Privacy Policy

At GoHostBiz, we take your privacy seriously. This Privacy Policy explains in comprehensive detail how we collect, use, store, process, share, and protect your personal information when you visit our website, register an account, purchase our services, or otherwise interact with us.

We are committed to protecting your personal data in accordance with applicable Indian laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and other relevant data protection regulations.

GoHostBiz adheres to the following fundamental privacy principles in all our data processing activities. These principles form the foundation of our approach to protecting your personal information:

We collect various types of information to provide, maintain, and improve our services. This information can be categorized into four main groups:

Data Element	When Collected	Purpose	Legal Basis
Full Name	Account registration, checkout	Account identification, billing, legal compliance, support communication	Contractual necessity, legal obligation, legitimate interest
Email Address	Account registration, checkout, newsletter signup	Account management, service notifications, support communication, marketing (with consent)	Contractual necessity, consent, legitimate interest
Phone Number	Account registration, checkout	Account verification, support communication, WhatsApp support, urgent notifications, 2FA	Contractual necessity, legitimate interest
Billing Address	Checkout, invoice generation	GST invoice compliance, payment verification, legal records	Legal obligation (GST laws), contractual necessity
GST Number	Checkout (business customers)	GST-compliant invoicing, input tax credit	Legal obligation (GST Act)
Company Name	Checkout (business customers)	Business account management, billing	Contractual necessity
IP Address	All website visits, logins	Security monitoring, fraud prevention, access logs, geolocation for compliance	Legitimate interest, legal obligation
Government ID	Specific verification requirements	Identity verification (if fraud suspected), legal compliance	Legal obligation, legitimate interest

When you visit our website or use our services, certain technical information is automatically collected through server logs, cookies, and similar technologies. This information is essential for service delivery, security, and improvement:

Our servers automatically record information when you access our website or services, including:

• IP Address: Your public IP address at the time of access
• Timestamp: Date and time of each request/visit
• Request Details: Pages visited, files accessed, API calls made
• Referrer URL: The website from which you arrived (if any)
• User Agent: Browser type, version, and operating system
• Response Status: HTTP status codes indicating success or errors

We collect information about the device and browser you use to access our services to ensure compatibility and optimize your experience:

• Browser type and version (Chrome, Firefox, Safari, etc.)
• Operating system (Windows, macOS, Linux, Android, iOS)
• Screen resolution and viewport size
• Device type (desktop, tablet, mobile)
• Language preferences
• Timezone settings

We use analytics tools to understand how our services are used. This helps us improve our platform:

• Pages visited and time spent on each page
• Features and tools used within the control panel
• Navigation patterns and user flow
• Error encounters and bug reports
• Performance metrics (page load times, server response times)

Analytics data is typically aggregated and anonymized and does not personally identify you.

When you use our hosting services, we collect operational data necessary for service provision:

• Resource usage (CPU, RAM, disk space, bandwidth consumption)
• Inode count and file system usage
• Database sizes and query counts
• Email account configurations and usage
• FTP and control panel login activity
• Scheduled task (cron job) execution logs

Payment Data	Stored by GoHostBiz?	Stored by Payment Gateway?
Full Card Number (16 digits)	NO Not stored	YES Encrypted per PCI-DSS
Card Expiry Date	NO Not stored	YES Encrypted per PCI-DSS
CVV/CVC Code	NO Not stored	NO Not stored (one-time use)
Card Holder Name	NO Not stored	YES For fraud checks
UPI ID	YES For refunds	YES Transaction record
Transaction ID	YES For billing records	YES Transaction record
Payment Amount & Date	YES For invoicing	YES Transaction record

We use your personal information for the following specific purposes. We do not use your data for any purpose not listed here without your explicit consent:

• Creating, maintaining, and managing your GoHostBiz account
• Provisioning, configuring, and delivering the hosting services you purchased
• Processing your orders, payments, and invoices
• Providing access to control panels, dashboards, and account management tools
• Verifying your identity to prevent unauthorized access and fraud
• Communicating service-related updates, maintenance schedules, and technical notifications

