Privacy Policy

Introduction, who we are, and scope

CyprusNode, Cyprusnode.com, we, us, or our respects your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, create an account, authenticate with third party providers, purchase services, use our hosting and related infrastructure, contact support, or otherwise interact with us.

This policy is designed to meet the expectations of the General Data Protection Regulation, GDPR, where it applies, and to reflect common EU expectations for transparency. It should be read together with our Terms of Service, including provisions that describe service wind down, limitations, and how we operate our platform.

Operator status. Unless we publish different legal details on our website, services may be operated by an unincorporated operator trading as CyprusNode. If we publish a registered entity name and registration details, those details may identify the controller for personal data from the stated effective date. Until then, references to CyprusNode mean the operator of CyprusNode as identified on our website legal or contact page.

No sale of personal data. We do not sell your personal data and we do not provide personal data to third parties for their independent marketing in exchange for money.

1. Data controller and contact details

For personal data described in this policy, the data controller is CyprusNode, unless we notify you otherwise for a specific product or legal entity arrangement.

General contact: support@cyprusnode.com
Privacy requests: support@cyprusnode.com
Abuse and general inquiries: abuse@cyprusnode.com
Support portal: https://cyprusnode.com/tickets/create

For GDPR-related requests, please email from the account email when possible and describe your request clearly so we can verify your identity before disclosing or changing information.

2. Personal data we collect

We collect personal data only where needed to operate, bill, secure, support, and improve our services, and to meet legal obligations. Categories may include the following depending on how you use CyprusNode.

2.1 Data you provide directly

• Identity and account details such as name and username.
• Contact details such as email address.
• Billing details needed for invoicing and accounting, such as billing name, billing address or country, VAT information where relevant, and transaction references.
• Credentials and authentication materials needed to operate your account, excluding full payment card numbers processed by Stripe as described below.
• Information you include in tickets, emails, chats, forms, abuse reports, order notes, or other communications.

2.2 Data collected automatically when you use our website or client systems

• Technical identifiers such as IP address, approximate location derived from IP where available, timestamps, device and browser information, operating system details, referral pages, session identifiers, and anti-abuse signals.
• Security and audit logs relating to authentication events, administrative actions, failed logins, password resets, API usage where applicable, and suspicious activity indicators.
• Operational logs needed to maintain availability and diagnose incidents.

2.3 Data processed because you purchase infrastructure services

• Network traffic metadata required to deliver VPS, dedicated servers, web hosting, mail hosting, VPN services where offered, related networking, DDoS mitigation telemetry, bandwidth accounting, firewall events, abuse signals, rate limiting metrics, mail transmission metadata where applicable, and similar technical records.
• Content you upload to services may include personal data about you or third parties. Section 14 explains how those roles typically split under GDPR.

2.4 Data from third party authentication providers

If you choose social login, we receive certain profile details from the provider as described in Section 3.

2.5 Data from payment processors

Stripe processes payments and provides limited payment-related records to us as described in Section 4.

3. Social login (Google, GitHub, Discord)

You may sign in or link accounts using third party identity providers such as Google, GitHub, or Discord. In that case, the provider processes your login under its own privacy policy and terms.

Depending on the provider, your settings, and what you authorize, we may receive some or all of the following categories of information to create or access your CyprusNode account:

• Email address.
• Username, display name, or handle.
• Provider user identifier.
• Profile details the provider shares with us, which may include public profile information and, in some cases, locale, time zone, or region style information presented as location related data by the provider.

We use this information to authenticate you, identify your account, communicate with you, secure the service, prevent fraud and account takeover, and connect your login method to your customer record.

4. Payments (Stripe)

Payments are processed by Stripe, Inc. and or its affiliates, Stripe, acting as a payment processor. Payment card details are handled by Stripe in accordance with Stripe policies and industry security expectations.

What we do not store. We do not store full payment card numbers on our own servers as part of normal operation.

What we may receive from Stripe. We may receive limited payment-related information needed for billing and accounting, such as partial card brand or last digits where shown by Stripe tooling, payment status, charge identifiers, billing address elements if collected by Stripe, fraud risk indicators at a summary level where provided, dispute or chargeback metadata, refund status, subscription or invoice identifiers associated with Stripe billing objects if used, and similar operational records.

Stripe processes personal data as an independent controller for certain fraud and compliance purposes as described in Stripe documentation, and as a processor for other processing related to payment processing, depending on context and applicable terms.

5. Hosting, networking, security, and service logs

To deliver hosting and infrastructure services, we necessarily process technical and operational data. This may include IP addresses, connection metadata, traffic volumes, routing information, mitigation actions, anti-abuse signals, hypervisor and host logs, disk and performance metrics needed for operations, authentication to infrastructure management tools where applicable, and backups if offered as part of your plan.

We use this information to provide the contracted service, measure usage and quotas, secure networks, investigate abuse, respond to incidents, enforce acceptable use rules, meet legal obligations, and improve reliability and performance.

6. Support tickets, email, and communications

When you email us, open tickets, or contact us through other channels, we retain those communications as business records to provide support, resolve disputes, demonstrate service history, detect abuse, train internal quality where permitted, defend legal claims where necessary, and improve processes.

Ticket contents may include personal data you voluntarily include, including reproductions of logs or identifiers. Email messages sent to us are stored like other communications records.

We retain tickets and emails for as long as reasonably necessary for these purposes and delete or anonymize them when retention is no longer needed, subject to legal holds and Section 12.

7. Cookies and similar technologies

We use cookies and similar technologies where needed for basic website operation and security, including session authentication cookies for logged in areas when applicable.

Essential cookies. These are used to operate the site and secure sessions. They are typically necessary for requested functionality.

Analytics. Where we use analytics tools described as privacy oriented, they are intended to measure aggregated usage such as approximate visit volumes and general geographic regions at a coarse level. If any analytics cookies are not strictly essential under applicable law in your jurisdiction, we will rely on consent where required and provide controls where available.

You can control cookies through browser settings. Blocking essential cookies may prevent parts of the site from working correctly.

8. Legal bases for processing

Where GDPR applies, we rely on one or more of the following legal bases:

• Contract: processing necessary to provide services you request, manage accounts, billing references linked to Stripe workflows, customer support tied to your account, and security measures needed to deliver the service.
• Legal obligation: processing required for tax, accounting, invoicing retention, responding to lawful requests when valid, and similar duties.
• Legitimate interests: securing systems, preventing fraud and abuse, protecting users and networks, measuring reliability, improving service quality in a proportionate way, enforcing terms, defending legal claims, and operating a sustainable hosting business, where not overridden by your interests and rights.
• Consent: where required for certain cookies or communications, or where we explicitly ask for optional processing and you agree.

You may withdraw consent where consent applies, without affecting the lawfulness of processing before withdrawal, unless otherwise stated by law.

9. Purposes of processing

We process personal data for purposes including:

• Creating and managing accounts and authentication, including OAuth linking.
• Provisioning and operating VPS, web hosting, mail hosting, dedicated servers, VPN services where offered, and related infrastructure.
• Billing, invoices, receipts, disputes, refunds where applicable, and accounting records.
• Customer support and incident handling.
• Security monitoring, intrusion prevention, access control, anti-abuse enforcement, DDoS mitigation operations, rate limiting, and forensic review where justified.
• Compliance with applicable laws and responding to lawful requests.
• Internal logging and diagnostics to maintain and improve systems, consistent with Section 12.
• Communicating operational notices related to services, security, legal updates, and policy updates.

We do not use personal data for third party advertising profiling or resale as described in the introduction.

10. Recipients, processors, and sharing

We may share personal data with service providers who assist us in operating CyprusNode, subject to contracts and safeguards appropriate to the processing, including:

• Infrastructure and hosting suppliers such as data centers, cloud compute providers, networking providers, storage providers, backup providers where used, and related vendors needed to run services.
• Payment processors, primarily Stripe for payments as described above.
• Communication and support tooling providers used to operate tickets and email delivery.
• Authentication providers such as Google, GitHub, and Discord when you choose social login.
• Security vendors, monitoring tools, and operational tooling vendors used for logs and reliability.
• Professional advisers where required, such as lawyers or accountants under confidentiality duties.
• Law enforcement and regulators where we believe disclosure is required by applicable law or necessary to protect vital interests.

Where GDPR requires Article 28 processing terms, we aim to put appropriate agreements in place with processors. A current list of key subprocessors may be published on our website and updated from time to time.

