Privacy Policy

Effective Date: 24/10/2025

Ezee2Host Private Limited (“Ezee2Host”, “we”, “us”, “our”) is committed to protecting your privacy and personal data. This Policy explains how we collect, use, disclose, and safeguard your Personal Data in compliance with applicable laws, including the EU GDPR, California’s CCPA/CPRA, and India’s Digital Personal Data Protection Act (2023).

For any questions or requests about your data, you may contact our Data Protection Officer at [email protected].

1. Information We Collect

We collect information that you provide to us when using our services, as well as information automatically collected through your use of our website and platform. We do not collect more information than is necessary for each purpose.

• Account Registration: To create an Ezee2Host account, we require your email address and a password. We may also ask for your name and contact details (postal address, phone) when necessary (e.g. billing or service registration). This data is needed for our contract with you and for legal compliance (e.g. invoicing, identity verification).
• Identity Verification: When you register domains through us, we must obtain your domain ownership details (per ICANN rules). We may ask for government-issued ID (passport, driver’s license, etc.) to verify identity. ICANN requires accurate WHOIS contact data, which we will submit to domain registries.
• Payment Information: For purchases (hosting plans, domains), we collect billing details (name, address). We use PCI-compliant payment processors, so we do not store your full credit card number or CVV. We may retain only the last four digits of your card for reference, as allowed by PCI-DSS.
• Contact and Support: If you contact us (via email, chat, phone, or ticket), we collect the communication and any information you include (for troubleshooting and support). We log dates and outcomes of support calls for quality purposes. Call recordings (if any) are kept securely for no more than 30 days for training and quality assurance.
• Business Email / Google Workspace: If you subscribe to our Business Email or Google Workspace services, we collect the information needed to set up those accounts (e.g. domain name, user details). Any data hosted with Google Workspace is subject to Google’s privacy controls. We use Google Analytics to understand website usage patterns; only non-identifying data (pages visited, IP country, etc.) is collected for analytics purposes. (See Cookies Policy for details.)

Information Collected Automatically

• Log and Device Data: When you visit our site or use our platform, we automatically log information such as your IP address, browser type, operating system, and pages viewed. This helps us secure and improve our services. We may correlate IP addresses with general geographic location to comply with tax and regulatory requirements.
• Cookies and Tracking: We use cookies and similar technologies (e.g. tracking pixels) on our websites and apps. Cookies help us keep you logged in, remember preferences, and analyze usage. You can manage cookie settings via our Cookie Policy. For example, we use Google Analytics (by Google, Inc.) to track site visits. Google uses cookies to identify repeat visits, as described in their policy.
• Abuse Prevention: To prevent fraud or abuse of our services, we analyze account activity, payment history, and service usage patterns. Automated tools flag suspicious behavior (e.g. unusual resource usage, repeated failed logins) and may temporarily limit service to protect all users. These fraud-prevention checks are necessary to maintain a safe platform.

2. How We Use Your Data

We use your personal data only for the purposes we collected it for, as outlined below:

• Provide Services: To deliver and manage hosting, domain, email, and related services. This includes activating your services, troubleshooting issues, and customizing features.
• Account Management: To verify your identity, process orders/payments, send service notices (like renewal reminders), and manage your account (e.g. password resets, security alerts). We may send you important administrative messages by email or SMS (no opt-out from these as they are essential to your account).
• Customer Support: To respond to your inquiries and support requests. We use your data (contact info, account data) to troubleshoot and improve our support.
• Legal Compliance: To comply with laws and regulations. For example, we retain billing records to meet tax and accounting rules, and we share data with law enforcement if legally compelled.
• Communication: We send marketing emails (product announcements, promotions) only if you have opted in or where allowed by law. You can opt out of marketing messages anytime. Transactional messages (e.g. payment confirmations, service alerts) are sent as needed to manage your account and services. (California law grants you the right to opt out of the sale of your data and to know what we collect; we do not sell your personal information.)
• Analytics and Improvement: We analyze aggregated (non-personal) data to improve our services. This includes usage trends and performance metrics.
• Security: To protect against fraud and abuse. We use your information to monitor our network and to investigate suspicious activities. Appropriate safeguards (encryption, firewalls, access controls) are in place as required by law.

3. Sharing Your Data

We do not sell your personal data. We only share data as follows:

• Service Providers: We may share personal information with trusted third parties who perform services on our behalf (e.g. data centers, payment processors, email hosts, analytics providers). Each such provider is under contract to keep data secure and use it only to perform the requested service. For example, Google (for Gmail/Analytics), Ravelin (fraud prevention), etc.
• Domain Registries: When you register a domain, we submit your WHOIS contact info to domain registries. ICANN rules require publishing registrant data in the public WHOIS database. However, we apply WHOIS privacy protection by default for eligible domains to hide your personal details. (A few TLDs do not allow privacy; in those cases, your data will be public as required by the registry.)
• Affiliates and Partners: Ezee2Host is part of a global group. We may share data with our affiliates and subsidiaries to operate the business. Such affiliates are subject to this Privacy Policy.
• Legal Authorities: We will disclose personal data if required by law or in good-faith belief that disclosure is necessary to comply with a legal obligation, protect rights, or prevent harm (e.g. lawful subpoenas, court orders, or emergency situations).
• Marketing and Advertising: We may share anonymized or aggregated data (which cannot identify you) with advertisers or for marketing analytics. No personally identifying data is sold or shared for third-party marketing without your consent.

