Privacy Policy

We collect only the personal data we genuinely need to run the service — enough to create your account, take payment, send you the occasional email, and keep the platform secure. We don’t sell your data, we don’t build advertising profiles from your hosting use, and we only process what we need to run the platform.

DSI Hosting(“we”, “us”, “our”) operates the website at https://dsi-hosting.net and is the data controller for the personal data processed through dsi-hosting.net. For any privacy-related request you can contact us at support@dsi-hosting.net.

We collect the following categories of personal data, mostly supplied by you directly:

• Account details — email address, name (if given), password (stored as a one-way hash).
• Billing details — a customer identifier we assign to you for billing, the last 4 digits and brand of your card, amount paid, and invoice history. Stripe may collect card verification details such as postcode, but we do not store your billing address. We never see or store your full card number, expiry date, or CVC.
• Service credentials — usernames, passwords or tokens, and access URLs issued to manage your hosting service, along with plan tier, resource limits, and expiry where applicable.
• Support correspondence — any email you send us and our replies.
• Marketing preferences — whether you opted in to promotional emails at checkout, your subscription status, and engagement events (delivered, opened, unsubscribed) recorded when we send you email.
• Technical metadata — IP address used at signup (captured to detect trial abuse), basic request logs, and cookie identifiers described in section 8.

• To create and authenticate your account.
• To issue, rotate, and revoke credentials that control your hosting service and account access.
• To take payment, raise invoices, refund where appropriate, and detect fraudulent charges.
• To send service emails you cannot opt out of (e.g. receipts, password resets, expiry reminders, urgent security notices).
• Only if you opt in: to send you marketing emails — newsletters, product updates, and promotional offers — from our marketing subdomain mail.dsi-hosting.net.
• To respond to support requests.
• To protect the service — rate limiting, bot detection, debugging, and preventing trial abuse.
• To comply with tax, accounting, and legal obligations.

UK GDPR requires that we identify a lawful basis before processing your data. We rely on:

• Contract — to provide the service you purchased (account management, credentials, billing, service emails).
• Legitimate interests — to operate and secure the service, prevent fraud and abuse, and improve product quality. We balance these against your rights and will stop on reasonable objection.
• Consent — for marketing emails. You give this by ticking the opt-in box at checkout, and you can withdraw it at any time using the unsubscribe link in every marketing email or by emailing support.
• Legal obligation — to retain billing records for tax purposes and to respond to lawful requests from authorities.

We do not sell, rent, or trade your personal data, and we do not share it with advertisers.

To run the service we engage a small number of carefully vetted providers who process data strictly on our instructions, under written contracts that impose security, confidentiality, and UK GDPR obligations on them. They are permitted to process your data only to the extent needed to perform the task we’ve asked them to perform and may not use it for their own purposes.

For operational security we do not publicly disclose which providers we use or the infrastructure we run on. If you have a genuine compliance, regulatory, or due-diligence need for this information, email support@dsi-hosting.net from a verified organisational contact and we’ll discuss appropriate disclosure under NDA.

We may also disclose data when required by law — for example, in response to a valid court order — or to enforce our terms. We will not voluntarily disclose your data for any other reason.

If you ticked the marketing opt-in at checkout we’ll occasionally email you about new features, seasonal offers, and product news. Marketing emails are sent from our own subdomain mail.dsi-hosting.net; you can reply to any of them and it will reach our support team at support@dsi-hosting.net.

Every marketing email carries a one-click unsubscribe link and is tagged with the List-Unsubscribe header so your mail client can honour it natively. Clicking unsubscribe — or asking us to remove you — takes effect immediately and is permanent until you re-opt-in.

Service emails (receipts, password resets, expiry reminders, security notices) are not marketing and are sent regardless of your marketing preference, because we rely on them to fulfil your contract.

We use a small number of strictly-necessary cookies — no tracking, no advertising, no third-party analytics by default.

• Session — keeps you signed in while moving between pages.
• CSRF token — protects sensitive actions (like changing your password) from cross-site attacks.
• Checkout cookies — on the payment page a limited number of additional cookies may be set to help prevent fraudulent transactions. They exist only for the duration of your checkout session.

If we ever add analytics or A/B-testing cookies we will ask for consent first and update this section before turning them on.

• Account & credentials — while your subscription is active and for 24 months after final cancellation (so we can re-issue access if you return).
• Billing records — 7 years, as required by HMRC for tax purposes.
• Support email threads — 24 months from last interaction.
• Marketing data— until you unsubscribe; after that we keep a suppression record containing your email address and unsubscribe date so we don’t accidentally re-add you.
• Operational logs — 30 days, then discarded.

You can request earlier deletion at any time (see section 12) except where we’re legally required to retain the data (e.g. tax records).

We host and process your personal data inside the UK/EEA wherever practical. Some aspects of service delivery may involve processing in the United States or other jurisdictions. Where data leaves the UK/EEA we rely on the UK’s International Data Transfer Agreement (IDTA) or the European Commission’s Standard Contractual Clauses (SCCs) to ensure your data remains protected to an equivalent standard.

We protect your data with:

• HTTPS/TLS for every page on dsi-hosting.net.
• One-way salted hashing for passwords using a modern, industry-standard algorithm — we cannot see what your password is, even in the admin panel.
• Role-based access control, with administrative actions logged.
• Encrypted database connections and at-rest encryption for all personal data.
• Cryptographically signed verification of inbound webhook traffic to prevent forgery.
• Separation of our marketing mail subdomain from the main application so any issue in one area cannot compromise the other.

No online service is ever perfectly secure, and we’ll notify you and the ICO within 72 hours of discovery if a breach ever occurs that puts your rights at risk.

Under UK GDPR you have the right to:

• Access a copy of the personal data we hold on you.
• Correct any inaccurate or incomplete data.
• Delete your data (the “right to be forgotten”), subject to any retention we’re legally required to keep.
• Restrict or object to certain types of processing.
• Receive your data in a portable format you can give to another provider.
• Withdraw consent for marketing at any time — one click in any marketing email does it.
• Complain to the UK’s Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise any of these rights, email support@dsi-hosting.net. We’ll respond within 30 days and usually much sooner. There’s no charge for reasonable requests.

The service is not aimed at children under 18 and we don’t knowingly collect data from them. If you believe a child has provided personal data to us, email support and we’ll delete it.

We’ll update this policy as the service evolves. The “Last updated” date at the top always reflects the latest version, and material changes that affect your rights will be announced by email at least 14 days in advance.