Privacy Policy
Last updated: 9 July 2026
1. Who is responsible
The data controller is Bytewave OÜ (Estonia), the company operating GHosting. To exercise any of your rights or ask questions, see contact.
2. What we collect and why
- Account data — your email address and a hashed password (never the password itself). Needed to run your account and reach you about your servers. Legal basis: performance of contract.
- Orders and invoices — what you bought and when. Legal bases: performance of contract and our legal accounting obligations.
- Payment data — handled entirely by Stripe. We receive confirmation of payment and the last digits of your card for reference; we never see or store full card numbers.
- Support messages — the content of tickets you open, so we can help you. Legal basis: performance of contract.
- Server data — the game files, configuration and logs of your rented server, processed only to provide the hosting service.
- Usage analytics — aggregate, cookieless page-view counts derived from one-way-hashed request data. We cannot identify or follow individual visitors, and we do not use advertising or cross-site tracking. Legal basis: legitimate interest in understanding site usage.
3. Cookies and local storage
We use no tracking or advertising cookies. When you log in, a session token is stored in your browser so you stay signed in — that is the extent of it, which is why you don't see a cookie banner here.
4. Who we share data with
Only processors necessary to run the service: Stripe (payments), our transactional email provider (delivery of account and billing emails), and European infrastructure providers that physically host our servers. We never sell your data.
5. How long we keep it
- Account data: for as long as your account exists. You may ask us to delete it at any time.
- Invoices and order records: 7 years, as required by Estonian accounting law.
- Server files: deleted no earlier than 7 days after your subscription ends.
- Aggregate analytics: indefinitely — it contains no personal data.
6. Your rights
Under the GDPR you can request access to, correction of, deletion of, or a portable copy of your personal data, and you can object to processing based on legitimate interest. Write to us via the contact page and we will respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.
7. Changes
If we change this policy in a way that affects you materially, we will email account holders before the change takes effect.