Privacy Policy

Last Updated: January 21, 2026

At PenguHost, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our game server hosting services. This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal information is:

PenguHost
Email: contact@penguhost.com
Website: https://penguhost.com

2. Information We Collect

We collect different types of information depending on how you use our Services:

A) Account Information

When you create an account, we collect:

• Email address
• Username
• Country
• Billing address (street address, city, postal code)
• Password (stored encrypted)

Legal Basis: Contract performance (GDPR Art. 6(1)(b)) - necessary to provide hosting services.

B) Payment Information

For billing purposes, we collect:

• Payment method information (processed by PayPal or Stripe)
• Transaction history
• Billing records

Legal Basis: Contract performance and legal obligation (tax records retention).

Important: We do NOT store credit card numbers. All payment processing is handled by certified third-party payment processors.

C) Service Usage Data

For game server and Discord bot hosting, we collect:

• Server configuration settings
• Resource usage statistics (CPU, RAM, bandwidth)
• Server files and content you upload
• Discord bot source code (for bot hosting services)
• Logs and error reports

Legal Basis: Contract performance - necessary to provide the hosting service you requested.

D) Technical Information

We automatically collect certain technical information:

• IP address
• Browser type and version
• Operating system
• Access times and dates
• Pages visited on our website
• Referring website addresses

Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)) - to ensure security, prevent fraud, and improve our services.

E) Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Required for website functionality (e.g., login sessions)
• Analytics cookies: To understand how users interact with our website (with your consent)

You can control cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.

3. How We Use Your Information

We use your personal information for the following purposes:

Purpose	Legal Basis
Account creation and management	Contract performance
Providing hosting services (game servers, Discord bots)	Contract performance
Processing payments and maintaining billing records	Contract performance, Legal obligation
Customer support and communication	Contract performance, Legitimate interest
Service improvements and analytics	Legitimate interest
Security monitoring and fraud prevention	Legitimate interest, Legal obligation
Compliance with legal obligations	Legal obligation
Marketing communications (with consent)	Consent (GDPR Art. 6(1)(a))

4. Data Sharing and Disclosure

We do not sell or rent your personal information to third parties. We may share your information with:

Service Providers

• Payment processors: PayPal, Stripe (for payment processing)
• Infrastructure providers: Hosting and server infrastructure partners
• Email service providers: For sending transactional emails and support communications

All service providers are contractually bound to protect your data and process it only as instructed by us.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, law enforcement).

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you of any such change and provide options regarding your information.

5. International Data Transfers

Your data is primarily stored and processed within the European Union. If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Data Processing Agreements with third-party providers

6. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Regular security audits and vulnerability assessments
• Access controls and authentication systems
• DDoS protection and firewall systems
• Regular backups with secure storage
• Staff training on data protection practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Data Type	Retention Period
Account information	While account is active + 30 days after closure
Server files and source code	While service is active + 7 days after cancellation
Billing records	7 years (legal requirement for tax purposes)
Support tickets	3 years after resolution
Analytics data	26 months (anonymized)
Security logs	90 days

After these periods, data is securely deleted or anonymized.

8. Your Rights Under GDPR

If you are located in the European Union, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR)

You can request a copy of all personal data we hold about you.

Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your personal data, subject to legal retention requirements.

Right to Restriction of Processing (Art. 18 GDPR)

You can request that we limit how we use your data in certain circumstances.

Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured, machine-readable format for transfer to another provider.

Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Art. 7(3) GDPR)

Where we process data based on consent, you can withdraw consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

9. Children's Privacy

Our Services are not intended for individuals under the age of 16 without parental consent. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information without consent, please contact us immediately.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• Client panel notification

Changes will be effective 30 days after notification, unless a shorter period is required by law. Your continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Data Protection Officer

For data protection inquiries, you can contact our Data Protection Officer at:

Email: dpo@penguhost.com

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: