eitri ("we", "us", "our") is committed to protecting your privacy.
This policy explains what data we collect, why, and your rights.
1. Data We Collect
Information you provide
Account information -- name and email address when you
register.
Contact form submissions -- name, email, and message when you
contact us.
Newsletter subscriptions -- email address.
Payment information -- billing details processed by our payment
provider. We do not store card numbers.
Information collected automatically
Usage data -- VM creation, resource consumption, commands
executed via the Service.
Access logs -- IP address, request path, timestamp, and HTTP
status code.
SSH connection metadata -- connection times and public key
fingerprints.
Information we do not collect
We do not access the contents of your VMs except as necessary to
provide the Service or comply with law.
We do not use tracking cookies or third-party analytics.
2. Lawful Basis for Processing (GDPR)
Under the UK General Data Protection Regulation (UK GDPR), we process
your data on the following bases:
Contract -- processing necessary to provide the Service you
have signed up for (Art. 6(1)(b)).
Legitimate interests -- access logs and usage data for security,
fraud prevention, and service improvement (Art. 6(1)(f)).
Consent -- newsletter subscriptions and marketing, which you
can withdraw at any time (Art. 6(1)(a)).
Legal obligation -- where we are required to retain data by
law (Art. 6(1)(c)).
3. How We Use Your Data
To provide, operate, and maintain the Service.
To process payments and send billing-related communications.
To respond to your enquiries and support requests.
To monitor and improve security and performance.
To send you service updates. Marketing emails only with your
consent.
To comply with legal obligations.
4. Data Sharing
We do not sell your personal data. We may share data with:
Payment processors -- to handle billing (they act as
independent controllers for payment data).
Infrastructure providers -- who host our servers, acting as
data processors under contract.
Law enforcement -- where required by law or valid legal
process.
5. International Transfers
Your data is primarily processed in the United Kingdom. If we transfer
data outside the UK, we ensure appropriate safeguards are in place, such
as Standard Contractual Clauses or adequacy decisions.
6. Data Retention
Account data -- retained while your account is active and for
30 days after deletion.
Access logs -- retained for 90 days.
Contact form submissions -- retained for 12 months or until
resolved.
Payment records -- retained for 7 years as required by UK tax
law.
Newsletter subscriptions -- retained until you unsubscribe.
7. Your Rights
Under the UK GDPR, you have the right to:
Access -- request a copy of the personal data we hold about
you.
Rectification -- request correction of inaccurate data.
Erasure -- request deletion of your data ("right to be
forgotten").
Restrict processing -- request that we limit how we use your
data.
Data portability -- receive your data in a structured,
machine-readable format.
Object -- object to processing based on legitimate
interests.
Withdraw consent -- where processing is based on consent, you
may withdraw it at any time.
To exercise any of these rights, contact us at
dev@a73x.sh. We will respond within
one month.
8. Data Security
We use reasonable technical and organisational measures to protect your
data, including encrypted connections (TLS), SSH key authentication, and
access controls. No system is perfectly secure, and we cannot guarantee
absolute security.
9. Children
The Service is not directed at anyone under 18. We do not knowingly
collect data from children. If you believe we have, please contact us and
we will delete it.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of
material changes by email or via the Service. The "last updated" date at
the top indicates when changes were last made.
11. Complaints
If you are unhappy with how we handle your data, you have the right to
lodge a complaint with the Information Commissioner's Office (ICO) at
ico.org.uk.