Legal

Privacy Policy

How Storiza collects, uses, and protects your information.

Last updated: July 16, 2026

Storiza — Privacy Policy

Last updated: 2026/07/16

This Privacy Policy explains what personal data Storiza ("Storiza", "we", "us", "our") collects, why we collect it, how we use and protect it, and the choices you have. It applies to the website storiza.store, our customer portal, and all Services we provide (including VPS and RDP services). It forms part of, and should be read together with, our Terms of Service.

By creating an account or using our Services, you acknowledge this Policy.


1. Data We Collect

1.1 Account Data

When you register, we collect: name or username, email address, password (stored hashed, never in plain text), and optionally country and phone number.

1.2 Billing Data

When you purchase a Service, we collect: invoices, order history, transaction IDs, the payment method type used, billing country, and Storiza Wallet balance and history.

We do not store your full card number, CVV, or payment credentials. Payments are processed by third-party payment providers (see Section 5); we receive only confirmation of payment and limited metadata (e.g., last 4 digits, provider reference).

1.3 Technical & Usage Data

When you use our website or panel, we automatically collect: IP address, browser and device information, login timestamps, pages visited, and actions performed in the control panel (e.g., server restarts, reinstalls). This data is used for security, fraud prevention, and troubleshooting.

1.4 Service Data

To operate your VPS/RDP Service, our systems process: the IP address(es) assigned to your server, resource usage metrics (CPU, RAM, disk, bandwidth), uptime data, and network flow metadata used for capacity planning and DDoS mitigation.

1.5 Support Communications

When you contact us, we keep the content of your tickets and related correspondence, along with any information you choose to include in them.

1.6 Content on Your Server

Data you store or run on your server ("Customer Content") belongs to you. We do not access, read, or monitor the contents of your server in the ordinary course of business. We may access Customer Content only:

  • (a) with your consent or at your request (e.g., a support task);
  • (b) to investigate a suspected violation of our Acceptable Use Policy, based on network-level indicators;
  • (c) where required by law or a valid legal order; or
  • (d) in critical emergencies affecting the security or stability of our infrastructure.

2. How We Use Your Data

We use the data described above to:

  • (a) create and manage your account;
  • (b) provision, operate, and maintain your Services;
  • (c) process payments, issue invoices, and manage renewals and refunds;
  • (d) provide technical support and verify service ownership;
  • (e) send service notifications — renewal reminders, expiration notices, maintenance and incident announcements, and changes to our terms;
  • (f) detect and prevent fraud, abuse, AUP violations, and attacks (including DDoS mitigation);
  • (g) monitor and improve performance, capacity, and reliability;
  • (h) comply with legal, tax, and accounting obligations;
  • (i) send marketing or product emails, only where permitted and always with an opt-out (Section 8).

We do not sell your personal data to anyone.


Where applicable law (such as the GDPR for customers in the EU/EEA/UK) requires a legal basis, we rely on:

  • Contract — most processing (account, provisioning, billing, support) is necessary to deliver the Services you purchased;
  • Legitimate interests — security, fraud and abuse prevention, network protection, and service improvement;
  • Legal obligation — retaining invoices and tax records, responding to lawful requests;
  • Consent — marketing emails and non-essential cookies, which you can withdraw at any time.

4. Cookies & Analytics

4.1 We use cookies and similar technologies for:

  • (a) Essential purposes — login sessions, security, and cart/checkout functionality (these cannot be disabled);
  • (b) Preferences — remembering settings such as language;
  • (c) Analytics — understanding how the site is used so we can improve it.

4.2 You can control non-essential cookies through your browser settings. Blocking essential cookies may break login and checkout.


5. Sharing Your Data

We share personal data only with parties necessary to run the Services:

  • (a) Payment providers — to process your payments. They handle your payment credentials under their own privacy policies.
  • (b) Infrastructure and datacenter providers — the physical servers and networks hosting your Services. They process technical data (such as assigned IPs and traffic) as needed to provide connectivity and DDoS protection.
  • (c) Email delivery providers — to send transactional and (where opted in) marketing emails.
  • (d) Law enforcement and authorities — where required by applicable law, a court order, or a valid legal request, or where necessary to investigate fraud, abuse, or threats to safety. Where legally permitted, we will notify you of such requests.
  • (e) Business transfer — if Storiza is acquired or merges with another entity, customer data may transfer as part of that transaction; this Policy will continue to apply until amended.

We never share your data with third parties for their own advertising.


6. International Transfers

Our infrastructure and service providers may be located in countries other than your own. Where data is transferred across borders, we take reasonable steps to ensure it receives an adequate level of protection consistent with this Policy and applicable law.


7. Data Retention

  • (a) Account data — retained while your account is active. If you request account deletion, we delete or anonymize personal data within 30 days, except data we must keep (below).
  • (b) Billing records and invoices — retained as required by tax and accounting law.
  • (c) Server data (Customer Content) — deleted according to the schedule in our Terms of Service: services are suspended at expiration and permanently deleted after the grace period. Deleted server data is unrecoverable.
  • (d) Backups — internal disaster-recovery backups expire and are overwritten.
  • (e) Support tickets — retained for 3 years for quality and dispute-resolution purposes.
  • (f) Security and access logs — retained for 3 years or longer where needed for an active investigation.
  • (g) Abuse/fraud records — where an account was terminated for fraud or AUP violations, we retain minimal identifying data to prevent re-registration.

8. Marketing Communications

8.1 Transactional emails (invoices, renewal reminders, expiration and incident notices, changes to terms) are part of the Service and cannot be opted out of while you hold active Services.

8.2 Marketing and product-announcement emails are optional. Every such email contains an unsubscribe link, and you can opt out at any time without affecting your Services.


9. Security

9.1 We protect your data using measures including: TLS encryption for data in transit, hashed passwords, access controls limiting staff access to what their role requires, network firewalls, and DDoS mitigation.

9.2 No system is 100% secure. In the event of a data breach affecting your personal data, we will notify affected customers and any required authorities without undue delay, as required by applicable law.

9.3 Your responsibilities: you are responsible for the security of your own server (updates, credentials, firewall rules) and of your account password. Enable strong, unique passwords and two-factor authentication.


10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • (a) access a copy of the personal data we hold about you;
  • (b) correct inaccurate or incomplete data;
  • (c) delete your personal data (subject to legal retention requirements in Section 7);
  • (d) object to or restrict certain processing;
  • (e) portability — receive your data in a machine-readable format;
  • (f) withdraw consent for consent-based processing (e.g., marketing) at any time;
  • (g) complain to your local data protection authority.

To exercise these rights, open a support ticket or email [email protected]. We may need to verify your identity before acting on a request. We respond within [30 days] unless the law allows an extension.

Note: deleting your account does not delete invoices and billing records we are legally required to keep, and cannot recover server data already deleted under the Terms of Service.


11. Children

Our Services are not directed at children under 13. Users under 18 require the consent of a parent or legal guardian (see Terms of Service). We do not knowingly collect personal data from children under 13; if we learn we have done so, we will delete it.


Our website may link to third-party sites (e.g., payment providers, documentation, community channels). Their privacy practices are their own; this Policy does not apply to them.


13. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced on storiza.store and/or by email to affected customers. The "Last updated" date at the top reflects the current version. Continued use of the Services after changes take effect constitutes acceptance.


14. Contact

Privacy questions and data requests: [email protected] Support: via the ticket system at storiza.store

[PLACEHOLDER] If required in your jurisdiction, add a Data Protection Officer or registered address here.