Privacy Policy

1. Data controller

For the purposes of this policy, the data controller is EXTHUS LTD (company number 17253986), Registered in England and Wales, trading as eXthus Cloud and operating exthus.cloud and related hosting services. Questions about this policy or your rights: contact us or use the client portal.

2. Scope

This policy covers personal data we process as a hosting provider and website operator. It does not cover how you process personal data about your own website visitors — that is your responsibility as a separate controller. We may act as a processor for some data stored on our servers on your instructions; a data processing agreement can be provided on request where required for your compliance programme.

3. Personal data we collect

Depending on how you interact with us, we may collect:

• Identity and contact data — name, business name, email address, telephone number, billing address;
• Account and order data — client portal username, plan selection, invoices, payment status, support ticket history;
• Technical and usage data — IP address, browser type, device information, pages viewed on our marketing site, referral source, approximate location derived from IP;
• Hosting and security data — server logs, access timestamps, error logs, malware scan results, backup metadata, DNS records associated with your service;
• Communications — messages you send via contact forms, email, or support tickets;
• Website content you host — files and databases stored on our infrastructure as part of the service (which may themselves contain personal data about your end users).

We do not intentionally collect special category data (such as health or biometric data) through our marketing site. Do not upload such data to our systems unless you have a lawful basis and appropriate safeguards.

4. How we collect data

• Directly from you when you register, order, submit forms, or contact support;
• Automatically through cookies, analytics, and server logs when you browse our website or use hosted services;
• From payment providers when you pay invoices (we receive confirmation and limited billing details, not full card numbers stored by us);
• From third parties where lawful, such as fraud-prevention services or domain registries when you order domains through us.

5. How we use your data

We use personal data to:

• Provide, operate, and secure managed WordPress hosting;
• Create and administer client accounts and process payments;
• Respond to enquiries, sales conversations, and support requests;
• Monitor performance, prevent abuse, and investigate security incidents;
• Improve our website and services (including aggregated analytics);
• Comply with legal, tax, and regulatory obligations;
• Enforce our Terms of Service and Acceptable Use Policy.

6. Lawful bases (UK GDPR)

We rely on one or more of the following lawful bases:

• Contract — processing necessary to perform our agreement with you or take pre-contract steps at your request;
• Legitimate interests — operating and improving our business, securing networks, preventing fraud, and communicating with existing customers in a proportionate way that does not override your rights;
• Legal obligation — where we must retain or disclose data to comply with law;
• Consent — where required for non-essential cookies or specific marketing communications; you may withdraw consent at any time.

7. Cookies and analytics

Our marketing website may use cookies and similar technologies. Essential cookies are used for basic functionality and security. Analytics help us understand how visitors use the site.

We use Google Analytics (measurement ID G-CKHP2N8FWM) to collect aggregated usage statistics. Google may process data in the United States or other countries under its own terms. You can limit tracking through browser settings, opt-out tools offered by Google, or cookie preferences where we present them.

For more detail on cookies we use and how to manage them, contact us — we will provide an up-to-date cookie list on request.

8. Sharing your data

We do not sell your personal data. We may share data with:

• Infrastructure and service providers — hosting partners, backup systems, email delivery, monitoring, and security vendors who process data on our instructions;
• WHMCS and billing — our client portal and billing platform at portal.exthus.cloud;
• Payment processors — to complete transactions you authorise;
• Professional advisers — lawyers, accountants, or insurers where necessary;
• Authorities — courts, regulators, or law enforcement when required by law or to protect rights and safety.

We require processors to protect data appropriately and use it only for the services they provide to us.

9. International transfers

Your data is primarily processed in the United Kingdom and the European Economic Area where our suppliers operate. If data is transferred outside the UK, we ensure appropriate safeguards are in place (such as UK adequacy regulations, standard contractual clauses, or UK International Data Transfer Agreement mechanisms) unless an exception applies.

10. Retention

We keep personal data only as long as needed for the purposes above, including:

• Account and billing records — for the life of the account and up to seven years after for tax and legal purposes unless a longer period is required;
• Support tickets — typically up to three years after closure unless linked to an active dispute;
• Server and security logs — for a limited period appropriate to investigation and defence needs, often between 30 and 90 days unless longer retention is justified by an incident;
• Marketing enquiries — until the enquiry is resolved and for a reasonable follow-up period, or until you object;
• Hosted website data — until you cancel and any post-termination retention period ends, after which it is deleted or anonymised.

11. Security

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where supported, malware scanning, backups, and staff confidentiality obligations. No method of transmission or storage is completely secure; you should use strong passwords and protect your own systems.

12. Your rights

Under UK data protection law you may have the right to:

• Access a copy of your personal data;
• Rectify inaccurate data;
• Erase data in certain circumstances;
• Restrict or object to processing in certain circumstances;
• Data portability where processing is based on consent or contract and carried out by automated means;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise rights, contact us with enough information to verify your identity and locate your account. We respond within one month in most cases, which may be extended for complex requests.

13. Children

Our services are aimed at businesses and adults. We do not knowingly collect personal data from children under 18. Contact us if you believe we have done so and we will delete it promptly.

14. Links to other websites

Our site may link to third-party websites (for example payment or social platforms). Their privacy practices are not controlled by us. Review their policies before providing personal data.

15. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date will change when we do. Material changes will be communicated where appropriate through the client portal or by email. We encourage you to review this page periodically.

16. Contact

Privacy questions or requests: contact eXthus Cloud, open a ticket in the client portal, or write to us using the contact details on your invoice. Please include “Privacy” in the subject line and your account email or domain.