communications

• Send service-related notifications
• Respond to support inquiries
• Send renewal reminders and important account updates
• Provide technical updates and security notices

3.3 Service Improvement

• Analyze usage patterns to improve our services
• Debug technical issues and optimize performance
• Develop new features and services
• Conduct security monitoring and fraud prevention

3.4 Legal and Compliance

• Comply with legal obligations
• Protect our rights and property
• Investigate and prevent fraud or abuse
• Enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

4.1 Contract Performance

Processing necessary to perform our services contract with you, including:

• Account management and service delivery
• Payment processing and billing
• Customer support

4.2 Legitimate Interests

Our legitimate business interests, including:

• Service improvement and optimization
• Security monitoring and fraud prevention
• Internal analytics and reporting

4.3 Legal Obligation

Compliance with legal requirements, including:

• Tax and accounting obligations
• Domain registration requirements
• Data protection laws

4.4 Consent

Where you have given explicit consent for:

• Marketing communications (opt-in only)
• Optional analytics and tracking
• Third-party integrations you authorize

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted service providers who help us operate our services:

• Cloud Infrastructure: AWS, Google Cloud for hosting and storage
• Email Services: For sending transactional and support emails
• Analytics Services: For service improvement and monitoring

5.2 Domain Registration

Domain registrations require sharing contact information with:

• Domain registries and registrars
• WHOIS databases (as required by ICANN policies)
• Public directory services

5.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with court orders or legal processes
• Investigate fraud or security violations
• Protect our rights or the safety of others
• Respond to government requests

5.4 Business Transfers

In case of merger, acquisition, or sale of assets, your information may be transferred to the new entity.

6. Cookies and Tracking Technologies

6.1 Essential Cookies

Required for service functionality:

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance

6.2 Analytics Cookies

Used to understand service usage (with your consent):

• Website traffic analysis
• Feature usage tracking
• Performance monitoring

6.3 Cookie Control

You can control cookies through:

• Browser settings to block or delete cookies
• Our cookie preference center
• Opt-out links for third-party analytics

6.4 Do Not Track

We respect browser "Do Not Track" signals for non-essential tracking.

7. Data Security

7.1 Technical Safeguards

• Encryption in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Network security and firewalls

7.2 Organizational Measures

• Employee training on data protection
• Regular security audits and reviews
• Incident response procedures
• Data minimization practices

7.3 Third-Party Security

We require service providers to maintain appropriate security measures and only process data according to our instructions.

8. Data Retention

8.1 Account Data

We retain your account information for as long as your account is active, plus:

• 30 days after account deletion for reactivation
• Up to 7 years for accounting and tax purposes

8.2 Domain Data

Domain registration data is retained according to:

• Registrar requirements (typically 2 years post-expiration)
• Legal obligations and dispute resolution needs

8.3 Support Data

Support communications are retained for:

• 3 years for service improvement
• Longer if required for legal proceedings

8.4 Log Data

Technical logs are retained for:

• 90 days for operational purposes
• 1 year for security and fraud prevention

9. Your Rights (GDPR)

As a data subject, you have the right to:

9.1 Access

Request a copy of the personal data we hold about you.

9.2 Rectification

Correct inaccurate or incomplete personal data.

9.3 Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal obligations).

9.4 Restriction

Limit how we process your personal data in certain circumstances.

9.5 Portability

Receive your data in a structured, machine-readable format.

9.6 Objection

Object to processing based on legitimate interests or for marketing purposes.

9.7 Withdrawal of Consent

Withdraw consent for processing that requires your consent.

9.8 Complaint

Lodge a complaint with your local data protection authority.

10. International Data Transfers

10.1 Transfer Basis

We may transfer data outside the EU/EEA based on:

• European Commission adequacy decisions
• Standard contractual clauses
• Your explicit consent

10.2 Safeguards

All international transfers include appropriate safeguards to protect your data according to EU standards.

11. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

12. Marketing Communications

12.1 Opt-In Policy

We only send marketing communications with your explicit consent.

12.2 Transactional Emails

We send necessary service-related emails regardless of marketing preferences:

• Account notifications
• Billing and renewal reminders
• Security alerts
• Service updates

12.3 Unsubscribe

You can unsubscribe from marketing emails at any time through:

• Unsubscribe links in emails
• Account settings
• Contacting us directly

13. Third-Party Services

13.1 External Links

Our service may contain links to third-party websites. We are not responsible for their privacy practices.

13.2 Integrations

If you choose to integrate third-party services (GitHub, Google, etc.), their privacy policies apply to that data sharing.

13.3 User Content

You are responsible for any personal data you include in content you upload or publish through our services.

14. Data Breach Notification

In case of a data breach affecting your personal data, we will:

• Notify authorities within 72 hours (where required)
• Inform affected users without undue delay
• Provide information about the breach and mitigation steps

15. Privacy by Design

We implement privacy protection measures throughout our service development:

• Data minimization principles
• Privacy impact assessments
• Default privacy settings
• User control mechanisms

16. Contact Information

16.1 Privacy Questions

For privacy-related questions or to exercise your rights:

Email: hello@hostjamstack.com
Subject Line: "Privacy Policy Question" or "Data Subject Request"
Address: DRP Solutions ltd, Trakia, bl 216, Vh B, ap 8, Plovdiv, Bulgaria

16.2 Data Protection Officer

For complex privacy matters, you can contact our Data Protection Officer at the same address with subject line "DPO Request."

16.3 Response Time

We respond to privacy requests within 30 days or sooner when possible.

17. Updates to This Policy

17.1 Policy Changes

We may update this Privacy Policy to reflect:

• Changes in our services
• Legal requirement updates
• Best practice improvements

17.2 Notification

We will notify you of material changes through:

• Email notification
• Website announcements
• In-service notifications

17.3 Continued Use

Continued use of our services after notification constitutes acceptance of updated terms.

---

Last updated: December 20, 2024

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.