We collect only what we need to deliver and support our services.
- Account & Contact Data: name, email address, company, billing details.
- Service Configuration Data: domain, DNS records, user lists, role permissions.
- Usage & Device Data: IP address, logs, browser/OS, timestamps for security and diagnostics.
- Support Data: tickets, chat transcripts, migration artifacts you share with us.
- Payment Data: processed by our payment provider; we store references, not full card numbers.
- Cookies & Similar Tech: described in the Cookies section below.
Sensitive data is not required unless your use case demands it; if provided, you are responsible for having a lawful basis and informing data subjects.
- Provide and maintain services: account creation, provisioning, backups, updates.
- Security: threat detection, abuse prevention, identity verification, multi-factor enforcement.
- Support & Operations: troubleshooting, migrations, incident communications.
- Billing & Invoicing: subscriptions, renewals, tax compliance.
- Product Improvement: analytics on feature usage to enhance reliability and UX.
- Legal Compliance: regulatory requests, dispute handling, and record-keeping.
Links: Terms of Service – Data Protection · SLA & Uptime – Monitoring
Where the GDPR applies, our primary legal bases are:
- Contract (Art. 6(1)(b)): to provide the services you subscribe to.
- Legitimate Interests (Art. 6(1)(f)): securing our platform, preventing abuse, improving services—balanced against your rights.
- Consent (Art. 6(1)(a)): for optional communications and non-essential cookies.
- Legal Obligation (Art. 6(1)(c)): tax, accounting, and regulatory duties.
Where PDPA Malaysia applies, we process personal data for purposes notified to you, with your consent where required, and with safeguards consistent with the Act.
We retain personal data for as long as necessary to deliver services and meet legal obligations, then delete or anonymize it.
- Account data: kept for the subscription term and a limited period after cancellation for invoicing and dispute resolution.
- Service logs: typically 30–365 days depending on component and security needs.
- Backups: encrypted and rotated; retention varies by product tier.
You may request deletion of your account data where permitted. Some records may be retained to comply with law or to establish, exercise, or defend legal claims.
We operate with regional hosting and vetted sub-processors. Where data leaves its origin region, we apply appropriate safeguards.
- EU/EEA data: transferred under GDPR mechanisms such as Standard Contractual Clauses and risk assessments.
- Malaysia and APAC: safeguarded via contractual protections and technical controls.
- Access controls: least-privilege, logging, and approvals for cross-border support access.
- Encryption: TLS in transit; encryption at rest for supported products.
- Account Security: MFA support, session and device limits, admin controls.
- Infrastructure: firewalls, network segmentation, WAF, DDoS protection, monitored 24/7.
- Backups & DR: routine backups, integrity checks, recovery runbooks.
- Change Management: staging, approvals, and monitoring for deployments.
- Personnel: background checks where lawful, confidentiality obligations, role-based access.
Depending on your location, you may have rights to:
- Access and portability of your personal data.
- Rectify inaccurate or incomplete data.
- Delete data (erasure) and restrict processing.
- Object to processing based on legitimate interests or direct marketing.
- Withdraw consent at any time, where processing relies on consent.
We will respond within applicable timelines. If you act as a controller and we are your processor, we assist you in fulfilling data subject requests as described in our Terms.
We use cookies and similar technologies to run the site and understand usage.
- Strictly Necessary: login sessions, security, load balancing.
- Preferences: language and UI settings.
- Analytics: aggregate insights to improve reliability and UX.
Where required, we ask for consent for non-essential cookies. You can change preferences in your browser or our cookie settings panel (where available). See also Terms – Privacy.
We use specialized service providers (sub-processors) for infrastructure, email delivery, payments, support tooling, and analytics.
We vet each provider for security, confidentiality, and data protection commitments, and bind them by contract. Categories may include: cloud infrastructure, CDN, DNS, payment processing, email/SMS delivery, customer support, logging/monitoring, and fraud prevention.
We maintain and update a list of sub-processor categories and, where required, notify customers prior to material changes.
If you have questions about this policy or wish to exercise your rights, contact our Data Protection Officer (DPO):
Email: info@hellomailhost.com
Address: 727, Jalan PJU 1/11Pju 1, 47301 Petaling Jaya, Selangor
Please include your account email and a clear description of your request.
How can I help you?