PRIVACY POLICY

HOSTLIST.IO (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our website and services. HOSTLIST.IO is operated from the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

Information You Provide

• Contact forms: Name, email address, and message content when you use our contact form.
• Newsletter subscription: Email address when you subscribe to our newsletter.
• Listing claims: Name, email, company information, and verification details when a hosting company claims their listing.
• Reviews: Name, email, and review content when you submit a review of a hosting provider.
• Deal submissions: Coupon codes, descriptions, and related hosting company information.
• Listing requests: Company name, website URL, email, and message when requesting a new listing.

Information Collected Automatically

• Usage data: Pages visited, search queries, features used, and interactions with the Service.
• Device information: Browser type, operating system, screen resolution, and language preference.
• IP address: Used for rate limiting, fraud prevention, and approximate geographic location.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service
• Process listing claims and verify company ownership
• Send newsletters and service-related communications (with your consent)
• Respond to your enquiries and support requests
• Detect and prevent fraud, abuse, and spam
• Generate anonymous, aggregated analytics to improve the Service

3. Cookies and Tracking

HOSTLIST.IO uses minimal cookies and tracking technologies:

• Essential cookies: Required for core functionality such as authentication and session management.
• Preference cookies: Store your theme preference and other display settings.
• Analytics: We use privacy-respecting analytics to understand how the Service is used. We do not use Google Analytics or other invasive tracking platforms.

We do not sell, trade, or otherwise transfer your personal data to third parties for advertising purposes. We do not use retargeting, behavioural advertising, or cross-site tracking.

4. Third-Party Services

We use the following third-party services to operate the platform:

• Supabase: Database hosting and authentication. Data is stored in Supabase's cloud infrastructure.
• Vercel / Netlify: Website hosting and serverless functions.
• Resend: Transactional email delivery (verification emails, notifications).
• Typesense: Search indexing and query processing.

Each of these services has their own privacy policy and data handling practices. We select providers that maintain high standards of data protection.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

• Contact form submissions: Retained for up to 2 years, then deleted.
• Newsletter subscriptions: Retained until you unsubscribe.
• Claimed listing data: Retained for as long as the listing is active.
• Reviews: Retained indefinitely as part of the public directory, unless you request removal.
• Analytics data: Aggregated and anonymised data is retained indefinitely. Raw logs are purged after 90 days.

6. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct inaccurate or incomplete data.
• Right to erasure: You may request that we delete your personal data, subject to our legal obligations.
• Right to restrict processing: You may request that we limit how we use your data.
• Right to data portability: You may request your data in a structured, machine-readable format.
• Right to object: You may object to the processing of your data for certain purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at hello@hostlist.io. We will respond to all valid requests within 30 days.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption in transit (HTTPS), secure database access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the “Last updated” date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

10. Contact

For privacy-related enquiries, data access requests, or to exercise your rights under UK GDPR, please contact:

Email: hello@hostlist.io
Web: hostlist.io/contact