Privacy Policy
Last updated: 17 June 2026
Effective date: 17 June 2026
CyprusNode provides hosting and infrastructure services. This Privacy Policy describes how we handle personal data in connection with our website, accounts, billing, support, and platform operations.
Read this policy together with our Terms of Service and, if you host personal data of your own customers on our platform, our Data Processing Agreement.
1. Who we are
CyprusNode is the data controller for personal data described in this policy. We are based in Cyprus and provide hosting and infrastructure services to customers in Europe and worldwide.
Contact and privacy requests: open a support ticket at https://cyprusnode.com/tickets/create
2. Information we collect
Information you give us directly
- Name and contact details (email, phone, billing address)
- Account credentials and profile settings
- Payment and billing information (card details are processed by Stripe; we do not store full card numbers)
- Support tickets, emails, and chat messages
- Order details and service configuration choices
- Marketing preferences and newsletter opt-ins
Information collected automatically
- IP address, browser type, device information, and session data
- Login, security, and audit logs
- Bandwidth, resource usage, and service telemetry needed to run and bill services
- Analytics and usage data collected through tools such as Google Analytics
Information from third parties
- Google, GitHub, or Discord profile data when you use social login
- Payment status, fraud signals, and billing metadata from Stripe
- Registry or supplier data when you purchase domain or add-on products
3. How we use your information
- Provide, operate, secure, and bill our services
- Create and manage your account
- Process payments and send invoices
- Provide customer support and respond to requests
- Send service notices, security alerts, and policy updates
- Send marketing emails only when you have opted in
- Detect, prevent, and investigate fraud, abuse, and attacks
- Measure performance, plan capacity, and improve our platform
- Keep accounting, tax, and business records
- Enforce our Terms of Service and Acceptable Use Policy
4. Why we are allowed to use your data
- Contract: we need your data to deliver the services you ordered and support your account.
- Legal obligation: we keep billing and tax records and respond to valid official requests.
- Legitimate interests: we process security logs, abuse data, and operational metrics to protect our network, customers, and business.
- Consent: we rely on consent for optional marketing and non-essential cookies where we use them.
5. Traffic processing for DDoS mitigation
To protect our network, we inspect traffic in real time during active connections. Inspection happens in memory only to detect and stop attacks. We do not store or log the content of inspected traffic as part of this process.
We may retain limited security metrics derived from traffic, including:
- Source IP address or a truncated or hashed form
- Packet and byte counts
- Traffic rates
- Protocol and port information
- Timestamps
- Attack classifications or signatures
We use these metrics only for network security, abuse prevention, monitoring, and incident investigation. We do not use them for advertising, profiling, or resale.
7. International transfers
Some providers process data outside the European Economic Area, including in the United States. When that happens, we use approved safeguards such as Standard Contractual Clauses with our vendors.
8. Your customers and hosted content
If you host websites, mailboxes, or applications that contain personal data about your own users, you are the data controller for that data. CyprusNode acts as a data processor and provides infrastructure only. You are solely responsible for your own privacy notices, lawful bases, consent, and end-user rights. Use our Data Processing Agreement.
9. How long we keep data
While your account is active
We keep your account details, profile information, support tickets, ticket messages, orders, services, billing and tax records, security and DDoS metrics, and related account records for as long as your account remains open. We do not routinely delete this information while you are still a customer.
Other records we keep
These records also stay with us. We do not delete them early.
- Billing and tax records: stay for as long as your account is open, and stay after account deletion.
- Security and DDoS metrics: stay for as long as your account is open, and stay after account deletion where needed for network security, abuse prevention, and incident records.
- Compliance audit logs: stay for up to 12 months, then we prune them.
- Data export files: the download link stays available for a short time after the export is ready. Export request records may stay longer.
- Repeat abuse records: stay indefinitely, including after account deletion, to protect the network.
- Backups: copies stay in backups until those backups rotate, including after account deletion.
Account deletion and anonymisation
You can request a copy of your personal data or request account deletion from your Privacy & Security center in the client area, or by opening a support ticket at https://cyprusnode.com/tickets/create.
When a deletion request is approved, we anonymise your account. This means we remove or replace personal identifiers so the account can no longer be linked back to you. Deletion is not always a full wipe of every database row.
What we anonymise or remove:
- Your name and email address on the account profile
- Your password, two-factor authentication, and active login sessions
- API keys, access tokens, and OAuth login tokens connected to the account
- Custom profile fields stored on your account
What may still be kept after deletion:
- Invoices, billing history, and payment records
- Orders and services for operational and financial records
- Support tickets and ticket messages for support history, dispute handling, and abuse prevention
- Security and DDoS metrics for network security and incident records
- Saved payment method references held by our payment provider or billing records
- Security, abuse, compliance, and deletion-request audit records
- Copies in backups until those backups rotate
After anonymisation, remaining records are no longer connected to your original name or email. The Privacy & Security center shows a preview of what will change before you submit a deletion request.
10. How we protect data
We use reasonable measures to operate our platform, including encryption in transit where we control the service, access controls, monitoring, and secure facilities.
We do not guarantee that personal data is secure, complete, or free from unauthorised access, loss, or disclosure. You use our services at your own risk.
11. No warranties and limitation of liability
Our website, client area, and services are provided as-is and as-available. We make no warranties about accuracy, availability, security, or fitness for any purpose.
We are not responsible for:
- Acts or omissions of third parties such as Stripe, Google, GitHub, Discord, hosting suppliers, or analytics providers
- Data loss, downtime, unauthorised access, or security incidents caused by your configuration, software, credentials, or end users
- How you use our services or whether your use complies with privacy or other laws
- Indirect, consequential, or special damages, lost profits, or lost data
Our total liability for privacy-related claims is limited to the fees you paid us for the affected service in the 12 months before the claim, or EUR 100, whichever is greater.
All other liability limits in our Terms of Service apply.
12. Your rights
Under GDPR and similar laws, you may request:
- Access to your personal data
- Correction of inaccurate data
- Deletion of your data
- Restriction of processing
- Data portability
- Objection to processing based on legitimate interests
- Withdrawal of consent for marketing or optional cookies
Open a support ticket at https://cyprusnode.com/tickets/create to exercise your rights. You can also export your data or request account deletion from your Privacy & Security center. We respond within 30 days. We may ask you to verify your identity before making changes.
You may lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus.
14. Automated decisions
We do not make decisions that produce significant legal effects on you using automated processing alone. We use automated systems for spam filtering, fraud screening, rate limiting, and abuse detection. A human reviews suspensions and terminations.
15. Children
Our services are not aimed at anyone under 18. We do not knowingly collect data from children.
16. Changes to this policy
We may update this Privacy Policy by posting a new version on Cyprusnode.com and updating the date above. Important changes may also be sent by email or shown in your client area.
17. Contact
Support: https://cyprusnode.com/tickets/create
Abuse: abuse@cyprusnode.com