Limited Time: Get 50% off your first 3 months — Use code CLOUD50
HostUpCloud
Privacy Policy

Data Privacy Policy

This Privacy Policy explains how HostupCloud and its group entities collect, use, store, and protect your personal data when you use our websites and services. We are committed to transparency and compliance with applicable privacy laws across all jurisdictions we operate in.

Last updated: 22 February 2026  · Effective: 22 February 2026

2026 Compliance Update: This policy has been updated to reflect the UK Data (Use and Access) Act 2025, India DPDP Rules 2025, EU Data Act (effective Sept 2025), NIS2 Directive (Oct 2024), and 20+ US state privacy laws active as of 2026.

Data Controller

The entity that acts as data controller depends on the services you use and your location. All entities trade under the HostupCloud brand.

🇮🇳

HOSTUP CLOUD TECHNOLOGIES PRIVATE LIMITED

No. 66/1, Coles Road, Cleveland Town, Frazer Town, Bengaluru – 560005, India

+91 87625 28280

Controller for customers in India and globally by default

🇬🇧

AL-GHANI NURNET CLOUD TECHNOLOGIES UK LTD

First Floor Office, 3 Hornton Place, London, W8 4LZ, United Kingdom

+44 7441 369929

Controller for customers in the United Kingdom

🇺🇸

HOSTUPCLOUD, INC.

30 N Gould St, Ste R, Sheridan, WY 82801, USA

+1 334 336 0990

Controller for customers in the United States

Privacy contact

For all privacy-related queries, contact us at privacy@hostupcloud.com. We aim to respond within 15 business days.

Applicable Privacy Laws

We comply with privacy laws across all jurisdictions we operate in. The law that applies to you depends on your location.

🇮🇳

Digital Personal Data Protection Act 2023 + DPDP Rules 2025

India customers; DPDP Rules notified 2025 — Data Protection Board of India being constituted

🇬🇧

UK GDPR + Data (Use and Access) Act 2025

UK customers. The Data (Use and Access) Act 2025 reformed UK GDPR and the DPA 2018.

🇺🇸

CCPA/CPRA + 20 state privacy laws + COPPA 2.0

US customers; California, Virginia, Colorado, Texas, Oregon, Montana, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, Nebraska, Rhode Island + more active from 2024–2026. Federal APRA under consideration.

🇪🇺

EU GDPR + EU Data Act 2023 + NIS2 Directive + EU AI Act

EU customers. EU Data Act effective Sept 2025. NIS2 transposed Oct 2024. EU AI Act prohibited-use provisions effective Feb 2025.

Data We Collect

We collect only the data necessary to provide, secure, and improve our services. We never sell your personal data to third parties.

Account & Identity

  • Full name
  • Email address
  • Phone number
  • Billing address
  • Payment method details (tokenised — we never store raw card numbers)

Technical & Device

  • IP address
  • Browser type & version
  • Operating system
  • Device identifiers
  • Geolocation (country / city level via MaxMind GeoIP2)

Usage & Logs

  • Pages visited, features used
  • Bandwidth and resource consumption
  • Server access logs
  • Support ticket content
  • Order and billing history

Security & Authentication

  • Login timestamps
  • Failed login attempts
  • Two-factor authentication events
  • API key activity logs
  • Session tokens (hashed)

How We Use Your Data

Service Delivery

Provision, activation, and management of hosting, cloud, and domain services you purchase from us.

Billing & Payments

Processing payments via Razorpay (India) and other processors. Card details are tokenised — we store only the last 4 digits, brand, and a Razorpay token. We never store raw card numbers.

Account & Security

Authentication, two-factor verification, abuse detection, fraud prevention, and account isolation.

Support & Communication

Responding to support tickets, live chat, billing queries, and service notifications.

Legal Compliance

Meeting obligations under GST (India), tax laws (UK/US), law enforcement requests, and record-keeping requirements.

Service Improvement

Aggregate and anonymised analytics to improve performance, reliability, and user experience. No individual profiling.

Geolocation (MaxMind)

We use MaxMind GeoIP2 to detect country and city from IP address for currency display, fraud prevention, and compliance — not for tracking individuals.

