Who we are
Suggested text: Our website address is: http://xdahost.com.
This privacy policy governs the manner in which XDAHost uses, maintains, and discloses information collected from its customers and users of our Services.
Privacy
XDAHost is committed to developing long-lasting relationships based on trust. As such, XDAHost will do everything in its power to ensure that your right to privacy is maintained and protected. Our Services are not directed at children under 13 years of age.
Information We Collect
XDAHost cares about your privacy. For this reason, we collect and use personal data only as it might be needed for us to deliver to you our world-class products, services, and websites (collectively, our “Services”). Your personal data includes information such as:
Name, Address, Contact Number, Email address, Website details
Other data collected that could directly or indirectly identify you.
Our Privacy Policy is intended to describe to you how and what data we collect, and how and why we use your personal data. It also describes options we provide for you to access, update, or otherwise take control of the personal data that we process.
If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at [email protected]. This inbox is actively monitored and managed so that we can deliver an experience that you can confidently trust.
We collect information so that we can provide the best possible experience when you utilize our Services. Much of what you likely consider personal data is collected directly from you when you:
1. create an account or purchase any of our Services (eg: billing information, including name, address, and payment details);
2. request assistance from our customer support team (eg: phone number, case notes);
3. complete contact forms or request newsletters or other information from us (eg: email); or
4. participate in contests and surveys, apply for a job, or otherwise participate in activities we promote that might require information about you.
However, we also collect additional information when delivering our Services to you to ensure necessary and optimal performance. These methods of collection may not be as obvious to you, so we wanted to highlight and explain below a bit more about what these might be (as they vary from time to time) and how they work:
Account related information is collected in association with your use of our Services, such as account number, purchases, when products renew or expire, information requests, support requests, and notes or details explaining what you asked for and how we responded.
Cookies and similar technologies on our websites allow us to track your browsing behavior, links clicked, items purchased, your device type, and to collect various data, including analytics, about how you use and interact with our Services. This allows us to provide you with more relevant product offerings, a better experience on our sites and mobile applications, and to collect, analyze, and improve the performance of our Services. We may also collect your location (IP address) so that we can personalize our Services. For additional information, and to learn how to manage the technologies we utilize, please visit our Cookie Policy.
Data about Usage of Services is automatically collected when you use and interact with our Services, including metadata, log files, cookie/device IDs, and location information. This information includes specific data about your interactions with the features, content, and links (including those of third parties, such as social media plugins) contained within the Services, IP address, browser type, and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data, information about devices accessing the Services, including the type of device, what operating system is used, device settings, application IDs, unique device identifiers and error data, and some of this data collected might be capable of and be used to approximate your location.
Supplemented Data may be received about you from other sources, including publicly available databases or third parties from whom we have purchased data, in which case we may combine this data with information we already have about you so that we can update, expand, and analyze the accuracy of our records, identify new customers, and provide products and services that may be of interest to you. If you provide us with personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
How we use this Information
We strongly believe in both minimizing the data we collect and limiting its use and purpose to only that (1) for which we have been given permission, (2) as necessary to deliver the Services you purchase or interact with, or (3) as we might be required or permitted for legal compliance or other lawful purposes. These uses include:
Delivering, improving, updating, and enhancing the Services we provide to you. We collect various information relating to your purchase, use, and/or interactions with our Services. We utilize this information to:
Improve and optimize the operation and performance of our Services (again, including our websites and mobile applications).
Diagnose problems with and identify any security risks, errors, or needed enhancements to the Services.
Detect and prevent fraud and abuse of our Services and systems.
Collecting aggregate statistics about the use of the Services.
Understand and analyze how you use our Services and what products and services are most relevant to you.
Often, much of the data collected is aggregated or statistical data about how individuals use our Services and is not linked to any personal data, but to the extent it is itself personal data or is linked or linkable to personal data, we treat it accordingly.
Sharing with trusted third parties. We may share your personal data with affiliated companies within our corporate family, with third parties with which we have partnered to allow you to integrate their services into our own Services, and with trusted third-party service providers as necessary for them to perform services on our behalf, such as:
Processing credit card payments
Serving advertisements
Conducting contests or surveys
Performing analysis of our Services and customer’s demographics
Communicating with you, such as by way of email or survey delivery
Customer relationship management
We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilizing, sharing, or retaining your personal data for any purpose other than as they have been specifically contracted for (or without your consent).
