Privacy Policy

Your privacy is fundamental to our business. This policy explains what data we collect, why we collect it, and how you can control it.

Last updated: February 20, 2026

1. Scope of This Policy

This Privacy Policy applies to all personal data processed by HostKonek ("Company", "we", "us") when you visit our website at hostkonek.com, use our client portal, purchase services, or communicate with our support team. It covers our web hosting, VPS, dedicated server, domain registration, and all related services.

2. Data We Collect

2.1 Information You Provide

  • Account Data — full name, email address, phone number, company name, and mailing address provided during registration.
  • Billing Data — payment card details (processed and stored by our PCI-DSS compliant payment processor, Stripe), billing address, tax identification numbers, and invoice history.
  • Support Data — content of support tickets, live chat transcripts, emails, and phone call recordings (when disclosed).
  • Domain Registration Data — registrant name, organization, address, phone, and email as required by ICANN policies.

2.2 Information Collected Automatically

  • Usage Data — pages visited, click patterns, feature usage, session duration, and referral URLs.
  • Device Data — IP address, browser type and version, operating system, screen resolution, and language preferences.
  • Server Logs — access logs, error logs, and resource utilization metrics associated with your hosting account.
  • Cookies & Similar Technologies — see Section 9 below.

2.3 Information from Third Parties

We may receive data from payment processors (transaction confirmations), domain registries (WHOIS verification), fraud prevention services (risk scores), and analytics providers (aggregated usage statistics).

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service Delivery — provisioning, maintaining, and supporting your hosting accounts, domains, and related services.
  • Billing & Payments — processing invoices, collecting payments, issuing refunds, and complying with tax obligations.
  • Communication — sending transactional emails (order confirmations, renewal notices, password resets), support responses, and service announcements.
  • Security & Fraud Prevention — detecting unauthorized access, preventing abuse, enforcing our Acceptable Use Policy, and protecting our network infrastructure.
  • Analytics & Improvement — understanding usage patterns, measuring performance, improving our platform, and developing new features.
  • Legal Compliance — meeting regulatory requirements, responding to lawful requests from authorities, and establishing or defending legal claims.
  • Marketing — with your consent, sending promotional emails about new products, special offers, or company news. You may opt out at any time.

For individuals in the European Economic Area (EEA) and similar jurisdictions, we process data under:

  • Contractual Necessity — to fulfill our hosting and domain service agreements with you.
  • Legitimate Interest — to secure our infrastructure, prevent fraud, improve our services, and conduct business analytics.
  • Consent — for marketing communications and non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation — to comply with tax, accounting, and regulatory requirements.

5. Data Sharing & Third Parties

We share personal data only when necessary and with the following categories of recipients:

  • Payment Processors — Stripe and PayPal for secure transaction processing. They operate as independent data controllers under their own privacy policies.
  • Data Center Operators — our infrastructure partners who physically host servers. They have no access to your personal data; they provide power, cooling, and network connectivity.
  • Domain Registries & Registrars — ICANN-accredited registries require certain registrant data for domain registration. We offer WHOIS privacy protection where available.
  • Analytics Providers — Google Analytics (with IP anonymization enabled) to understand website traffic patterns.
  • Security Partners — DDoS mitigation and WAF providers who may process IP addresses and request metadata to filter malicious traffic.
  • Legal Authorities — when required by law, court order, or governmental regulation.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the Philippines, the United States, and the European Union. When transferring data internationally, we use:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data processing agreements with all sub-processors.
  • Technical safeguards including encryption in transit and at rest.

7. Data Retention

  • Active Accounts — we retain your data for as long as your account is active and the services are in use.
  • Post-Termination — hosting data (files, databases, emails) is deleted within 30 days after account termination.
  • Billing Records — invoices and payment records are retained for 7 years to comply with tax and accounting regulations.
  • Support Tickets — retained for 3 years after resolution for quality assurance and legal purposes.
  • Server Logs — access and error logs are retained for 90 days and then automatically purged.
  • Marketing Data — retained until you unsubscribe or request deletion.

8. Security Measures

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption — TLS 1.2/1.3 for all data in transit; AES-256 encryption for sensitive data at rest.
  • Access Controls — role-based access with multi-factor authentication (MFA) for all administrative systems.
  • Network Security — enterprise firewalls, intrusion detection/prevention systems (IDS/IPS), and 24/7 DDoS mitigation.
  • Physical Security — Tier III+ data centers with biometric access, CCTV monitoring, and 24/7 on-site security.
  • Audits & Compliance — regular vulnerability scanning, annual penetration testing, and SOC 2 Type II audit readiness.
  • Incident Response — documented incident response procedures with notification to affected customers within 72 hours of a confirmed breach, as required by GDPR.

9. Cookies & Tracking Technologies

9.1 Essential Cookies

Required for core functionality: session management, authentication state, shopping cart, and CSRF protection. These cannot be disabled.

9.2 Analytics Cookies

Google Analytics 4 (with IP anonymization) tracks aggregated usage patterns. We use this data to improve our website and services. You may opt out via your browser settings or the Google Analytics opt-out extension.

9.3 Marketing Cookies

With your consent, we may use cookies from Google Tag Manager and Meta Pixel to measure advertising effectiveness. These are only loaded after you accept marketing cookies.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data (subject to legal retention requirements).
  • Restriction — request that we limit processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@hostkonek.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

11. Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email and/or a prominent notice on our website at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact & Data Protection Officer

For privacy-related inquiries or data subject requests, contact us: