• Select Currency

Privacy Policy

Last Updated: October 1, 2025

Hi there, We’ve always tried to keep our Privacy Policy simple and easy to read. Some parts have to sound a bit formal because the law requires it, but beyond that, our goal is straightforward: we want you to understand what happens with your data and to feel in control of it. We’re not here to sell or exploit your information. We just want to offer you a service that works well, and sometimes that means using things like cookies to keep everything running smoothly. At the end of the day, your trust means everything to us. We respect your privacy, and we’ll always treat your data with care.

0. Introduction

This Privacy Policy explains how Zenith Hosting KLG ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal data when you use our services ("Services").

We want you to understand what happens with your data and to feel in control of it. This document sets out the purposes of processing, our legal obligations, and your rights under the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. What Data We Collect

  • Directly from you:
    • Your email, account details
    • Messages and support requests
  • Automatically:
    • IP address, browser and OS details, server interaction data
    • Last login and activity times
    • Approximate location (from IP address)
    • Payment information (via Polar)
    • Automatic generated IDs (cookies, user IDs)

2. How We Use Your Data

PurposeData Used
Account setup and managementIdentity, technical data
Providing our servicesIdentity, usage, technical
Processing paymentsIdentity, payment info
Customer supportIdentity, communications
Website improvement/analyticsUsage, technical data
Security and fraud preventionUsage, technical data

3. Sharing Your Data (Third Parties)

We only share your data with trusted partners for essential operations:

American Partners (USA):

  • Polar.sh (USA): Payment processing and Merchant of Record services. Data Shared: Email address and user ID.
  • Axiom (USA): Log Monitoring. Data Shared: All kinds of logs including user IDs, email addresses, IP addresses, server details, and more. We retain logs for 90 days.

European Partners (EU/Switzerland):

  • Brevo.com (France): Transactional email (for signup, password resets, etc.) and customer support livechat and email. Data Shared: Email address and user ID. Cookies: Brevo sets cookies in localStorage for live chat functionality, session management, and email tracking.
  • bunny.net (Slovenia): Content delivery, DNS and Infrastructure hosting. Cookies: bunny.net may set cookies for CDN optimization, caching preferences, and performance analytics.
  • Hetzner (Germany/Helsinki): Server hosting.
  • Scaleway (France/Netherlands): Infrastructure hosting.
  • Mistral (Europe): AI model hosting for our AI services.
  • Crowdin (Europe): Translation management.

European Servers but Data May Be Transferred to the USA:

  • PostHog EU: Website analytics. Data Shared: User ID and email address. They also collect Website usage data, such as events, page views, browser information and session recording. We have enabled the Masking and IP Anonymization features. We retain analytics data for 7 years.
  • Upstash Frankfurt: Temporary caching of data (e.g. for login). Data Shared: All data stored in your session (e.g. user ID, email address, auth tokens, servers). The cache expires after 15 seconds.

If you log in to our website we automatically redirect you to your mail provider to handle your login.

All partners comply with the GDPR and Swiss FADP or provide adequate safeguards for Swiss/EU data. Polar.sh acts as our Merchant of Record and handles all payment data processing, tax compliance, and customer invoicing in accordance with international regulations.

Notice regarding Social Logins:

When you login with social providers, specific personal data is exchanged during the OAuth authentication process:

Discord Login (using OAuth scope: identify, email):

  • Provider user ID (Discord user identifier)
  • Username
  • Avatar URL

Modrinth Login (using OAuth scopes: USER_READ, USER_READ_EMAIL):

  • Provider user ID (Modrinth user identifier)
  • Email address
  • Username/display name
  • Avatar URL

These providers operate independently and may collect additional data according to their own privacy policies. We do not control what data they collect during the authentication process or how they use it. Please review Discord's Privacy Policy (https://discord.com/privacy) and Modrinth's Privacy Policy (https://modrinth.com/legal/privacy) for information about their data practices.

4. International Data Transfers

  • Mostly within Switzerland/EU: All processing happens in the EU or Switzerland except for a few services (see above).
  • Safeguards: For transfers outside Switzerland/EU, we rely on Standard Contractual Clauses and similar legal protections.

5. Data Retention

Data TypeHow Long?
Account dataAs long as your account is active
Payment data10 years (legal compliance)
Analytics data7 years
Support dataAs long as necessary for support
Error dataAs long as necessary
Auth cookies7 days

Note on payment data: Payment processing is handled by our Merchant of Record Polar.sh. While we retain payment data for 10 years to meet Swiss legal obligations, Polar also retains payment records only as long as required by applicable law (such as tax, accounting, or anti-fraud regulations). Payment records are deleted when no longer required for legal compliance. Upon valid GDPR requests, Polar will delete data not subject to mandatory retention requirements.

This 10-year payment data retention period is in accordance with Swiss Code of Obligations Art. 958f on the "Führung und Aufbewahrung der Geschäftsbücher" (Management and Retention of Business Records). For more details, see the official text here.

When you delete your account, associated data is erased unless we’re legally required to retain it (e.g., payment records). In some cases, basic identifiers (like account ID or email) may be kept for up to 10 years if required for legal, tax, or contractual purposes. You may also request specific deletions by contacting us.

6. Your Rights (FADP & GDPR)

As a user of our website, you have the right to:

  • Information & access: Ask what data we hold and receive a copy.
  • Correction/rectification: Fix incorrect data.
  • Deletion: Request deletion (“right to be forgotten”).
  • Restriction/Objection: Limit or object to how we use your data.
  • Portability: Get your data in a readable format.
  • Withdraw consent: Anytime for analytics/cookies/marketing.
  • Automated decisions/profiling: Ask for human review.

Just email support@zenith.ms to use these rights—we’ll answer within 30 days.

7. Cookies & Tracking

  • Essential cookies: Login/session (expire after 7 days), Cloudflare security.
  • Functional cookies: Brevo Live Chat (support chats, up to 1 year).
  • Third-party cookies: Polar.sh (payments).

On your first visit, you’ll see a cookie banner to accept or reject non-essential cookies.

8. Data Security

We use industry-standard safeguards:

  • HTTPS encryption for all data in transit
  • Access controls, regular staff training, and security audits
  • Data minimized to what’s strictly necessary

9. Data Breach Response

If there’s a data breach risking your rights, we’ll notify both you and the Swiss Federal Data Protection and Information Commissioner (FDPIC) within 72 hours.

10. Privacy by Design

We collect only what’s needed, limit data use to stated purposes, and update/delete it as required.

11. Children’s Privacy

Children under 13 need parental consent to use our services. If you’re under 13, please get permission first. If you think we have data from a child under 13 without consent, contact us to delete it.

12. Policy Updates

We’ll let you know about significant changes via email and update this document’s date.

13. Contact

Questions or requests? Email: support@zenith.ms

By using our Services, you acknowledge that you have read and understood this Privacy Policy.