Privacy
Last Updated: July 7, 2025
0. Introduction
This Privacy Policy outlines how Zenith Hosting KLG (the "Company," "we," "us," or "our") collects, uses, and protects your personal data when you use our game hosting services ("Services"). We reserve the right to modify these terms at any time by posting the updated version on our website. Your continued use of the Services after any changes constitutes your acceptance of the revised Terms. We will notify you of any material changes via posting a notice on our website and email.
1. Data Controller & Contact Information
Zenith Hosting KLG (the "Company," "we," "us," or "our") is the data controller responsible for processing your personal data.
- Company: Zenith Hosting KLG
- Contact: [email protected]
2. Personal Data We Collect
We collect and process the following categories of personal data:
Data Collected Directly from You:
- Identity Data: Email addresses, user IDs, account credentials
- Communication Data: Support messages and inquiries via our self-hosted Chatwoot system
Data Collected Automatically:
- Technical Data: IP addresses, browser information, operating system details
- Location Data: Estimated country location (derived from IP address)
- Usage Data: Last active timestamps, website interaction data, server usage statistics
- Payment Data: Billing information processed through Stripe (our payment processor)
3. How We Use Your Personal Data
We process your personal data for the following purposes:
| Purpose | Data Categories |
|---|---|
| Account creation and management | Identity, Technical |
| Providing hosting services | Identity, Technical, Usage |
| Processing payments | Identity, Payment |
| Customer support | Identity, Communication |
| Website analytics and improvement | Technical, Usage |
| Error tracking and system monitoring | Technical, Usage |
| Security and fraud prevention | Technical, Usage |
4. Data Sharing and Third-Party Services
We share your personal data with the following third parties:
Payment Processing:
- Stripe, Inc. (United States): Processes payment transactions and billing data. Stripe acts as both a data processor and controller. Review Stripe's Privacy Policy at https://stripe.com/privacy.
Analytics Services:
- PostHog EU (European Union): Website analytics and user behavior tracking. Session replays are heavily censored. Also we do not send any personal data to PostHog EU. Privacy policy: https://posthog.com/privacy
- Plausible Analytics (Self-hosted): Receives anonymized usage data for website analytics. No Cookies
Support Services:
- Chatwoot (self-hosted): Receives email addresses for customer support functionality
Error Tracking:
- Sentry/Glitchtip (Self-hosted): Receives browser and IP data for error tracking and system monitoring
Infrastructure:
- Cloudflare (Global): Provides security and performance services. Privacy policy: https://www.cloudflare.com/privacypolicy/
- Hetzner (Germany): Server hosting infrastructure. Privacy policy: https://www.hetzner.com/privacy
5. International Data Transfers
Transfers Outside Switzerland/EU:
- Stripe (United States): Payment processing data is transferred to the United States under Standard Contractual Clauses (SCCs) and appropriate safeguards.
Data Processing Within EU/Switzerland:
All other data processing occurs within the European Union or Switzerland through our self-hosted services and EU-based infrastructure.
6. Data Retention Periods
We retain your personal data for the following periods:
| Data Category | Retention Period |
|---|---|
| Account Data | 3 months after last login with no active servers |
| Payment Data (Stripe) | 7 years (regulatory compliance) |
| Analytics Data (PostHog) | 7 years |
| Support Data (Chatwoot) | As long as operationally necessary |
| Error Tracking Data | As long as operationally necessary |
| Authentication Cookies | 7 days |
7. Your Rights Under GDPR and FADP
You have the following rights regarding your personal data:
Access and Information
- Right to be informed about our data processing activities
- Right of access to your personal data
Control and Correction
- Right to rectification of inaccurate or incomplete data
- Right to erasure ("right to be forgotten")
- Right to restrict processing under certain circumstances
- Right to data portability in machine-readable format
Objection and Consent
- Right to object to processing based on legitimate interests
- Right to withdraw consent for analytics and marketing cookies
How to Exercise Your Rights:
- Access, rectification, and deletion requests: Email [email protected]
- Automatic deletion: Accounts are automatically deleted after 3 months of inactivity with no active servers
- Cookie consent withdrawal: Clear your browser's local storage and adjust cookie preferences
Response Time:
We will respond to your requests within 30 days (extendable to 60 days for complex requests).
8. Cookies and Tracking Technologies
We use the following cookies and similar technologies:
Strictly Necessary Cookies:
- Authentication Cookies: Keep you logged in (7 days)
- Security Cookies: Cloudflare security clearance (cf_clearance)
Functional Cookies:
- Chatwoot Cookies: Customer support functionality
- cw_user: User identification (1 year)
- cw_conversation: Conversation history (31 days)
- cw_snooze_campaigns: Notification preferences (short-term)
Third-Party Cookies:
- Stripe Cookies: stripe_mid and sid for payment processing
Cookie Consent:
- We display a cookie banner on your first visit
- You can withdraw consent by clearing your browser's local storage
- Non-essential cookies require your explicit consent
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
Technical Measures:
- HTTPS encryption for all data transmission
- Database encryption at rest (where applicable)
- Access controls and authentication systems
- Regular security updates and patches
- Secure backup procedures
Organizational Measures:
- Data minimization principles
- Privacy by design in system development
- Staff training on data protection
- Regular security assessments
10. Data Breach Notification
In the event of a data breach that poses risks to your rights and freedoms:
- We will notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) within 72 hours
- We will notify affected individuals without undue delay
- We will provide information about the breach, its consequences, and remedial measures
11. Privacy by Design and Data Protection Impact Assessments
We implement privacy by design principles in our services:
- Data minimization: We collect only necessary data
- Purpose limitation: Data is used only for specified purposes
- Storage limitation: Data is retained only as long as necessary
- Accuracy: We maintain accurate and up-to-date records
For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate privacy risks.
12. Children's Privacy
Our services are not intended for individuals under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
13. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will:
- Notify users of material changes via email website notice
- Update the effective date at the top of this policy
14. Contact Information and Complaints
Contact Us:
For questions about this privacy policy or our data processing practices:
- Email: [email protected]
By using our Services, you acknowledge that you have read, understood, and agreed to this document.