1. Introduction
At Laravel ("Company," "we," "us," or "our"), we are committed to protecting your privacy and safeguarding the personal data you entrust to us. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our websites, services, and products (collectively, the "Services").
By using our Services, you consent to the practices described in this Privacy Policy. We encourage you to read this document carefully and contact us if you have any questions.
2. Information We Collect
We collect information in several ways to provide and improve our Services:
2.1 Information You Provide
- Account Information: Full name, email address, phone number, billing/mailing address, company name (if applicable), and login credentials
- Payment Information: Credit/debit card numbers, bank account details, and billing details processed securely through PCI DSS-compliant third-party payment processors. We do not store full card numbers on our servers
- Support Communications: Content of support tickets, live chat transcripts, phone call recordings (with consent), and email correspondence
- Domain Registration Data: WHOIS registrant information including name, address, phone, and email as required by ICANN policies
2.2 Information Collected Automatically
- Technical Data: IP addresses, browser type and version, operating system, device type, screen resolution, and language preferences
- Usage Data: Pages visited, features used, click patterns, time spent on pages, referral URLs, and search queries within our platform
- Server Logs: Access logs, error logs, and security event logs generated by your hosting account
- Cookies & Tracking: Session cookies, persistent cookies, and similar tracking technologies (see Section 8 below)
2.3 Information from Third Parties
- Payment verification data from payment processors
- Fraud prevention data from security services
- Domain WHOIS data from registrars and registries
3. How We Use Your Information
We process your personal data based on the following legal bases and purposes:
- Service Delivery (Contract): To create and manage your account, provision hosting services, process domain registrations, issue SSL certificates, and deliver the Services you have purchased
- Billing & Payments (Contract): To process payments, send invoices, manage subscriptions, handle refunds, and prevent fraudulent transactions
- Communications (Legitimate Interest): To send service-related notifications (outages, maintenance, renewals), respond to support inquiries, and deliver important account updates
- Security & Fraud Prevention (Legitimate Interest): To detect and prevent unauthorized access, abuse, DDoS attacks, malware, and other security threats to our infrastructure
- Service Improvement (Legitimate Interest): To analyze usage patterns, conduct performance monitoring, troubleshoot issues, and develop new features
- Legal Compliance (Legal Obligation): To comply with applicable laws, regulations, court orders, and government requests
- Marketing (Consent): With your explicit consent, to send promotional emails, newsletters, and special offers. You may opt out at any time
4. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your data only in the following limited circumstances:
- Service Providers: Trusted third-party vendors who assist us in operating our Services, including payment processors (Stripe, PayPal, Flutterwave, Paystack), domain registrars, SSL certificate authorities, CDN providers (Cloudflare), and email delivery services. These providers are contractually bound to process your data only for the purposes we specify and in accordance with applicable data protection laws
- Legal Requirements: When required by law, regulation, court order, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others
- Business Transfers: In connection with a merger, acquisition, reorganization, asset sale, or bankruptcy proceeding, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy
- With Your Consent: In any other case, we will share your data only with your explicit consent
5. Data Security
We implement comprehensive security measures to protect your personal data, including:
- TLS/SSL encryption for all data in transit between your browser and our servers
- AES-256 encryption for sensitive data at rest, including payment tokens and passwords (bcrypt-hashed)
- Network-level protection including hardware firewalls, intrusion detection/prevention systems (IDS/IPS), and DDoS mitigation
- Role-based access controls limiting employee access to personal data on a need-to-know basis
- Regular security audits, penetration testing, and vulnerability assessments
- Employee security training and confidentiality agreements
- SOC 2 Type II compliant infrastructure and processes
While we employ industry-leading security practices, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will promptly notify affected users in the event of a data breach as required by law.
6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:
- Active Accounts: Data is retained for the lifetime of your account plus 90 days after account closure
- Backup Data: Removed from backup systems within 90 days of account deletion
- Billing Records: Retained for 7 years to comply with tax and financial reporting obligations
- Server Logs: Access and error logs are retained for 90 days; security logs for up to 1 year
- Support Tickets: Retained for 3 years after resolution to assist with future inquiries
- Marketing Data: Until you unsubscribe or withdraw consent
After the retention period expires, data is securely and permanently deleted or anonymized so that it can no longer be associated with you.
7. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations
- Right to Restriction: Request that we limit processing of your data in certain circumstances
- Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (JSON or CSV)
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
- Right to Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise any of these rights, please submit a request via our support portal or email privacy@hostingxtra.com. We will respond within 30 days.
8. Cookies & Tracking Technologies
We use the following types of cookies and similar technologies:
- Essential Cookies: Required for the basic functionality of our website and Services (session management, authentication, CSRF protection). These cannot be disabled
- Functional Cookies: Remember your preferences such as language, currency, and display settings for a better experience
- Analytics Cookies: Help us understand how visitors interact with our website using aggregated and anonymized data (e.g., Google Analytics with IP anonymization enabled)
- Marketing Cookies: Used only with your consent to deliver relevant advertisements and measure campaign effectiveness
You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling non-essential cookies will not affect core functionality.
9. International Data Transfers
Your data may be processed and stored in data centers located in different countries. When transferring data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by relevant data protection authorities, and we only transfer data to countries that provide an adequate level of data protection or to organizations that have implemented equivalent safeguards.
10. Children's Privacy
Our Services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will promptly delete it and terminate the associated account.
11. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations. Material changes will be communicated via email to your registered address at least 30 days before taking effect. The "Last updated" date at the bottom of this page indicates the most recent revision.
12. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:
- Email: privacy@hostingxtra.com
- Support Ticket: Open a Ticket
- Website: localhost
Last updated: April 13, 2026