• Responding to your support tickets, queries, and requests via all channels
• Providing technical assistance and troubleshooting
• Sending service expiry reminders, renewal notices, and invoice communications
• Notifying you of changes to our terms, policies, or services
• Sending security alerts and important account notifications

• Analyzing usage patterns to improve our services and user experience
• Monitoring server performance and resource utilization
• Identifying and fixing bugs, errors, and technical issues
• Conducting customer satisfaction surveys and feedback collection
• Developing new features and services based on usage trends

• Detecting, preventing, and investigating fraudulent transactions
• Monitoring for unauthorized access attempts and security breaches
• Enforcing our Terms of Service and Acceptable Use Policy
• Protecting our infrastructure against DDoS attacks, malware, and abuse
• Complying with legal obligations and law enforcement requests

• Sending promotional offers, discounts, and new service announcements (only with your consent)
• Informing you about upgrades, addons, and complementary services
• Sharing newsletters, blog posts, and educational content
• Inviting you to participate in referral programs or loyalty rewards

Under applicable data protection laws, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

Legal Basis	Description	When We Rely on This Basis
Contractual Necessity	Processing is necessary to fulfill our contract with you or to take steps at your request before entering into a contract.	Account creation, service provisioning, payment processing, delivering purchased services, providing support
Legal Obligation	Processing is necessary to comply with a legal obligation under Indian law.	GST invoicing, maintaining financial records, responding to law enforcement requests, reporting illegal activities
Legitimate Interest	Processing is necessary for our legitimate business interests, provided these are not overridden by your rights and interests.	Security monitoring, fraud prevention, service improvement, analytics, network protection, enforcing Terms of Service
Consent	You have given clear, explicit consent for us to process your data for a specific purpose.	Marketing communications, newsletter subscriptions, non-essential cookies, customer surveys
Vital Interests	Processing is necessary to protect someone's life.	Emergency situations requiring disclosure to protect life or physical safety (extremely rare)

GoHostBiz does not sell, rent, trade, or lease your personal information to third parties. We only share your data in the following limited circumstances:

We share data with trusted third-party service providers who help us operate our business. These providers are contractually bound to protect your data and use it only for the specific services they provide to us:

Provider Category	Examples	Data Shared	Purpose
Payment Gateways	Razorpay, PayU, Instamojo	Name, email, payment amount, transaction details	Processing payments, refunds, and payment verification
Domain Registrars	ResellerClub, LogicBoxes	Name, email, phone, address (for WHOIS)	Domain registration as required by ICANN
Data Center / Server Providers	Upstream infrastructure providers	Account data on provisioned servers	Physical server hosting and network connectivity
Communication Tools	WhatsApp Business API, Email services	Phone number, email address	Support communication and notifications
Analytics Providers	Google Analytics, internal tools	Anonymized usage data, IP address	Website analytics and service improvement

We may disclose your personal data when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation, court order, or government request
• Respond to lawful requests by public authorities, including law enforcement and national security agencies
• Protect and defend the rights, property, or safety of GoHostBiz, our customers, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms of Service or other agreements
• Report illegal activities or content to appropriate authorities

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal data, as well as any choices you may have regarding your data.

Our website, control panel, and services may contain links to third-party websites, plugins, and applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices.

Some specific third-party services we use and links to their privacy policies:

• Razorpay: Payment processing — Privacy Policy
• PayU: Payment processing — Privacy Policy
• cPanel: Control panel software — Privacy Policy
• Google Analytics: Website analytics — Privacy Policy

GoHostBiz implements comprehensive technical, administrative, and physical security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security practices are designed in accordance with the ISO/IEC 27001 framework and the Reasonable Security Practices and Procedures prescribed under the Indian IT Act.

