Privacy Policy

Last updated: March 2026

1. Who We Are

BurroHost ("we", "us", or "our") is a web hosting company. Our services are operated from infrastructure hosted on Hetzner Online GmbH data centres located in the European Union (Finland and Germany). You can contact us at hello@burrohost.top.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and billing information provided when you sign up.
  • Usage data: pages visited, features used, and actions taken within the control panel.
  • Technical data: IP address, browser type, device type, and referrer URL collected automatically when you visit our website.
  • Communication data: emails or support messages you send us.

3. How We Use Your Data

  • To provision and manage your hosting account.
  • To process payments and send billing communications.
  • To provide customer support.
  • To send service updates, security notices, and — with your consent — marketing emails.
  • To comply with legal obligations.

4. Legal Basis for Processing

We process your data under the following legal bases (GDPR Article 6): contract performance (to provide the hosting service you signed up for), legal obligation (e.g., billing records), legitimate interest (security monitoring, fraud prevention), and consent (marketing emails, non-essential cookies).

5. Third-Party Services

We use the following third-party services that may process your data:

  • Hetzner Online GmbH — cloud infrastructure provider (EU data centres).
  • Stripe — payment processing. Stripe is PCI-DSS compliant and processes card data directly; we never store raw card numbers.

We do not sell your personal data to any third party.

6. Data Retention

We retain account data for the duration of your subscription and for up to 7 years thereafter for legal and accounting purposes. Usage and technical logs are retained for up to 90 days. You may request earlier deletion — see Section 8.

7. Data Security

All data is transmitted over TLS. Server access is restricted to key-based SSH authentication. Databases bind to localhost only. We apply security patches promptly and review access controls regularly.

8. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erasure("right to be forgotten") — request deletion of your personal data where no legal obligation requires us to retain it.
  • Portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time for processing based on consent (e.g., marketing emails).

To exercise any of these rights, email us at hello@burrohost.top. We will respond within 30 days.

9. Cookies

We use cookies for essential functionality and, with your consent, for analytics. See our Cookie Policy for details.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or a notice on our website at least 14 days before taking effect.

11. Contact & Complaints

For any privacy concerns, contact us at hello@burrohost.top. You also have the right to lodge a complaint with your national data protection authority if you believe we have not handled your data lawfully.