Privacy Framework

Privacy Policy

How we handle and protect your personal information.

1. Introduction

Malevolent Host is committed to protecting your privacy and ensuring that your personal data is handled in compliance with UK data protection laws, including the UK GDPR. This policy explains how we collect, use, store, and protect your personal information.

2. Scope

This policy applies to all individuals who interact with Malevolent Host, including website visitors, customers, and support requesters.

3. Data Controller

Malevolent Host, based in the United Kingdom, is the data controller for all personal information collected through its services.

4. Information We Collect

We may collect the following types of personal data:

  • Contact Information: name, email address, billing address, and phone number.
  • Account Details: username, password (hashed), IP addresses, and user preferences.
  • Payment Information: managed by third-party processors (e.g., Stripe); Malevolent Host does not store card data.
  • Technical Data: server usage, access logs, and browser/device metadata.

5. How We Use Your Information

Your information is used for the following purposes:

  • To provide and manage customer accounts and services.
  • To process payments and issue invoices.
  • To respond to customer support requests.
  • To meet legal and regulatory requirements.
  • To improve service performance and maintain security.

6. Legal Basis for Processing

We process personal data on one or more of the following bases:

  • Consent, where given explicitly.
  • Contractual necessity, to provide the services agreed.
  • Compliance with legal obligations.
  • Legitimate interests, such as preventing fraud or improving services.

7. Data Sharing and Transfers

Personal data may be shared with:

  • Payment processors (Stripe).
  • Infrastructure providers (data centers, hosting partners).
  • Legal authorities if required by law.

Data is not sold or shared for marketing purposes. International transfers are protected using appropriate safeguards, such as Standard Contractual Clauses.

8. Data Retention

Data is retained only as long as necessary for the purpose it was collected.

  • Account data is retained while the account is active and up to 12 months after closure.
  • Billing and invoicing data may be retained for up to 7 years to comply with financial regulations.
  • Logs and analytics may be anonymized and retained indefinitely for security or operational review.

9. Your Rights

Under the UK GDPR, you have the right to:

  • Request access to your data.
  • Request correction of inaccurate data.
  • Request deletion of your data, subject to legal retention requirements.
  • Withdraw consent at any time.
  • Object to processing or request data portability.

10. Contact

For questions about this privacy policy or to exercise your rights, contact: support@malevolenthost.com