4. Your Rights

You have a variety of rights regarding your personal data. We will fulfill requests in accordance with applicable law. These include:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can ask us to update or correct inaccurate or incomplete data (you can also do this directly by logging into your account).
• Deletion (Erasure): You can request we delete your personal data. We will delete your account and data when requested, except for data we must retain for legal compliance (e.g. financial records).
• Portability: You may request your data in a structured, machine-readable format to transfer to another service.
• Object/Restrict: You can object to processing based on legitimate interests, or to direct marketing at any time. (For instance, to stop marketing emails, use the unsubscribe link or update your preferences in your account.)
• Consent Withdrawal: If we rely on consent to process any data (e.g. marketing), you may withdraw that consent at any time.
• California Privacy Rights: If you are a California resident, you can request to know what personal data we have collected about you, the purposes, and with whom it is shared, and you can request deletion of your data as permitted by law. We do not discriminate or retaliate against you for exercising these rights.

To exercise any right, please email [email protected] with your request. We will respond within the timeframes required by law. If we require verification of identity before fulfilling a request, we will let you know.

5. Data Retention

We keep your personal data only as long as necessary:

• Active Account Data: Personal data related to your account (contact info, service usage) is retained while your account is active. After account deactivation or deletion, we anonymize or remove personal identifiers, though we may keep minimal records (e.g. username replaced with “[email protected]”) to prevent abuse (e.g. banned user) or for legal recordkeeping.
• Transactional Data: Billing and payment records are kept for the period required by law (typically 7+ years for tax/audit purposes).
• Support Communications: Tickets, emails, and call logs are kept as long as needed to resolve issues (and up to 365 days for potential follow-up, then erased when feasible).
• Marketing Data: We retain marketing email lists or survey results only as long as consent is active (usually up to 36 months for SMS/WhatsApp marketing per our policy) or as required by applicable law. You may opt out at any time.
• Logs and Security Data: System logs (for security and debugging) are kept for a limited time (typically 365 days), then overwritten or deleted according to our retention schedule.

Once data is no longer needed for its original purpose (or to meet a legal requirement), we will securely delete or anonymize it. This follows the DPDP/GDPR principle of limiting storage duration.

6. Data Transfers

Your data may be processed and stored in India and other countries (e.g. EU, US, Singapore) to operate our global services. When we transfer EU or UK personal data outside those regions, we use appropriate safeguards (such as EU Standard Contractual Clauses) to ensure it is protected. Our international transfers comply with GDPR requirements and, in India, recent guidance does not impose extra restrictions beyond those protections. If your country has data residency laws, we will respect any localization obligations that apply.

7. Security Measures

We implement “appropriate technical and organizational measures” to protect your personal data. These include:

• Encryption of data in transit (TLS/SSL) and at rest (disk/database encryption).
• Regular security audits and vulnerability scans.
• Strong access controls: systems are password- and 2FA-protected; only authorized staff can access personal data.
• Firewalls, intrusion detection, and anti-malware on our servers.
• Secure data center facilities and strict personnel controls.

Despite these efforts, no system is 100% secure. If a data breach occurs, we will promptly notify affected users and authorities as required by law.

8. Children’s Privacy

Our services are not directed to children under the age of [16/18] (select appropriate age for jurisdictions). We do not knowingly collect personal data from minors. If we learn that a child’s data has been collected without parental consent, we will delete it immediately.

9. Cookies and Third-Party Links

We use cookies on our websites. For details on our use of cookies and how to manage them, please see our Cookie Policy. Our sites may contain links or embedded content from other sites (e.g. social media). We are not responsible for those third parties’ privacy practices.

10. Your Communications Choices

You can manage your communication preferences at any time:

• To unsubscribe from marketing emails, click the “unsubscribe” link in our emails or update your preferences in your account.
• To stop SMS/WhatsApp marketing, reply “STOP” or contact support.
• You can always turn off non-essential cookies in your browser or device settings.
• To opt out of Google Analytics tracking, use Google’s opt-out tool.

Even if you opt-out of marketing, we will still send you transactional/service messages as needed to operate your account (e.g. renewal notices).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post any changes on our website and, if significant, notify you by email or in your account. Please review the policy periodically. Your continued use of Ezee2Host services after changes means you accept the updated policy.

12. Data Hosting on AWS Cloud (Amazon Web Services)

Your data is securely hosted on Amazon Web Services (AWS) cloud infrastructure, primarily in the Mumbai (ap-south-1) region. AWS provides industry-leading security, including AES-256 encryption at rest and TLS/SSL encryption in transit, ensuring your information remains protected at all times. AWS data centers are ISO 27001, SOC 1/2/3, and PCI DSS certified, with 24/7 monitoring and multi-layered access controls.
Ezee2Host retains ownership of all customer data; AWS acts only as a data processor, managing storage and infrastructure under our direction. Your data will not be transferred outside the selected region except where legally required or for backup redundancy.

13. Data Hosting on Google Cloud Platform (GCP)

Ezee2Host may also utilize Google Cloud Platform (GCP) for select services and future infrastructure expansion. GCP data centers implement AES-256 encryption at rest and HTTPS/TLS encryption in transit to safeguard customer data. All Google data centers adhere to strict compliance standards, including ISO 27001, SOC 2/3, and GDPR.
Google acts solely as a data processor, and any customer data stored or processed within GCP remains fully owned and controlled by Ezee2Host. Data will only be processed according to our instructions and will not be used by Google for advertising, analytics, or AI/ML model training. GCP may replicate data across multiple secure regions for redundancy and reliability, always in accordance with applicable data protection laws.

14. Contact Us

If you have questions or complaints about this Policy or our privacy practices, please contact our Data Protection Officer at [email protected]. You may also lodge a complaint with your local data protection authority if needed.