Privacy Policy
How we collect, use, and protect your personal data.
1. Data Controller
WebDNS ("we", "us", "our") is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at our support email.
2. What Data We Collect
We collect and process the following categories of personal data:
Account Information
- Name (first and last name)
- Email address
- Password (stored securely using one-way hashing)
- Account creation and login dates
Billing Information
- Payment card details (processed and stored by Stripe; we do not store your full card number)
- Billing address
- Transaction and invoice history
Service Data
- Domain names you register with our service
- Mailbox email addresses and display names
- Email alias configurations
- DNS configuration records
- Storage usage data
Email Content
- The content of emails sent, received, and stored in your mailboxes is hosted on our mail servers. We do not access or read your email content except as necessary to provide the service (e.g., spam filtering) or as required by law.
Technical Data
- IP address
- Browser type and version
- Device information
- Pages visited and actions taken on our website
- Cookies (see our Cookie Policy)
3. How We Use Your Data
We use your personal data for the following purposes:
- Service provision — To create and manage your account, provision mailboxes, and deliver our email hosting services.
- Payment processing — To process subscription payments and manage billing.
- Communication — To send you service-related notifications, such as account confirmations, billing reminders, and support responses.
- Security — To protect against fraud, abuse, and unauthorised access to our systems.
- Compliance — To comply with our legal obligations.
- Improvement — To improve and maintain the quality, performance, and reliability of our services.
4. Legal Basis for Processing (GDPR)
We process your personal data on the following legal bases:
- Performance of a contract — Processing necessary to provide you with our email hosting services (Article 6(1)(b) UK GDPR).
- Legitimate interests — Processing necessary for our legitimate business interests, such as fraud prevention, service improvement, and security (Article 6(1)(f) UK GDPR).
- Legal obligation — Processing necessary to comply with our legal obligations (Article 6(1)(c) UK GDPR).
- Consent — Where we have obtained your consent for specific processing activities, such as marketing communications (Article 6(1)(a) UK GDPR).
5. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:
- Account data — Retained for the duration of your account and for a reasonable period after closure to allow for account recovery.
- Email content — Retained for the duration of your account. Upon account termination, email data is permanently deleted within 30 days.
- Billing records — Retained for 7 years in accordance with UK tax and accounting requirements.
- Support tickets — Retained for the duration of your account.
6. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can request that we correct any inaccurate or incomplete data.
- Right to erasure — You can request that we delete your personal data, subject to our legal obligations.
- Right to restrict processing — You can request that we restrict the processing of your data in certain circumstances.
- Right to data portability — You can request a copy of your data in a structured, commonly used, machine-readable format.
- Right to object — You can object to the processing of your data where we rely on legitimate interests.
- Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at our support email. We will respond to your request within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
7. Third-Party Services
We use the following third-party services that may process your personal data:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing | Name, email, payment card details, billing address | stripe.com/privacy |
| Mail Server | Email server infrastructure | Email addresses, mailbox data, email content | Self-hosted infrastructure |
We ensure that all third-party processors provide adequate levels of data protection and are bound by appropriate contractual obligations.
8. International Data Transfers
Your data is primarily stored and processed within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- TLS encryption for all data in transit
- Encrypted storage for sensitive data at rest
- Secure password hashing using industry-standard algorithms
- Regular security reviews and updates
- Access controls limiting data access to authorised personnel only
10. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete such information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to you via email or through the Service.
12. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us at:
