Join our Discord for special offers, news & updates
JOIN DISCORD

Privacy Policy

Data protection and security policy. We collect necessary data for hosting, billing, and security. GDPR compliant.

// WHO IS RESPONSIBLE

Controller (Art. 4(7) GDPR): Julian Achter (Aluy)

Postal address:
Am Hang 55
85737 Ismaning
Germany

Email: privacy@al.uy

Telephone: +49 151 18462887

// THE SIMPLE VERSION

We collect your name, email, and payment info so we can bill you and provide support. We maintain essential operational logs for service reliability and security.

We don't sell your data or use invasive web tracking. Your legitimate business operations are respected while maintaining necessary security monitoring.

// WHAT WE COLLECT

ACCOUNT STUFF:
Name, email address, billing address. For business customers: company name, VAT ID (if applicable). Standard business information for hosting services.
PAYMENT INFO:
Payments are accepted via bank transfer primarily. For bank transfers, we collect account details necessary for processing. We do not handle or store card data.
SERVER LOGS:
Connection logs for security, operations, and troubleshooting. Standard monitoring for service reliability.
VERIFICATION:
For fraud prevention and regulatory compliance, we may request limited identity or business verification (e.g., name, address, company documents, government ID). Only requested when necessary.
SUPPORT TICKETS:
Your questions and our answers. We keep these to help you better.

// WHAT WE DON'T DO

× Track you across websites
× Sell your data to third parties
× Monitor your server content
× Use invasive analytics
× Share data unless legally required

// LEGAL BASIS FOR PROCESSING

Under GDPR Article 6, we process your data based on:

CONTRACT PERFORMANCE (Art. 6(1)(b)):
Account management, billing, service provision, technical support
LEGITIMATE INTEREST (Art. 6(1)(f)):
Network security, fraud prevention, service improvement, basic logging
LEGAL OBLIGATION (Art. 6(1)(c)):
Tax records, business records (7 years under German law), law enforcement requests
CONSENT (Art. 6(1)(a)):
Marketing communications (if you opt-in), non-essential cookies

// HOW WE USE YOUR DATA

Billing and payment processing
Technical support
Account security
Legal compliance (when required)
Service announcements (rare)

// HOW LONG WE KEEP IT

ACCOUNT DATA: While you're a customer + 1 year
BILLING RECORDS: 7 years (legal requirement)
SERVER LOGS: 30 days max
SUPPORT TICKETS: 2 years for reference

// YOUR RIGHTS

Under GDPR (Articles 15-22) and other privacy laws, you have the following rights:

ACCESS (Art. 15):
Request a copy of your personal data
RECTIFICATION (Art. 16):
Correct inaccurate or incomplete data
ERASURE (Art. 17):
Request deletion when legally possible
RESTRICTION (Art. 18):
Limit how we process your data
PORTABILITY (Art. 20):
Receive your data in machine-readable format
OBJECTION (Art. 21):
Object to processing based on legitimate interest

How to exercise your rights:

Email us at privacy@al.uy with your request. We'll respond within 30 days.

Right to lodge a complaint: You can complain to your local data protection authority or the German Federal Commissioner for Data Protection and Freedom of Information (BfDI).

// DATA PROCESSORS & THIRD PARTIES

We use the following processors to provide our services. All processors are bound by data processing agreements (DPAs) and GDPR compliance:

WHMCS (Customer Portal):
Billing system and customer management hosted on our infrastructure. Used for order processing, invoicing, and support tickets.
INFRASTRUCTURE PROVIDERS:
Our servers are hosted with: Hetzner (Germany/Finland), LIAM (UK), USM (Netherlands). These providers have access to server infrastructure but not customer data except as required for service delivery.
PAYMENT PROCESSORS:
For bank transfers: processed through standard banking infrastructure. We do not use third-party payment processors. Cryptocurrency payments processed directly on-chain.
EMAIL SERVICE:
Transactional emails (invoices, support) sent via our own mail servers or third-party email service providers as necessary for service delivery.

All processors are located within the EU/EEA or operate under appropriate data transfer mechanisms (Standard Contractual Clauses where applicable).

// SECURITY & ENCRYPTION

We implement industry-standard security measures to protect your data:

HTTPS/TLS Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
Password Protection: Customer passwords are hashed using industry-standard algorithms (bcrypt/Argon2)
Access Controls: Strict access controls limit who can access customer data internally
Security Monitoring: We maintain security logs and monitor for unauthorized access attempts
Regular Updates: Systems are kept updated with security patches

Note: Admin panel access attempts are logged for security purposes (with consent). These logs include IP addresses and timestamps and are retained for 30 days.

// COOKIES

We use essential cookies for service functionality and non-essential cookies with your consent:

Login session (essential) - Keeps you logged in
CSRF protection (essential) - Prevents security attacks
Payment verification (essential) - Confirms payment status
Preference storage (non-essential) - Remembers banner dismissals (requires consent)

A cookie consent banner appears on your first visit. You can accept all cookies or choose essential-only.

No tracking cookies, no advertising cookies, no third-party analytics.

// CHANGES TO THIS POLICY

We'll update this if needed and email you about major changes.

UPDATED: November 2025
QUESTIONS: privacy@al.uy