eXthus Cloud Privacy Policy

Last updated: 14 May 2026
Business name: eXthus Cloud / eXthus
Website: https://exthus.cloud
Contact: hello@exthus.cloud

1. Introduction

This Privacy Policy explains how eXthus Cloud collects, uses, stores and protects personal information.

We provide hosting, domain, email, support, website management and related services.

This policy applies when you:

  • visit our website;
  • create an account;
  • place an order;
  • use our client area;
  • contact us;
  • submit a support ticket;
  • use our hosting or related services;
  • receive communications from us.

The UK GDPR requires organisations to provide clear information about how personal information is used, including the purposes of processing, retention periods and who information is shared with.

2. Who We Are

For account, billing, sales, support and business administration data, eXthus Cloud is usually the data controller.

For personal data that you upload, store or process through your own website, hosting account, database, email account or application, you are usually the data controller and we may act as your processor.

Contact:

eXthus Cloud
Email: hello@exthus.cloud
Website: https://exthus.cloud

3. Personal Information We Collect

We may collect the following types of personal information.

Account and contact information

  • name;
  • business name;
  • email address;
  • telephone number;
  • billing address;
  • account login details;
  • client area account details.

Billing and payment information

  • invoice details;
  • payment status;
  • billing history;
  • transaction references;
  • payment method details.

We do not usually store full card details ourselves where payments are handled by third-party payment processors.

Service information

  • domains;
  • hosting package details;
  • IP addresses;
  • DNS records;
  • server details;
  • support history;
  • service usage;
  • account configuration;
  • login and access logs;
  • backup and monitoring information.

Support information

  • support tickets;
  • emails;
  • screenshots;
  • error messages;
  • login details you choose to provide;
  • technical diagnostic information;
  • files or data needed to investigate an issue.

Website and analytics information

When you visit our website or client area, we may collect:

  • IP address;
  • browser type;
  • device type;
  • operating system;
  • pages visited;
  • referral source;
  • approximate location;
  • date and time of access;
  • cookies and similar technologies.

Marketing information

Where you opt in or where otherwise permitted by law, we may process:

  • marketing preferences;
  • email engagement;
  • communication preferences;
  • enquiries and responses.

4. How We Collect Personal Information

We collect personal information when:

  • you provide it directly;
  • you create an account;
  • you place an order;
  • you contact us;
  • you submit a support ticket;
  • you use our services;
  • your systems interact with our servers;
  • you make a payment;
  • you subscribe to updates or marketing;
  • cookies, logs or analytics tools collect technical data.

The ICO says privacy information should normally be provided at the time personal data is collected directly from an individual.

5. Why We Use Personal Information

We use personal information to:

  • create and manage your account;
  • provide hosting and related services;
  • process orders;
  • register, renew or manage domains;
  • issue invoices;
  • process payments;
  • provide support;
  • monitor service performance;
  • protect service security;
  • investigate technical issues;
  • prevent fraud and abuse;
  • comply with legal obligations;
  • communicate service updates;
  • send renewal reminders;
  • send billing reminders;
  • improve our website and services;
  • send marketing where permitted.

6. Lawful Bases for Processing

We rely on different lawful bases depending on the purpose.

Contract

We process personal information where needed to provide services you have ordered or requested.

This includes account setup, hosting, billing, support, domain services and service communications.

Legal obligation

We process information where required by law, including accounting, tax, fraud prevention, legal requests and regulatory obligations.

Legitimate interests

We process information where necessary for our legitimate business interests, provided those interests are not overridden by your rights.

This may include:

  • service monitoring;
  • security logging;
  • fraud prevention;
  • improving services;
  • customer support;
  • business administration;
  • limited business-to-business communications;
  • enforcing our terms.

Consent

We rely on consent where required, such as some marketing communications or optional cookies.

You can withdraw consent at any time where processing is based on consent. The ICO states that people should be told they can withdraw consent and that it should be as easy to withdraw as to give.

7. Marketing

We may send marketing emails if you have opted in or where we are otherwise allowed to do so under applicable law.

You can unsubscribe at any time by using the unsubscribe link in our emails or contacting us.

We will not sell your personal information to third-party advertisers.

