HostingGuru
Discord Sign in Start free
Legal

Privacy Policy

Last updated: March 20, 2026

1. Introduction

HostingGuru ("we", "us", "our") operates the hostingguru.io platform, including the dashboard at dashboard.hostingguru.io and related services (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on our website prior to the change becoming effective.

2. What We Collect

We collect the following categories of personal data:

2.1 Account & Profile Data

When you create an account, we collect your name, email address, and authentication credentials. If you sign up via GitHub OAuth, we receive your GitHub username, profile information, and email address from GitHub.

2.2 Payment Data

When you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card number. Stripe provides us with a token, card brand, last four digits, and expiration date for display purposes. See Stripe's Privacy Policy.

2.3 GitHub Data

When you install our GitHub App, we access your repository names, branches, and metadata necessary to deploy your applications. We do not store your source code. Repository data is accessed in real-time via the GitHub API using short-lived installation tokens.

2.4 Deployment & Service Data

We collect data related to your deployments, including: service names, deployment status, build duration, framework detection results, environment variable names (values are encrypted — see Section 6), custom domain configurations, and deployment logs.

2.5 Workspace & Team Data

If you use workspaces, we store workspace names, member email addresses, roles (owner, admin, developer, viewer), and invitation records.

2.6 Contact & Communication Data

When you contact us through our contact form, we collect your email address, phone number (if provided), and message content.

2.7 Device & Usage Data

We automatically collect IP addresses, browser type, operating system, referring URLs, pages visited, and timestamps when you access the Service.

2.8 Database Credentials

If you use the Database add-on, we collect and store your database connection credentials (connection strings, host, port, username, and password) encrypted using AES-256-GCM at rest. These credentials are decrypted only when displayed to you in the dashboard and are never transmitted in plaintext. Database instances are provisioned and hosted by Neon (see Section 4).

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery — to create and manage your account, deploy your applications, process payments, and provide customer support.
  • Communication — to send you deployment status notifications, billing alerts, security notices, and respond to your inquiries.
  • Security — to detect and prevent fraud, abuse, and unauthorized access to your account and deployments.
  • Improvement — to understand how the Service is used and to improve functionality, performance, and user experience.
  • Legal compliance — to comply with applicable laws, regulations, and legal processes.

We do not sell your personal data to third parties. We do not use your data for advertising or profiling purposes.

4. How We Share Your Data

We share your data only with the following categories of recipients, and only as necessary:

  • Infrastructure providers — our cloud infrastructure partner hosts your deployed applications on European servers. They process server-level data (IP addresses, traffic) but do not have access to your account data.
  • Stripe — processes subscription payments. See Stripe's Privacy Policy.
  • GitHub — we interact with GitHub's API to access your repositories during deployment. See GitHub's Privacy Statement.
  • Resend — delivers transactional emails (billing notifications, deployment alerts). See Resend's Privacy Policy.
  • Neon — if you use the Database add-on, hosts managed PostgreSQL instances and processes your database connections. Neon projects are located in EU (Frankfurt) and US (Ohio). See Neon's Privacy Policy.
  • Slack — contact form submissions are forwarded to our internal Slack workspace for faster response times. No user data is stored in Slack beyond the message content.
  • Legal authorities — if required by law, court order, or governmental request.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

5. Cookies & Tracking

We use minimal cookies necessary for the Service to function:

  • Authentication cookies — to keep you signed in (JWT-based session tokens).
  • Preference cookies — to remember your workspace selection and UI preferences.

We do not use third-party advertising cookies, tracking pixels, or analytics services that profile users across websites.

6. Data Security

We take the security of your data seriously and implement the following measures:

  • Encryption at rest — environment variable values, database connection strings, database passwords, and other sensitive credentials are encrypted using AES-256-GCM before storage.
  • Encryption in transit — all connections to the Service use TLS/HTTPS.
  • Access control — workspace-level role-based access control (RBAC) ensures team members only access resources appropriate to their role.
  • Secret isolation — GitHub App private keys, API tokens, and Stripe secrets are stored server-side only and never exposed to the client.
  • Infrastructure security — our data centers are ISO/IEC 27001:2022 certified and GDPR compliant.

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately at hello@hostingguru.io.

7. Data Retention

  • Account data — retained for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.
  • Deployment data — deployment records and logs are retained for the lifetime of the service. When a service is deleted, associated data is removed within 30 days.
  • Payment data — billing records are retained for 7 years to comply with tax and accounting regulations.
  • Contact form data — retained for up to 12 months for follow-up purposes, then deleted.
  • Database snapshots — if you use the Database add-on, point-in-time recovery snapshots are retained for 3 days and automatically deleted thereafter. Databases are only deleted by explicit user action. If your account is terminated and databases have not been removed, they may be permanently deleted after 30 days.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 Rights Under GDPR (EU/EEA/UK)

If you are located in the European Union, European Economic Area, or the United Kingdom, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request that we limit the processing of your data.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

Our legal bases for processing your data include: contractual necessity (to provide the Service), legitimate interest (to improve and secure the Service), and consent (for optional communications).

You also have the right to lodge a complaint with your local data protection authority.

8.2 Rights Under CCPA (California)

If you are a California resident, you have the right to:

  • Know what personal data we collect and how it is used.
  • Request deletion of your personal data.
  • Opt out of the sale of personal data — we do not sell your data.
  • Non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at hello@hostingguru.io. We will respond within 30 days.

9. International Data Transfers

Your data is primarily stored and processed in European Union data centers. If you access the Service from outside the EU, your data may be transferred to and processed in the EU.

We ensure that any international data transfers comply with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Related policies