Skip to content
Stackserver
Get Started
Home About Client Portal
Sign In Get Started

Privacy Policy

Last updated: March 2026

1. Introduction

Stackserver ("we", "us", "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, store, and protect your information when you use our cloud infrastructure services and visit our website at stackserver.com.

This policy applies to all individuals who interact with our services, including account holders, authorized users, API consumers, website visitors, and anyone who contacts us for information about our services.

We act as a data controller for the personal data we collect directly from you (such as account and billing information), and as a data processor for any personal data stored on our infrastructure as part of your hosted services. Where we act as a data processor, the terms of our Data Processing Agreement govern how we handle that data on your behalf.

2. Information We Collect

We collect the following categories of information to operate and improve our services:

Account Data

Name, email address, billing address, company name (if applicable), phone number (if provided), and payment information necessary for service delivery and invoicing. This data is collected directly from you during registration, account management, and billing interactions.

Technical Data

IP addresses, browser type and version, operating system, device identifiers, screen resolution, referring URLs, and connection metadata collected automatically when you access our services. This includes server access logs, API request metadata, and CLI usage telemetry used for diagnostics and security monitoring.

Usage Data

Service usage patterns, resource consumption metrics (CPU, memory, bandwidth, storage), deployment frequency, API call volumes, support ticket interactions, login timestamps, and feature utilization data. This information is used to maintain, monitor, and improve our platform.

Communication Data

Records of correspondence between you and our team, including support tickets, emails, and any feedback you provide. This helps us improve our support quality and maintain a record of service-related communications.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Delivering, maintaining, and improving our cloud infrastructure services
  • Processing billing, payments, and generating invoices
  • Providing technical support and responding to inquiries
  • Monitoring infrastructure security and detecting threats
  • Ensuring compliance with our Terms of Service and Acceptable Use Policy
  • Communicating service updates, maintenance schedules, and important notices
  • Improving our platform based on aggregated usage patterns
  • Performing capacity planning and resource allocation
  • Preventing fraud, abuse, and unauthorized access to our systems
  • Meeting legal and regulatory obligations

We do not use your personal data for automated decision-making or profiling that produces legal effects. We do not use your data for targeted advertising or sell it to marketers.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing necessary to deliver the hosting services you have purchased, including account provisioning, server deployment, billing, and technical support.
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as infrastructure security monitoring, fraud prevention, service improvement, and capacity planning.
  • Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable laws and regulations, including tax record-keeping and financial reporting.
  • Consent (Article 6(1)(a)): Where we rely on your consent for specific processing activities, you have the right to withdraw that consent at any time.

5. Data Storage & Security

All personal data and customer data is stored exclusively in European data centers that meet or exceed Tier III standards. Our data centers are equipped with redundant power supplies, environmental controls, and physical access restrictions.

We implement robust security measures including:

  • AES-256 encryption for data at rest across all storage systems
  • TLS 1.3 encryption for all data in transit
  • Role-based access controls with mandatory multi-factor authentication for all administrative access
  • Regular third-party security audits and penetration testing
  • 24/7 infrastructure monitoring and intrusion detection systems
  • Network segmentation and firewall protection at every layer
  • Automated vulnerability scanning and patch management
  • DDoS mitigation with multi-Tbps capacity
  • Physical security controls including biometric access and CCTV surveillance

In the unlikely event of a data breach, we will notify you and the relevant supervisory authority without undue delay and within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law:

  • Account data: Retained for the duration of your active account plus 12 months following account closure.
  • Billing records: Retained for 7 years as required by applicable tax and financial regulations.
  • Server and access logs: Retained for 90 days for security monitoring and abuse prevention.
  • API access logs: Retained for 30 days for debugging and diagnostics purposes.
  • Support correspondence: Retained for the duration of your active account plus 6 months.

Upon expiration of the retention period, data is securely deleted using industry-standard data destruction methods. You may request earlier deletion of your personal data at any time, subject to our legal retention obligations.

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): Request deletion of your personal data when it is no longer necessary.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format (JSON or CSV).
  • Right to Restriction (Article 18): Request restriction of processing under certain circumstances.
  • Right to Object (Article 21): Object to processing of your data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Article 7): Where processing is based on consent, withdraw that consent at any time.
  • Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us at [email protected]. We will acknowledge your request within 5 business days and respond within 30 days.

8. Cookies & Tracking

We use only essential cookies that are strictly necessary for the operation of our website and services:

  • Authentication cookies: To maintain your login session securely.
  • Session management cookies: For security and platform functionality.
  • CSRF protection tokens: To prevent cross-site request forgery attacks.
  • Preference cookies: To remember your timezone and display settings.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. No personal data is shared with third parties through cookie mechanisms.

9. Third-Party Services

We engage a limited number of trusted third-party service providers:

  • Payment processors: PCI DSS-compliant processors for billing transactions. Payment card data is never stored on our servers.
  • Email service providers: For transactional communications such as invoices, service notifications, and password resets.
  • Domain registrars: For domain registration services where applicable.

All providers are bound by data processing agreements (DPAs) that require them to process your data only on our instructions and in compliance with GDPR. We do not sell, rent, or trade your personal data.

10. International Data Transfers

Your personal data is stored and processed exclusively within the European Economic Area (EEA). In limited circumstances where a third-party provider may process data outside the EEA, we ensure appropriate safeguards including:

  • European Commission adequacy decisions for the recipient country
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Supplementary technical and organizational measures as recommended by the EDPB

You may request a copy of the safeguards in place by contacting us at [email protected].

11. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes that affect how we handle your personal data, we will provide notice via email at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of our services after changes take effect constitutes your acknowledgment of the revised policy.

13. Contact & Data Protection

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is being processed, please contact our privacy team:

[email protected]

We aim to resolve all privacy-related inquiries promptly and transparently. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority within the European Economic Area.