Privacy Policy

Effective date: 21 Juin 2025

This Privacy Policy explains how Onewehost Cloud LLC (“Onewehost”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal information when you visit onewehost.com or use our cloud hosting and related services (the “Services”). By using the Services, you agree to this Policy and any applicable agreement (e.g., our Terms and Acceptable Use Policy). If you do not agree, please do not use the Services.

Who We Are & Contact

Data Controller: Onewehost Cloud LLC
Email: contact@onewehost.com

If you are in the EEA or UK, we process personal data in accordance with GDPR/UK-GDPR. Where required, we may appoint an EU/UK representative and a Data Protection Officer (DPO).

Scope

This Policy covers personal information we collect about visitors, account holders, and users of our Services. For data you host on our infrastructure (“Customer Content”), you act as the data controller and we act as your processor as described in our Data Processing Addendum (DPA).

Information We Collect

• Account & contact data: name, organization, billing address, country, email, phone.
• Billing data: payment details processed by our PCI-DSS compliant provider (Stripe). We do not store full card numbers or CVV. We may receive limited billing metadata (e.g., last4, brand, expiry), invoices, and transaction IDs.
• Crypto payments: wallet address and transaction identifiers processed via a crypto payment partner; we receive confirmation and basic transaction metadata.
• Service usage & logs: account identifiers, IP addresses, timestamps, region, resource usage, diagnostic events, and security signals (e.g., anti-abuse/DDoS telemetry).
• Support communications: tickets, emails, chats, attachments, and related metadata.
• Device & site data: strictly necessary cookies and similar technologies for authentication, session management, fraud/security, and site performance. We do not use third-party analytics or advertising pixels.
• Customer Content: data you upload or deploy on our infrastructure; we process it only to provide the Services and as instructed by you (see “Processor Role & DPA”).

How We Use Personal Information

• Provide, operate, secure, and maintain the Services.
• Set up and manage accounts, billing, invoicing, and collections.
• Detect, prevent, and investigate fraud, abuse, spam, malware, DDoS, and security incidents.
• Provide support, respond to requests, and communicate service updates.
• Measure performance and improve reliability and features (using aggregated or de-identified data where appropriate).
• Comply with legal obligations and enforce our Terms and Acceptable Use Policy.
• Send service and transactional messages; send marketing communications where permitted by law and your preferences (you can opt out at any time).

Legal bases (EEA/UK): contract performance; legitimate interests (e.g., service security and improvement); consent (where required); legal obligation.

Payments

Card payments are processed by Stripe (PCI-DSS compliant). We do not store full card details on our systems. For cryptocurrency payments, our crypto partner processes the transaction; we receive confirmation and basic metadata associated with the payment. Payments may be screened for fraud, anti-money laundering, and sanctions compliance.

Sharing & Disclosure

We do not sell personal information. We share it only with:

• Service providers/processors: payment processing (Stripe and crypto partner); infrastructure, networking, and DDoS/security providers; backup and monitoring; customer support and email delivery tools.
• Domain/SSL partners: to issue domains or certificates at your request.
• Professional advisors: legal, tax, audit,under confidentiality.
• Corporate transactions: as part of a merger, acquisition, or similar event, subject to appropriate safeguards.
• Legal compliance: to courts, regulators, or law enforcement when required by law or to protect rights, safety, and the Service.

California (CPRA): we do not “sell” personal information and do not “share” it for cross-context behavioral advertising.

International Transfers

We may transfer personal data across borders. Where required (e.g., EEA/UK to non-EEA), we rely on appropriate safeguards such as the EU Standard Contractual Clauses (and UK addendum), plus technical and organizational measures to protect the data.

Retention

• Account & billing records: for the life of the account and as required by tax/accounting laws (typically 7–10 years).
• Support tickets: generally 3 years after closure.
• Network/security logs: generally 90 days, unless needed longer for security or legal reasons.
• Backups: retained per our backup schedules and rotation policies.
• Marketing preferences: until you opt out or your account is closed.
• Customer Content (processor role): according to your configuration and contract; deleted per your instructions or at termination, subject to backup rotation.

Security

We implement appropriate technical and organizational measures, including encryption in transit, access controls, network segmentation, least-privilege access, and continuous monitoring. No method is 100% secure, but we continuously improve our safeguards.

Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing, and obtain a copy of your data in a portable format. You may withdraw consent (where processing is based on consent) and opt out of marketing at any time.

To exercise rights, contact contact@onewehost.com. We will verify your request as required by law. EEA/UK residents may lodge a complaint with a supervisory authority, but please contact us first so we can address your concerns.

Children’s Privacy

The Services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us so we can take appropriate steps.

Automated Decision-Making

We may use automated tools for fraud, abuse, and security screening (for example, suspicious payment or network activity). You can request human review where required by law.

Processor Role & Data Processing Addendum (DPA)

For Customer Content you host on our infrastructure, you are the data controller and we are your processor. Our DPA (including Standard Contractual Clauses where applicable) governs such processing. Contact contact@onewehost.com to obtain or execute the DPA.

Changes to This Policy

We may update this Policy from time to time. If changes are material, we will provide notice (for example, by email or dashboard notice). The “Effective date” above shows the latest version.

Contact

Email: contact@onewehost.com

Cookie Policy

Effective date: 08 November 2025

This Cookie Policy explains how Onewehost uses cookies and similar technologies on onewehost.com and related pages. It should be read together with our Privacy Policy.

What Are Cookies?

Cookies are small text files placed on your device that help websites function, remember preferences, and enhance security. Similar technologies include local storage and pixels.

How We Use Cookies

• Strictly necessary: required for core functionality (authentication/session, load balancing, security/anti-fraud, billing flows). These cannot be switched off in our systems.
• Functional: remember choices such as language/region and UI preferences.
• Performance: lightweight, first-party measurements to ensure reliability and uptime (no third-party analytics or ad pixels).

We do not use third-party analytics (e.g., Google Analytics) or advertising cookies.

Examples of Cookies We Set

• session_id : strictly necessary; maintains your logged-in session; expires when you sign out or after inactivity.
• csrf_token : strictly necessary; protects forms from CSRF attacks; short-lived.
• locale : functional; saves language/region preference; persistent until cleared.
• cookie_consent : functional; records your cookie choices; persistent until cleared.

Consent (EEA/UK)

In the EEA/UK, strictly necessary cookies are used without consent. If we ever introduce optional cookies (e.g., analytics or marketing), we will request your prior consent via a cookie banner and allow you to manage preferences at any time.

Managing Cookies

You can manage cookies in your browser settings and via our site controls (where available). Disabling strictly necessary cookies may impair site functionality.

Updates to This Cookie Policy

We may update this Cookie Policy from time to time. Material changes will be communicated (e.g., banner or dashboard notice). Please check the “Effective date” above.