Communicating with you. We may contact you directly or through a third-party service provider regarding products or services you have signed up to or purchased from us, such as necessary to deliver transactional or service-related communications. We may also contact you with offers for additional services we think you’ll find valuable if you give us consent, or where allowed based upon legitimate interests. You don’t need to provide consent as a condition to purchase our goods or services. These contacts may include:
Email Address, Text (SMS) messages, Telephone calls, Automated phone calls or text messages
You may also update your subscription preferences with respect to receiving communications from us and/or our partners by accessing your “my” page or by simply sending us an e-mail at [email protected].
If we collect information from you in connection with a co-branded offer, it will be clear at the point of collection who is collecting the information and whose privacy policy applies. In addition, it will describe any choice options you have in regard to the use and/or sharing of your personal data with a co-branded partner, as well as how to exercise those options.
If you make use of a service that allows you to import contacts (eg. using email marketing services to send emails on your behalf), we will only use the contacts and any other personal information for the requested service. If you believe that anyone has provided us with your personal information and you would like to request that it be removed from our database, please contact us at [email protected].
Transfer of personal data abroad. If you utilize our Services from a country other than the country where our servers are located, your communications with us may result in transferring your personal data across international borders. Also, when you call us or initiate a chat, we may provide you with support from one of our global locations outside your country of origin. Your personal data will be transferred and processed outside of the EEA. In these cases, your personal data is handled according to this Privacy Policy.
Compliance with legal, regulatory, and law enforcement requests. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to the government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal processes (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of the legal process. We will also share your information to the extent necessary to comply with ICANN or any ccTLD rules, regulations, and policies when you register a domain name with us.
Website analytics. We use multiple web analytics tools provided by service partners such as Google Analytics, Facebook Pixel, and Twitter Pixel, to collect information about how you interact with our website or mobile applications, including what pages you visit, what site you visited prior to visiting our website, how much time you spend on each page, what operating system and web browser you use and network and IP information. We use the information provided by these tools to improve our Services. These tools place persistent cookies in your browser to identify you as a unique user the next time you visit our website. Each cookie cannot be used by anyone other than the service provider (eg: Google for Google Analytics and FaceBook). The information collected from the cookie may be transmitted to and stored by these service partners on servers in a country other than the country in which you reside. Though the information collected does not include personal data such as name, address, billing information, etc., the information collected is used and shared by these service providers in accordance with their individual privacy policies. You can control the technologies we use by managing your settings through our Cookie Policy or the ‘cookie banners” that may be presented (depending on the URL of the website visited) when you first visit our web pages, or by utilizing settings in your browser or third-party tools, such as Disconnect, Ghostery, and others.
Targeted advertisements. Targeted ads or interest-based offers may be presented to you based on your activities on our web pages, and other websites, and based on the products you currently own. These offers will be displayed as varying product banners presented to you while browsing. We also partner with third parties to manage our advertising on our web pages and other websites such as Facebook, Twitter, Google, and Microsoft. Our third-party partners may use technologies such as cookies to gather information about such activities in order to provide you with advertising based on your browsing activities and interests and to measure advertising effectiveness. If you wish to opt out of interest-based advertising in the European Union please let us know at [email protected]. Please note you will continue to receive generic ads.
Third-party websites. Our website and our mobile applications contain links to third-party websites. We are not responsible for the privacy practices or the content of third-party sites. Please read the privacy policy of any website you visit.
Who do we share your data with
XDAHost may also disclose aggregate, anonymous, data based on information collected from Users to investors and potential partners. In such cases, statistical information only will be disclosed and personally identifiable data will be kept strictly confidential. In case XDAHost is sold, the information collected from users may be transferred to the new owners.
XDAHost may from time to time engage third parties, including its own subsidiaries and affiliated companies, to preserve, analyze or otherwise store or manipulate data received by XDAHost from its customers. In all such cases, such third-party service providers will be required to treat all such data with the same degree of care as XDAHost and they will be prohibited from disclosing such data to any other person or party, except as otherwise provided in this Privacy Policy.
Special Offers and Updates
Our customers and users will occasionally receive information on products, services, special deals, and possibly a newsletter. Out of respect for the privacy of our users, we present the option to not receive these types of communication.
