How Sigilhosting collects, uses, stores, and protects your personal data. Last updated February 2026.
Sigilhosting Hosting and Services Ltd (“Sigilhosting,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, disclose, and protect personal information when you visit our website, create an account, purchase services, or otherwise interact with Sigilhosting.
This policy applies to all Sigilhosting services, including cloud VPS, dedicated servers, bare metal, GPU compute, Kubernetes, domain registration, managed DNS, SSL certificates, DDoS protection, and all related APIs and dashboards. By using our services, you acknowledge that you have read and understood this Privacy Policy.
Sigilhosting Hosting and Services Ltd is incorporated in the State of Indiana, United States, with its principal office at 1 York Rd, Chapelhall, Airdrie ML6 8HW, United Kingdom.
Account information: When you register for an account, we collect your name, email address, and password (stored in hashed form). If you sign in via Google OAuth, we receive your name, email address, and profile identifier from Google. We do not receive or store your Google password.
Billing information: Payment card details, billing address, and transaction history. Card details are processed and stored by our PCI-compliant payment processor; we do not store full card numbers on our systems.
Service usage data: Server provisioning history, resource utilization metrics, API calls, domain registration records, DNS zone configurations, support ticket contents, and dashboard activity logs.
Technical data: IP addresses, browser type, operating system, device identifiers, referring URLs, pages visited, and timestamps. This data is collected automatically via server logs and analytics.
Communications: Email addresses and message content when you contact us via our contact form, support tickets, or direct email correspondence.
Service delivery: To create and manage your account, provision and maintain infrastructure, process payments, register domains, issue SSL certificates, and provide technical support.
Transactional communications: To send order confirmations, invoices, payment receipts, service provisioning notifications, password reset emails, security alerts, and scheduled maintenance notices. These are essential service communications and are not marketing.
Service updates: To notify you of changes to our services, terms, policies, security incidents affecting your account, or SLA credit issuances.
Security & fraud prevention: To detect and prevent unauthorized access, abuse, fraud, and violations of our Terms of Service and Acceptable Use Policy.
Improvement: To analyze usage patterns, diagnose technical issues, improve service reliability, and develop new features. This analysis uses aggregated and anonymized data wherever possible.
We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use your email address for unsolicited marketing unless you have explicitly opted in.
We take your inbox seriously. This section describes what emails you can expect from us and how we handle your email address.
Transactional emails: Account verification, password resets, two-factor authentication codes, invoice and payment confirmations, service provisioning confirmations, SSL certificate expiry reminders, domain renewal notices, scheduled maintenance notifications, SLA credit notifications, and security alerts. These emails are triggered by your actions or are necessary for service delivery.
Service communications: Critical service updates, policy changes, Terms of Service updates, security advisories, and incident notifications. These are sent only when necessary and relevant to your active services.
Optional marketing emails: Product announcements, feature updates, and promotional offers. These are sent only to users who have explicitly opted in. Every marketing email includes a clear, functional unsubscribe link.
Account registration: Your email address is required to create an account and serves as your primary account identifier. By registering, you consent to receiving transactional and service emails necessary for account operation.
Google OAuth: If you sign in with Google, we receive the email address associated with your Google account. This email is used solely for account identification and transactional communications.
Contact form & support: When you submit a contact form or support ticket, your email address is used only to respond to your inquiry.
We never purchase email lists, scrape email addresses, or add addresses to our mailing lists without explicit consent.
Every marketing email includes a one-click unsubscribe link in both the email body and the List-Unsubscribe header. You can also manage email preferences from your dashboard under Account → Email Preferences. Unsubscribe requests are honored within 24 hours and no later than 10 business days as required by the CAN-SPAM Act.
Transactional emails (invoices, security alerts, password resets) cannot be unsubscribed from as they are necessary for service operation, but you may close your account to stop all communications.
All email communications comply with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.), including: accurate “From” and “Reply-To” headers identifying Sigilhosting, non-deceptive subject lines, clear identification as advertising where applicable, our physical mailing address in every message, and a functioning opt-out mechanism. We also comply with GDPR requirements for recipients in the European Economic Area.
Contract performance: Processing necessary to deliver the services you purchased (account management, provisioning, billing, support).
Legitimate interest: Security monitoring, fraud prevention, service improvement, and essential service communications.
Consent: Marketing emails and optional analytics. Consent can be withdrawn at any time.
Legal obligation: Where we are required to retain or disclose data by law, regulation, or legal process.
Your data is stored on Sigilhosting-operated infrastructure in the United States. We implement industry-standard security measures including encryption at rest and in transit, role-based access controls, multi-factor authentication for administrative access, regular security audits, automated intrusion detection and monitoring, and encrypted backups with restricted access.
Passwords are hashed using bcrypt with per-user salts and are never stored in plaintext. Payment card data is handled exclusively by our PCI DSS-compliant payment processor.
Account data: Retained for the duration of your account plus 30 days after account closure to allow for reactivation.
Billing records: Retained for 7 years as required by tax and accounting regulations.
Server logs and IP addresses: Retained for 90 days for security and diagnostic purposes, then deleted or anonymized.
Support tickets: Retained for 2 years after resolution, then deleted.
Email delivery logs: Retained for 90 days for delivery verification and troubleshooting.
We share personal data only with the following categories of third parties, and only to the extent necessary:
Payment processors: To process payments and prevent fraud.
Email delivery provider: We use Amazon Web Services (AWS) to deliver transactional and service emails. Email addresses and message content are transmitted to AWS for delivery purposes only.
Domain registrars and certificate authorities: Domain registration data (including WHOIS information) and certificate signing requests as required for domain and SSL services.
Law enforcement: When required by valid legal process (subpoena, court order, or equivalent). We will notify you of such requests unless prohibited by law.
We do not sell personal data. We do not share data with advertisers. We do not use personal data for automated decision-making or profiling.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to legal retention requirements.
Portability: Request your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interest.
Withdraw consent: Withdraw consent for marketing communications at any time.
To exercise any of these rights, contact us at privacy@sigilhosting.com or via your dashboard under Account → Privacy. We will respond within 30 days.
Our use of cookies and similar tracking technologies is described in detail in our Cookie Policy. In summary, we use strictly necessary cookies for authentication and session management, and optional analytics cookies with your consent.
Your data is primarily stored and processed in the United States. If you are located outside the United States, your data will be transferred to the United States for processing. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA, and similar mechanisms for other jurisdictions as required.
Sigilhosting services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@sigilhosting.com.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on our website at least 30 days before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was most recently revised. Continued use of our services after the effective date constitutes acceptance of the revised policy.
For privacy-related inquiries, data requests, or complaints, contact us at:
Sigilhosting Hosting and Services Ltd, 1 York Rd, Chapelhall, Airdrie ML6 8HW, United Kingdom, United States. Phone: +44 7445 857259.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.