← HostingBrain

Privacy Policy

Version 0.1 (pre-launch draft) — last updated 2026-07-04

1. Two kinds of data

We process (a) account data about you as a user, and (b) observational data about public internet infrastructure, which is what the product analyses.

2. Account data

Email, organisation, access-key hashes, and usage records (which tools were called, with which parameters, when). Purpose: providing the service, enforcing usage limits, abuse prevention, and product improvement. Query parameters are reduced to theme-level aggregates after 90 days (research confidentiality). We do not sell account or usage data, and query subjects are never disclosed to other customers.

3. Observational data & GDPR

Our dataset is derived from publicly available internet infrastructure signals (DNS configuration, certificates, web server responses) at domain level. Where a domain belongs to a sole proprietor, some of this may constitute personal data under GDPR. We process it under legitimate interest (Art. 6(1)(f)): market research on aggregate infrastructure, with data minimisation — no consumer profiling, no marketing to data subjects, aggregate-level reporting by default.

Your rights: if a domain concerns you, you may request access, correction or objection at [email protected]. Objections are honoured by excluding the domain from analytical output.

4. Processors & transfers

Infrastructure runs on our own EU-located hardware behind Cloudflare (CDN/security; EU data residency where available). Payment processing (when launched) by Stripe. No other processors. [Draft note: add processor list + DPA references at launch.]

5. Retention

Account data: life of the account + 12 months. Usage events: 90 days at parameter level, aggregates thereafter. Observational data: retained as the historical record that the product's time-series analysis is built on.

6. Contact

Controller: HostingBrain ApS (under formation), Denmark[email protected]. CVR published upon registration. You may lodge a complaint with your supervisory authority (Denmark: Datatilsynet).