Privacy Policy
Last Updated: August 25, 2025
Hi there, We’ve always tried to keep our Privacy Policy simple and easy to read. Some parts have to sound a bit formal because the law requires it, but beyond that, our goal is straightforward: we want you to understand what happens with your data and to feel in control of it. We’re not here to sell or exploit your information. We just want to offer you a service that works well, and sometimes that means using things like cookies to keep everything running smoothly. At the end of the day, your trust means everything to us. We respect your privacy, and we’ll always treat your data with care.
0. Introduction
This Privacy Policy explains how Zenith Hosting KLG ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal data when you use our services ("Services").
We want you to understand what happens with your data and to feel in control of it. This document sets out the purposes of processing, our legal obligations, and your rights under the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).
By using our Services, you acknowledge that you have read and understood this Privacy Policy.
1. What Data We Collect
- Directly from you:
- Your email, account details
- Messages and support requests
- Automatically:
- IP address, browser and OS details, server interaction data
- Last login and activity times
- Approximate location (from IP address)
- Payment information (via Stripe)
- Automatic generated IDs (cookies, user IDs)
2. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Account setup and management | Identity, technical data |
| Providing our services | Identity, usage, technical |
| Processing payments | Identity, payment info |
| Customer support | Identity, communications |
| Website improvement/analytics | Usage, technical data |
| Security and fraud prevention | Usage, technical data |
3. Sharing Your Data (Third Parties)
We only share your data with trusted partners for essential operations:
- Polar.sh (EU/USA): Payment processing and Merchant of Record services.
- Brevo.com (France): Transactional email (for signup, password resets, etc.) and customer support livechat and email.
- instatus (USA): Service status monitoring and notifications. Only when accessing our status page.
- bunny.net (Slovenia): Content delivery and DNS (improves loading speeds globally).
- PostHog EU (EU): Analytics, userId and email.
- Cloudflare (USA/EU): Security and web performance.
- Hetzner (Germany/Helsinki): Server hosting.
- Spur (USA): Fraud detection and connection risk assessment on login and checkout pages.
- Axiom (USA): Logging. Can include userId and email. We retain logs for 90 days.
- Neon.tech (USA): Database hosting and management.
- Arcjets (USA): Bot detection and mitigation.
We also run some self-hosted services:
- Plausible Analytics (self-hosted): Anonymous usage analytics.
If you log in to our website we automatically redirect you to your mail provider to handle your login.
All partners comply with the GDPR and Swiss FADP or provide adequate safeguards for Swiss/EU data. Polar.sh acts as our Merchant of Record and handles all payment data processing, tax compliance, and customer invoicing in accordance with international regulations.
4. International Data Transfers
- Mostly within Switzerland/EU: All processing happens in the EU or Switzerland except for a few services (see above).
- Safeguards: For transfers outside Switzerland/EU, we rely on Standard Contractual Clauses and similar legal protections.
5. Data Retention
| Data Type | How Long? |
|---|---|
| Account data | 3 months after last login (if no servers) |
| Payment data | 10 years (legal compliance) |
| Analytics data | 7 years |
| Support data | As long as necessary for support |
| Error data | As long as necessary |
| Auth cookies | 7 days |
Note on payment data: Payment processing is handled by our Merchant of Record Polar.sh. While we retain payment data for 10 years to meet Swiss legal obligations, Polar also retains payment records only as long as required by applicable law (such as tax, accounting, or anti-fraud regulations). Payment records are deleted when no longer required for legal compliance. Upon valid GDPR requests, Polar will delete data not subject to mandatory retention requirements.
This 10-year payment data retention period is in accordance with Swiss Code of Obligations Art. 958f on the "Führung und Aufbewahrung der Geschäftsbücher" (Management and Retention of Business Records). For more details, see the official text here.
When you delete your account, associated data is erased unless we’re legally required to retain it (e.g., payment records). In some cases, basic identifiers (like account ID or email) may be kept for up to 10 years if required for legal, tax, or contractual purposes. You may also request specific deletions by contacting us.
6. Your Rights (FADP & GDPR)
As a user of our website, you have the right to:
- Information & access: Ask what data we hold and receive a copy.
- Correction/rectification: Fix incorrect data.
- Deletion: Request deletion (“right to be forgotten”).
- Restriction/Objection: Limit or object to how we use your data.
- Portability: Get your data in a readable format.
- Withdraw consent: Anytime for analytics/cookies/marketing.
- Automated decisions/profiling: Ask for human review.
Just email support@zenith.ms to use these rights—we’ll answer within 30 days.
7. Cookies & Tracking
- Essential cookies: Login/session (expire after 7 days), Cloudflare security.
- Functional cookies: Brevo Live Chat (support chats, up to 1 year).
- Third-party cookies: Polar.sh (payments).
On your first visit, you’ll see a cookie banner to accept or reject non-essential cookies.
8. Data Security
We use industry-standard safeguards:
- HTTPS encryption for all data in transit
- Access controls, regular staff training, and security audits
- Data minimized to what’s strictly necessary
9. Data Breach Response
If there’s a data breach risking your rights, we’ll notify both you and the Swiss Federal Data Protection and Information Commissioner (FDPIC) within 72 hours.
10. Privacy by Design
We collect only what’s needed, limit data use to stated purposes, and update/delete it as required.
11. Children’s Privacy
Children under 13 need parental consent to use our services. If you’re under 13, please get permission first. If you think we have data from a child under 13 without consent, contact us to delete it.
12. Policy Updates
We’ll let you know about significant changes via email and update this document’s date.
13. Contact
Questions or requests? Email: support@zenith.ms
By using our Services, you acknowledge that you have read and understood this Privacy Policy.
By using our Services, you acknowledge that you have read, understood, and agreed to this document.