11. International transfers

Some providers may process personal data outside the European Economic Area. Where required by GDPR, we implement appropriate safeguards such as Standard Contractual Clauses and supplementary measures where appropriate, or rely on adequacy decisions where applicable.

Providers such as Stripe and global authentication platforms may involve transfers according to their documentation and contractual mechanisms.

12. Retention and deletion

We retain personal data only as long as reasonably necessary for the purposes in this policy, including legal, accounting, security, dispute resolution, and fraud prevention needs.

• Account data: retained while your account is active and for a reasonable period afterward to recover mistakes, defend claims, and finalize billing.
• Tickets and emails: retained for operational and legal purposes and deleted or anonymized when no longer reasonably needed unless a longer retention is required by law.
• Security logs: retained for a rolling period consistent with incident investigation needs and industry practice, then deleted or minimized.
• Billing records: retained as required by tax and accounting rules.
• Hosting telemetry: retained as needed for billing measurement, abuse handling, capacity planning, and operational troubleshooting, then rotated or deleted according to internal schedules.

Self-service deletion. Where we provide account deletion or data deletion controls in your account settings, you may use those features to request deletion subject to technical limits and legal exceptions. Some records may need to remain for lawful reasons even if you delete an account.

Reasonable deletion practice. Where we say we delete data when reasonably appropriate, we mean we apply business, legal, and security constraints consistently, not that every copy in every backup system disappears instantly in all cases.

13. Security measures

We implement technical and organizational measures appropriate to the risk, which may include access controls, authentication, monitoring, segregation of environments, patching practices, backups where offered, encryption in transit where appropriate for services we control, operational review of access, and staff training.

No method of storage or transmission is completely risk free. If we become aware of a personal data breach involving your account information where GDPR requires notification, we will assess obligations and act in line with applicable law.

14. Customer content, end users, and controller versus processor roles

If you use CyprusNode services to host websites, mailboxes, databases, applications, VPN configurations, or other workloads that involve personal data about your own customers, visitors, employees, or users, you are typically the controller for that personal data and you decide the purposes and means of processing.

CyprusNode typically acts as a processor for that processing to the extent we host your content and infrastructure solely on your instructions and subject to our Terms of Service and any data processing terms we publish for business customers where applicable.

You are responsible for complying with privacy laws applicable to your end users, providing notices, obtaining lawful bases where required, honoring rights requests directed to you, and configuring services securely.

15. Automated decision-making and profiling

We do not intend to use automated decision-making that produces legal or similarly significant effects solely by automated means without human review. We may use automated systems for security, fraud screening at a provider level, spam filtering signals, rate limiting, and abuse detection. These systems support human decisions and enforcement of published rules.

16. Your privacy rights

Depending on your location and the facts, you may have rights under GDPR or other laws, which can include:

• Access to personal data.
• Rectification of inaccurate data.
• Erasure in certain cases.
• Restriction of processing in certain cases.
• Objection to processing based on legitimate interests in certain cases.
• Data portability for certain data provided to us where technically feasible.
• Withdrawal of consent where processing is based on consent.

To exercise rights, contact support@cyprusnode.com. We may need to verify your identity before fulfilling requests. We will respond within statutory timeframes where GDPR applies unless an extension is permitted.

17. Questions, requests, and complaints

For privacy requests and questions, email support@cyprusnode.com.

If you are located in the EEA or UK and believe our processing infringes applicable data protection law, you may lodge a complaint with your local supervisory authority.

For Cyprus, the supervisory authority is the Office of the Commissioner for Personal Data Protection. Official information is available through public government sources for current contact details and filing routes.

EU Online Dispute Resolution platform for consumer disputes information purposes: https://ec.europa.eu/consumers/odr/

18. Children

Our services are not directed to children under the age where they cannot lawfully provide consent for data processing in their jurisdiction without parental authority. If you believe a child provided personal data improperly, contact us and we will take reasonable steps to delete or restrict processing as appropriate.

19. Changes to this Privacy Policy

We may update this Privacy Policy by posting a revised version and changing the Last updated date. Material changes may also be communicated by email or the client area where practical. Continued use after the effective date may indicate acceptance where permitted by law.

20. No restriction of statutory rights

If applicable law grants you stronger rights than described here, those laws prevail to the extent required.

© 2026 CyprusNode — All rights reserved.
Affordable hosting solutions backed by real people. Your Mediterranean partner.