Legal Basis for Processing

Contract Performance

Processing necessary to deliver the services you purchased — account management, service activation, billing.

Legal Obligation

Tax records, GST compliance (India), AML/KYC obligations, and responding to lawful government requests.

Legitimate Interest

Fraud prevention, network security, abuse detection, and service analytics — balanced against your privacy rights.

Consent

Marketing emails and optional analytics. You may withdraw consent at any time by emailing privacy@hostupcloud.com or unsubscribing.

Data Sharing & Third Parties

We do not sell your personal data. We share data only with trusted processors necessary to deliver our services:

Razorpay

Payment processing (India). Handles card data under PCI-DSS compliance. We store only tokenised references.

Cashfree Payments

India KYC — PAN verification, Aadhaar Offline XML KYC, and bank account verification (RBI-licensed).

Stripe Identity

International KYC — automated ID document + selfie verification for customers outside India.

MaxMind GeoIP2

Country / city geolocation from IP address for fraud prevention and currency display.

Cloudflare

DDoS protection, CDN, and DNS. Processes IP addresses at the network edge.

Email / Support Providers

Transactional email delivery and ticketing system. Data is processed under data processing agreements.

CERT-In / MeitY (India)

Mandatory disclosure of cyber incidents and subscriber data under CERT-In Directions 70B (28 Apr 2022), IT Act 2000 §70B. Logs and subscriber data retained 180 days / 5 years respectively.

Legal & Government Authorities

When required by law, valid court order, or to protect the rights, property, or safety of HostupCloud or its users.

Cookies & Tracking

Essential Cookies

Required for authentication, session management, and security. Cannot be disabled.

Required

Preference Cookies

Remember your theme (light/dark), language, and display preferences.

Optional

Analytics Cookies

Aggregate usage data to improve our services. No individual user profiling. Consent required.

Optional

Data Retention

Account & KYC data5 years from account closure (CERT-In Directions 70B, PMLA 2002)
Billing & invoices7 years (GST Act India / Companies Act UK / IRS USA)
Support tickets3 years from ticket resolution
Server / ICT access logs180 days rolling (mandatory — CERT-In Directions 70B, 2022)
Security / audit logs180 days (CERT-In) — extended to 12 months internally
Subscriber registration data5 years (CERT-In Directions 70B for India subscribers)
Backup snapshots30 days (per plan; then securely deleted)

Security Measures

TLS 1.2+ encryption in transit on all services
AES-256 encryption for data at rest
PCI-DSS compliant payment processing via Razorpay
Two-factor authentication available on all accounts
Imunify360 malware scanning on hosting infrastructure
WAF + DDoS protection on all edge endpoints
Role-based access control — need-to-know only
Regular security audits and vulnerability scanning

Your Rights

Your rights depend on your jurisdiction. We honour all of the following regardless of location.

Right to access your personal data
DPDPA · UK GDPR · CCPA · 20 US state laws
Right to correction of inaccurate data
DPDPA · UK GDPR · US state laws
Right to erasure (right to be forgotten)
UK GDPR · CCPA · US state laws
Right to restrict or object to processing
UK GDPR · EU GDPR
Right to data portability
UK GDPR · EU GDPR · EU Data Act 2023
Right to withdraw consent at any time
DPDPA · UK GDPR · EU GDPR
Right to opt-out of sale / sharing / profiling
CCPA/CPRA · TDPSA · VCDPA · 15+ state laws
Right to appeal a decision about your data
VCDPA · Colorado CPA · Connecticut CTDPA · 10+ US state laws
Right to nominate a representative
DPDPA s.14
Right to lodge a complaint with a supervisory authority
UK GDPR (ICO) · EU GDPR · DPDPA (DPBI)

Exercising your rights

Email privacy@hostupcloud.com with your request. We will verify your identity and respond within 15 business days (30 days maximum for complex requests under UK GDPR).

Policy Changes

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email (to the address on your account) and update the "Last updated" date at the top of this page at least 14 days before changes take effect. Continued use of our services after the effective date constitutes acceptance of the revised policy.

Privacy Questions?

Contact our privacy team for data access requests, deletion requests, or any concerns about how we handle your data.

privacy@hostupcloud.com+91 87625 28280