Skip to main content

Hostsmith

Privacy Policy

This Privacy Policy describes how Hostsmith ("we", "us", "our") collects, uses, and protects your personal data when you use our website and services at hostsmith.net.

General Information

We collect personal data to provide and improve our services, and to meet our legal obligations. You may refuse to provide some or all of your personal data; however, this may limit the ways in which we can interact with you, including providing you with our services.

Authentication and Account Data

Hostsmith uses Google OAuth for authentication. When you sign in, we receive your name, email address, and profile picture from Google. We do not store your Google password. This data is used to identify your account and provide access to our services. The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract).

Data Storage Location

Hostsmith offers data residency in the United States and the European Union. During account setup, your data partition is automatically assigned based on your location. Your hosted content and account data are stored in the assigned partition. The legal basis for this processing is Art. 6(1)(b) GDPR.

Log Files

When you access our website, we automatically collect technical data including your IP address, browser type and version, operating system, referring pages, pages visited, and date/time of access. This data is necessary for the provision and security of our website. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest). We do not link this data to individual users. Log data is deleted after the purpose of processing has been fulfilled.

Cookies

Hostsmith uses the following cookies:

Strictly Necessary Cookies

These cookies are essential for the service to function and are set automatically. They do not require your consent under Art. 5(3) of the ePrivacy Directive, as they are strictly necessary to provide the service you have requested.

  • Session cookie - an encrypted cookie that maintains your authenticated session.
  • Data routing cookie - stores your assigned data partition (US or EU) to route requests to the correct infrastructure. Without this cookie, your requests cannot be directed to the correct data partition.

Notice acknowledgment

A small acknowledgment cookie (hs_cookie_notice_ack) is set when you dismiss the cookie notice, so it does not reappear on every visit. It contains no personal data and is not used for tracking.

We do not set analytics cookies. Our product analytics (see PostHog below) operates without cookies and without autocapture. You can control cookies at the browser level; blocking strictly necessary cookies may prevent the service from functioning correctly.

Newsletter

We may provide the opportunity to subscribe to a periodic email newsletter. If you subscribe, your email address, IP address, and the date and time of subscription are collected and stored. We use Brevo (brevo.com (opens in new tab)) to manage newsletter distribution. The legal basis for this processing is Art. 6(1)(a) GDPR (consent). You may unsubscribe at any time by following the unsubscribe instructions included in each newsletter. Upon unsubscribing, your data will be deleted promptly.

Third Party Services

We do not sell your personal data. We share your personal data with third parties only as described in this Privacy Policy or with your consent.

PostHog (product analytics)

We use PostHog for product analytics, hosted on PostHog's EU Cloud (eu.posthog.com (opens in new tab)). PostHog data is stored within the European Union. We send only specific, named events (for example "a site was created", "a domain was added") and do not enable autocapture, session recording, surveys, or feature flags. No analytics cookies are written and no third-party identifiers are set on your browser. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in understanding and improving our service); the data minimization above keeps the impact on your privacy proportionate.

Google OAuth

We use Google OAuth for user authentication. When you sign in, Google transmits your basic profile information (name, email, profile picture) to us. Google's privacy policy applies to the data Google collects during the authentication process: policies.google.com/privacy (opens in new tab).

Amazon Web Services (AWS)

Our infrastructure is hosted on Amazon Web Services. Your hosted content and account data are stored in AWS data centers in the region you are assigned to (US or EU). AWS acts as a data processor on our behalf.

Deletion and Term of Storage

We process and store your personal data only for the time necessary to achieve the stated purpose and as permitted under applicable laws or regulations. When you delete your hosted content, it is removed within 30 days. As soon as the purpose for data storage is achieved, your personal data will be deleted consistent with applicable policies and regulations.

Your Rights as Data Subject

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict or object to processing of your personal data
  • Receive your personal data in a machine-readable format (data portability)

To exercise any of these rights, please contact us at contact@hostsmith.net.

Changes to This Policy

This Privacy Policy may be updated from time to time. In the event of material changes, we will provide a prominent notice on our website.