Privacy Policy

1. General Provisions

This Policy applies to all personal data processed by Akenai regardless of how it was collected — website, Client Area, email, support tickets, or any other channel.

By using our Services you confirm that you have read and understood this Policy. If you disagree with our data-processing practices, please do not use our Services.

2. Data We Collect

Data you provide directly

• Full name — for identification, account creation, and Service provision.
• Email address — for account management, notifications, support, and essential communications.
• Country of residence — for Service provision, tax compliance, and jurisdictional requirements.
• Phone number (if provided) — for account verification and support.
• Billing address — for invoicing, taxation, and accounting.
• Payment information and payment method — for processing payments, refunds, and recurring charges.
• Payment-card data — Akenai does not store full card numbers or sensitive authentication data (CVV/CVC). We retain only the minimum data needed to identify a transaction: the scheme (e.g., Visa), last 4 digits, cardholder name, and issuer name and country. All recurring payments are processed by PCI-DSS-certified payment processors that store the necessary payment tokens on our behalf. This minimal data is kept for fraud prevention and recurring billing.
• Support-ticket content and correspondence — for providing customer support and maintaining service records.

Data collected automatically

• IP address — for security, fraud prevention, abuse detection, and Service delivery.
• Browser type and version, operating system, and device information — for site optimization and security.
• Pages visited, time spent, referrers, and clickstream data — for analytics and Service improvement.
• Cookies and similar technologies — see Section 8.
• Server access logs and error logs — for security monitoring, troubleshooting, and abuse prevention.

Data received from third parties

• Payment confirmations and transaction data from payment processors.
• Fraud-screening results from payment processors.

3. Purposes of Processing

• To provide, manage, and support our hosting Services and user accounts (legal basis: contract performance).
• To process payments, refunds, and billing management (legal basis: contract performance).
• To communicate with you and provide customer support (legal basis: contract performance, legitimate interests).
• To ensure network security and prevent fraud, abuse, and unauthorized access (legal basis: legitimate interests).
• To monitor and enforce compliance with our Terms of Service and Acceptable Use Policy (legal basis: legitimate interests, contract performance).
• To improve our Services based on feedback and analytics (legal basis: legitimate interests, consent where required).
• To send essential service notifications, such as maintenance alerts, security updates, and payment reminders (legal basis: contract performance).
• To comply with applicable legal obligations, respond to legal requests, and cooperate with regulators (legal basis: legal obligation).

4. Legal Bases for Processing

We process your personal data only when we have a valid legal basis. The specific basis depends on the type of data and the purpose:

• Contract performance — processing needed to provide our Services, manage your account, process payments, and provide support (applies to account data, payment data, support tickets).
• Consent — where we ask for explicit permission, for example for marketing emails, non-essential cookies, or optional analytics. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Legitimate interests — where processing is necessary for our business purposes (fraud prevention, network security, Service improvement, abuse detection), provided those interests are not overridden by your fundamental rights.
• Legal obligation — where we must process data to comply with applicable law, including tax law, anti-money-laundering rules, and law-enforcement requests.

5. Your Data-Protection Rights

Depending on your location and applicable law you may have the following rights:

Under EU GDPR (for EEA residents)

• Right to be informed about how your data is used.
• Right of access — to obtain a copy of your personal data.
• Right to rectification of inaccurate data.
• Right to erasure (“right to be forgotten”) in certain circumstances.
• Right to restrict processing.
• Right to data portability.
• Right to object to processing based on legitimate interests or direct marketing.
• Right not to be subject to automated decision-making, including profiling.
• Right to lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact us at support@akenai.host. We will respond within 30 days. We may ask you to verify your identity before processing the request.