8. Cookies and Similar Technologies

Our website and client area may use cookies and similar technologies.

Cookies may be used to:

  • keep you logged in;
  • remember preferences;
  • secure forms;
  • protect against fraud;
  • process shopping cart actions;
  • analyse website usage;
  • improve performance;
  • support payment and checkout functions.

Some cookies are necessary for the website and client area to work. Others may be optional.

Where required, we will ask for consent before using non-essential cookies.

9. Who We Share Personal Information With

We may share personal information with trusted third parties where necessary to provide services, operate our business, comply with law or protect our rights.

This may include:

  • hosting and infrastructure providers;
  • domain registrars and registries;
  • payment processors;
  • backup providers;
  • monitoring providers;
  • email delivery providers;
  • security providers;
  • professional advisers;
  • accountants;
  • legal advisers;
  • fraud prevention services;
  • support software providers;
  • analytics providers;
  • law enforcement or regulators where required.

We only share information where there is a valid reason to do so.

10. Domains and WHOIS Data

If you register or transfer a domain, personal information may be shared with registrars, registries and domain infrastructure providers.

Depending on the domain type and registry rules, some domain registration information may be processed, published, verified or retained by registry or registrar systems.

Domain registration is subject to the rules and policies of the relevant registry and registrar.

11. International Transfers

Some suppliers or systems may process data outside the United Kingdom.

Where this happens, we will take reasonable steps to ensure appropriate safeguards are in place, such as adequacy regulations, contractual protections or other lawful transfer mechanisms.

12. Data Retention

We keep personal information only for as long as necessary.

Retention periods depend on the type of information and the reason it is held.

Examples:

  • account records: for as long as your account is active and for a reasonable period afterwards;
  • invoices and accounting records: normally up to 6 years for tax and accounting purposes;
  • support tickets: for as long as needed for service history, legal, security and support reasons;
  • server logs: usually kept for a limited period unless needed for security, abuse investigation or legal reasons;
  • backups: retained according to the backup schedule for the service;
  • marketing records: until you unsubscribe or we no longer need them.

We may retain information longer where required for legal claims, fraud prevention, security investigations, disputes or compliance.

13. Security

We use reasonable technical and organisational measures to protect personal information.

These may include:

  • access controls;
  • password protection;
  • SSL/TLS encryption;
  • firewall and server security measures;
  • malware scanning;
  • monitoring;
  • backup systems;
  • limited staff or contractor access;
  • security updates;
  • supplier security controls.

No system can be guaranteed to be completely secure. You should use strong passwords, keep login details private and notify us quickly if you suspect unauthorised access.

14. Your Rights

Under UK data protection law, you may have rights including:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object;
  • rights related to automated decision-making and profiling.

The rights available depend on the lawful basis and the circumstances.

The ICO says the right to object must be brought to people’s attention clearly and separately from other information where relevant.

15. Right to Object

You have the right to object to processing based on legitimate interests in certain circumstances.

You can also object to direct marketing at any time.

To object, contact us at:

hello@exthus.cloud

16. Accessing or Updating Your Information

You can access or update some account information through the client area.

You can also contact us to request access to, correction of, or deletion of personal information.

We may need to verify your identity before responding to certain requests.

17. Complaints

If you are unhappy with how we handle your personal information, please contact us first so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office, the UK data protection regulator.

ICO website: https://ico.org.uk

18. Customer Website Data

If you use our hosting services to collect or process personal data through your own website, application, email account or database, you are responsible for your own compliance with data protection law.

This may include:

  • having your own privacy policy;
  • using lawful bases for processing;
  • managing cookies and consent;
  • responding to data subject requests;
  • securing your website;
  • keeping software updated;
  • choosing what data you collect;
  • controlling who has access.

Where we process such data on your behalf as part of hosting or support, we usually act as your processor.

19. Children’s Data

Our services are intended for businesses and adults.

We do not knowingly collect personal information from children for account creation or service purchase.

If you believe a child has provided personal information to us, contact us.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The latest version will be published on our website.

If changes are significant, we may provide additional notice where appropriate.

21. Contact Us

Questions about this Privacy Policy or your personal information should be sent to:

eXthus Cloud
Email: hello@exthus.cloud
Website: https://exthus.cloud