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security) with strong cipher suites
• Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption
• Firewall Protection: Enterprise-grade firewalls (hardware and software) protect our network perimeter
• DDoS Mitigation: Automated DDoS detection and mitigation systems protect against volumetric and application-layer attacks
• Intrusion Detection: IDS/IPS systems monitor network traffic for suspicious activity 24/7
• Malware Scanning: Regular automated scanning for malware, viruses, and malicious code
• Secure Authentication: Support for two-factor authentication (2FA), strong password policies, and brute-force protection
• Regular Updates: All server software, operating systems, and applications are regularly patched and updated

• Access Control: Strict role-based access controls limit employee access to personal data based on job requirements and the principle of least privilege
• Employee Training: All employees receive mandatory data protection and privacy training
• Confidentiality Agreements: All employees, contractors, and third-party providers sign confidentiality and data protection agreements
• Audit Logs: Comprehensive logging of all access to personal data and administrative systems
• Regular Audits: Periodic security audits and vulnerability assessments by internal and external teams
• Incident Response: Documented incident response plan for handling security breaches

• Data Center Security: Our servers are housed in Tier III data centers with 24/7 security personnel, biometric access controls, and CCTV surveillance
• Restricted Access: Only authorized personnel have physical access to server infrastructure
• Environmental Controls: Fire suppression systems, climate control, and redundant power supplies protect physical infrastructure

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When your data is no longer needed, we securely delete or anonymize it.

Data Category	Retention Period	Basis for Retention
Account Information	Duration of account + 2 years after closure	Legal obligations, dispute resolution, record-keeping
Hosting Content & Data	Duration of active service + backup retention period (see Backup Policy)	Service provision, then permanent deletion
Financial/Transaction Records	8 years from transaction date	Legal requirement under Indian tax laws (Income Tax Act, GST Act)
Support Tickets & Communication	3 years from last interaction	Customer service improvement, dispute resolution
Server Logs	30–90 days (rotating)	Security monitoring, debugging
Analytics Data	26 months (anonymized)	Long-term trend analysis
Marketing Consent Records	Duration of consent + 3 years after withdrawal	Proof of consent for compliance

Under applicable data protection laws, you have the following rights regarding your personal data. GoHostBiz is committed to honoring these rights:

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently and provide information to the website owners. GoHostBiz uses cookies and similar technologies (web beacons, pixels, local storage) for the following purposes:

You can control and manage cookies in the following ways:

• Browser Settings: Most browsers allow you to block or delete cookies through their settings. Note that blocking essential cookies may prevent our website from functioning correctly.
• Cookie Consent Banner: When you first visit our website, a cookie consent banner allows you to accept or decline non-essential cookies.
• Google Analytics Opt-out: Install the Google Analytics Opt-out Browser Add-on.
• Third-Party Opt-out: Visit Your Online Choices for EU-based opt-outs or DAA WebChoices for US-based opt-outs.

GoHostBiz's services are not directed at, intended for, or designed to attract individuals under the age of 18 years. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18.

If you are a parent or guardian and believe that your child under 18 has provided us with personal information, please contact our Data Protection Officer immediately so we can take appropriate action.

In the unfortunate event of a data breach involving your personal information, GoHostBiz has established the following response and notification procedures:

1. Immediate Containment: Upon discovery, we will immediately take steps to contain and mitigate the breach, secure affected systems, and prevent further unauthorized access.
2. Investigation: We will conduct a thorough investigation to determine the scope, cause, and impact of the breach, including what data was affected and which individuals are impacted.
3. Notification to Affected Users: If the breach poses a risk to your rights and freedoms, we will notify you without undue delay (and within 72 hours of becoming aware, where feasible) via email to your registered email address. The notification will include:
   • Nature and extent of the breach
   • Categories and approximate number of data records affected
   • Likely consequences of the breach
   • Measures we have taken or propose to take to address the breach
   • Measures you can take to mitigate potential adverse effects
   • Contact details for further information
4. Notification to Authorities: Where required by applicable law, we will notify relevant data protection authorities and regulatory bodies.
5. Documentation: We will maintain a comprehensive record of the breach, our response actions, and lessons learned to prevent future incidents.

GoHostBiz is based in India and primarily stores and processes data on servers located in India. However, certain third-party service providers we use may process data in other countries. When we transfer personal data internationally, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised policy on our website with a prominent notice
• For material changes, send an email notification to all active account holders
• For significant changes affecting your rights, provide at least 14 days' notice before changes take effect

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.