If processing is based on your consent you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

6. Data Retention

We retain personal data only as long as necessary for the purposes set out in this Policy or to meet our legal obligations. The following retention periods apply:

• Account information (name, email, country): kept for the duration of the account and for up to 7 years after closure for tax, legal, and regulatory purposes.
• Payment and accounting data: kept for up to 7 years after the last transaction to meet tax and accounting obligations.
• Server logs and access logs: kept for up to 12 months for security and abuse prevention.
• Support-ticket records: kept for up to 3 years after resolution for quality assurance and dispute resolution.
• Analytics data: aggregated, anonymized analytics may be retained indefinitely. Identifiable analytics data is retained for up to 26 months.

We may retain certain data for longer periods if required by law or for legitimate business purposes, including dispute resolution and agreement enforcement.

7. Sharing With Third Parties

Your data is not shared with third parties without your consent, except where necessary for Service provision, legal compliance, or protection of our legitimate interests. Where we share data with processors, we ensure appropriate safeguards are in place.

We engage the following categories of third-party processors that may handle your data on our behalf:

• Payment processors — for processing payments, refunds, and fraud prevention.
• Infrastructure and security providers — for CDN services, DDoS protection, and website security.
• Email delivery — for sending transactional emails (order confirmations, support replies, account notifications).
• Analytics — for understanding site usage and improving Services.

All third-party processors are bound by data-processing agreements that require appropriate security measures, processing only on our instructions, and compliance with applicable data-protection law.

We may also disclose your data where required by law, court order, or request from a government authority, and where necessary to protect our rights, property, or safety, or those of our users or the public.

8. Cookies

We use cookies and similar technologies on our site. Cookies are small text files stored on your device that help us deliver and improve our Services.

Strictly necessary cookies

Required for the site to function. Includes session, authentication, and security cookies. These cannot be disabled.

Analytics cookies

Help us understand how visitors interact with our site. Where applicable law requires, we will request your consent before placing non-essential analytics cookies.

Functional cookies

Enable enhanced functionality such as language preferences. They may be set by us or by third-party providers whose services we have added to our pages.

Where required by applicable law, we will obtain your consent before placing non-essential cookies. You can also manage cookie settings through your browser.

9. Data Protection Measures

We apply appropriate technical and organizational measures to protect Client data from unauthorized access, alteration, disclosure, or destruction.

Technical measures include: encryption in transit (TLS/SSL), encrypted storage where applicable, firewall protection, intrusion-detection systems, regular security updates and patches, and access logging.

Organizational measures include: role-based access control limiting data access to authorized staff, confidentiality obligations on staff, regular security assessments, and incident-response procedures.

No method of data transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your personal data, we cannot guarantee absolute security.

10. International Data Transfers

Our servers are located in Germany, within the European Economic Area. For data transfers to processors located outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other transfer mechanisms permitted under GDPR.

By using our Services you acknowledge that your data may be processed in the EEA and, where necessary for Service provision, in other locations subject to appropriate safeguards.

11. Changes to This Policy

We reserve the right to amend this Privacy Policy. We will notify you of material changes at least 14 days before they take effect, by email or via a site notice. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

12. Contact Information

For questions about how your data is processed or to exercise your data-protection rights:

• Email: support@akenai.host
• EU/EEA data-protection authorities: if you believe your data has been processed unlawfully you have the right to lodge a complaint with your local data-protection authority.

13. Children’s Data

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent we will take prompt steps to delete it.

If you believe we have inadvertently collected data from a minor, please contact us at support@akenai.host.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects on you or otherwise significantly affects you. If this changes in the future we will update this Policy and provide appropriate information and safeguards.

15. Data Processing Agreement

For clients who require a Data Processing Agreement (DPA) under GDPR or other applicable data-protection law, we provide a standard DPA on request. Email support@akenai.host to request one. The DPA sets out the parties’ obligations regarding processing of personal data, including scope, nature, and purposes of processing, data-security requirements, and sub-processor management.

16. Data Breach Notification

In the event of a personal-data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

Where the breach is likely to result in high risk to your rights and freedoms, we will also notify you directly without undue delay, unless the data was encrypted or other measures have been taken that render the data inaccessible to unauthorized parties.