Privacy Policy — EstHost

EstHost is committed to protecting your personal data in accordance with GDPR (EU 2016/679).

1. Who We Are (Data Controller)

EstHost (hereinafter "we", "us", or "EstHost") is the data controller responsible for your personal data. We are registered in Estonia and operate under Estonian and European Union law.

Contact: privacy@esthost.ee
Data Protection Inquiries: Contact Form

2. What Data We Collect

Category	Data	Why
Account	Username, email address, hashed password	To create and manage your account
Billing	Payment method, transaction IDs, billing history	To process payments and maintain records
Service	VPS configurations (CPU, RAM, storage), orders	To provision and manage your services
Technical	IP addresses, login timestamps, browser info	Security, fraud prevention, troubleshooting

We do not store full card numbers. Payment card data is handled exclusively by our PCI-DSS certified payment processors (LHV EveryPay, PayPal).

3. Legal Basis for Processing

Contract performance (Art. 6(1)(b) GDPR) — processing necessary to provide the services you ordered
Legal obligation (Art. 6(1)(c) GDPR) — compliance with Estonian tax law, EU regulations
Legitimate interests (Art. 6(1)(f) GDPR) — fraud prevention, network security, service improvement
Consent (Art. 6(1)(a) GDPR) — for optional marketing communications (you can withdraw at any time)

4. How We Use Your Data

Creating and managing your EstHost account
Provisioning, operating, and maintaining your services
Processing payments and sending invoices
Sending service-critical notifications (downtime alerts, invoices, expiry notices)
Detecting and preventing fraud, abuse, and security threats
Complying with legal and regulatory requirements

5. Third-Party Processors

We share data only with trusted processors under GDPR-compliant data processing agreements:

LHV EveryPay (Estonia) — card payment processing
PayPal Europe S.à r.l. (Luxembourg) — PayPal subscription payments

We do not sell your personal data to third parties.

6. Data Retention

We retain your data for as long as your account is active. After account closure:

Billing and transaction records are kept for 7 years as required by Estonian accounting law
Support and communication logs are kept for 3 years
Account data is deleted within 90 days of account closure unless a legal hold applies

7. Your Rights Under GDPR

Right of Access Request a copy of all personal data we hold about you

Right to Rectification Correct inaccurate or incomplete data

Right to Erasure Request deletion of your data ("right to be forgotten")

Right to Restriction Restrict how we process your data in certain situations

Right to Portability Receive your data in a machine-readable format

Right to Object Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@esthost.ee or use our contact form. We will respond within 30 days.

8. Cookies

EstHost uses only essential session cookies required for authentication and security. We do not use tracking cookies or third-party advertising cookies. No cookie consent banner is required as we use only strictly necessary cookies.

9. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (TLS/HTTPS), hashed passwords (bcrypt), and access controls limiting staff access to customer data.

10. International Transfers

Your data is processed and stored within the European Economic Area (EEA). Where we use processors outside the EEA (such as PayPal), appropriate safeguards (Standard Contractual Clauses) are in place.

11. Supervisory Authority

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you believe we have violated your rights:

Website: www.aki.ee
Email: info@aki.ee
Phone: +372 627 4135

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice in your client panel. The "last updated" date at the top of this page reflects the most recent revision.