Service Announcements
On rare occasions, it is necessary to send out a strictly service-related announcement, if, for instance, our service is temporarily suspended for maintenance. Generally, users may not opt out of these communications, though they can deactivate their accounts. However, these communications are not promotional in nature.
Legal Disclaimer
Though we make every effort to preserve your privacy, we may need to disclose personal information when required by law, if we have a good-faith belief that such action is necessary and required to comply with a current judicial proceeding, a court order or legal process served on XDAHost.
XDAHost websites contain links to other sites. Please be aware that XDAHost is not responsible for the privacy practices of such other sites. We encourage you to read the privacy statements of each and every Web site that collect personally identifiable information. The XDAHost Privacy Policy as described herein applies solely to information collected by XDAHost.
Maintenance of Information
The information provided to XDAHost is saved indefinitely and may be stored in one or more databases directly or indirectly maintained by XDAHost. XDAHost employs industry-standard security measures to protect the confidentiality of the information.
While we cannot guarantee that loss, misuse, or alteration to data will not occur; we make every effort to prevent such occurrences. Any other particularly sensitive information, such as credit card numbers collected for commercial transactions, is encrypted prior to transmission by you to XDAHost.
Also, you can access, edit, and update your personal details in your Lab at any time – however, if you have any issues doing this, just send us a quick message at [email protected] and we will be more than happy to assist you in just a couple of minutes.
How we secure, store, and retain your data
We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate.
We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
mandated by law, contract, or similar obligations applicable to our business operations;
for preserving, resolving, defending, or enforcing our legal/contractual rights; or
needed to maintain adequate and accurate business and financial records.
If you have any questions about the security or retention of your personal data, you can contact us at [email protected].
Your Responsibility
You are responsible for the security of the login information, such as usernames and passwords, which give you access to your private information maintained by XDAHost. Make sure you keep login information in a safe place and do not share it with others.
Note that key-loggers, viruses, or other surveillance devices can intercept login information on the computers from which you access our Services, so you should take precautions regarding such devices, especially from public computers. In addition, you should always log out from any relevant Services when you are not actively using them.
Changes in our Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty (30) days prior to the implementation of the changes.
Infrastructure and data security access and manipulation
According to the GDPR, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
XDAHost operates a global infrastructure designed to provide state-of-the-art security through the entire information processing lifecycle. This infrastructure is built to provide secure deployment of services, secure storage of data with end-user privacy safeguards, secure communications between services, secure and private communication with customers over the Internet, and safe operation by administrators.
We designed the security of our infrastructure in layers that build upon one another, from the physical security of our upstream providers ( Amazon, DigitalOcean, IBM, etc. ), to the security protections of our hardware and software, to the processes we use to support operational security. This layered protection creates a strong security foundation for everything we do.
XDAHost uses encryption to protect data in transit and at rest. Data in transit is protected using HTTPS, which is activated by default for all users and any other type of data is stored on machines that have at least 3 layers of security with limited access for anyone in the company.
For XDAHost employees, access rights and levels are based on job function and role, using the concepts of least privilege and need-to-know to match access privileges to defined responsibilities. Requests for additional access follow a formal process that involves a request and approval from a data or system owner, manager, or other executives, as dictated by XDAHost’s security policies.
We scan for vulnerabilities using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits. We also rely on the broader security research community and greatly value their help in identifying vulnerabilities in all of our products. Our encourages researchers to report design and implementation issues that may put customer data at risk and most of the time we reward them with credit and free XDAHost’s services.
Each and every customer can enable 2-factor authentication. 2-step verification greatly reduces the risk of unauthorized access by asking users for additional proof of identity when signing in. This can be enabled for the Lab panel and for cPanel/WHM as well ( if you don’t know how to do it, just let us know at [email protected] ).
On our infrastructure, we also use an in-house developed firewall that watches any suspicious login attempt and helps detect suspicious logins using robust machine learning capabilities – also the entire infrastructure is monitored in real-time 24/7/365 by real humans that can be proactive and take care of any kind of suspicious activity at the server level.
If you have any questions, concerns, or complaints about our Privacy Policy, our practices, or our Services, you may contact our Office of the DPO by email at [email protected]