Privacy Policy

Effective Date: April 27, 2026

Bennett Helton, DBA Kraken Hosting ("we," "us," or "our"), values your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services at https://krakenhosting.net.

1. Information We Collect

We collect only the information necessary to provide, maintain, and secure our services. This includes:

  • Account Information: Name, email address, billing address, and IP address.

  • Usage & Behavioral Data: User activity, clicks, referral links, and general behavior within our control panel and website.

  • Subuser Data: Email addresses of subusers added by account owners.

  • Technical Data: Cookies, device identifiers, and system statistics.

  • Communications Data: Support tickets, Discord interactions tied to your account, and email correspondence.

2. How We Use Your Information

Your information is used to:

  • Provide hosting and related services

  • Process payments and manage accounts

  • Improve performance and user experience

  • Maintain security, detect abuse, and prevent fraud

  • Comply with legal obligations and enforce our Terms of Service

We do not use your data for advertising, profiling, or automated decision-making that produces legal or similarly significant effects.

3. Data Sharing & Sub-Processors

We share limited information with third-party service providers ("sub-processors") only when necessary to operate our business. We do not sell, rent, or trade your data with advertisers or unrelated third parties.

Sub-Processor

Purpose

Data Shared

Stripe

Payment processing

Name, billing address, email, payment method details

Cloudflare

Network security, DDoS mitigation, and traffic routing

Inbound web traffic (IP, request metadata, headers)

MXRoute

Outbound transactional email (receipts, password resets, ticket notifications)

Recipient email address, subject line, message content, and email metadata

Each sub-processor operates under its own privacy practices and applicable data protection laws.

We also use HetrixTools to monitor the uptime and resource usage of our own infrastructure. HetrixTools does not process user accounts or user data; it only observes anonymized server-side metrics on our side.

A note on email: Because MXRoute serves as our outbound email relay, message content technically passes through their systems during delivery. They do not read, mine, or use email content for any purpose beyond transmitting it. We do not send marketing or promotional emails through MXRoute.

4. Data Retention

We retain data only for as long as necessary to provide our services and comply with applicable laws:

  • Account Data: Retained until you request deletion (processed within 7 days for users covered by GDPR, CCPA/CPRA, or similar laws).

  • IP Logs: Retained in anonymized form for the sole purpose of detecting and mitigating web traffic abuse (e.g., scraping, brute-force login attempts). Anonymized logs are not linked to individual accounts and are typically purged within approximately 6 months as part of routine maintenance.

  • Email Logs: Retained for up to 3 years for legal compliance and chargeback defense.

  • Backups: Retained for up to 6 months following service termination, but are not guaranteed.

5. Cookies and Tracking

We use cookies strictly for the operation and security of our services.

Essential Cookies (Required)

These cookies are necessary for the basic operation of our website and services and cannot be disabled while using our platform. They include:

  • Authentication and session management

  • Security and CSRF protection

  • Load balancing

We do not use third-party advertising, tracking, or marketing cookies.

By using our website, you consent to the use of these essential cookies.

6. Security Measures

We take your security seriously and apply industry-standard safeguards, including:

  • Passwords hashed with bcrypt (12 rounds)

  • Access control via the Pterodactyl panel's built-in permission system

  • Two-factor authentication (2FA) for privileged accounts

  • Staff action logs to ensure accountability

  • Regular updates and maintenance of systems and software

  • Cloudflare-backed network security and DDoS mitigation

While no system is completely secure, we employ reasonable measures to protect user data from unauthorized access, loss, or misuse.

7. Data Breach Notification

In the event of a confirmed data breach affecting your personal data, we will notify affected users without undue delay, and in any case within 7 days of becoming aware of the breach. For users covered by the GDPR, the relevant supervisory authority will be notified within 72 hours where required by law.

Notifications will include, where known: the nature of the breach, the categories and approximate number of users affected, the likely consequences, and the measures we have taken or plan to take in response.

8. User Rights

You have the right to access, manage, and delete your personal data. Specifically, you may:

  • Request a copy of your stored personal data in a commonly used, machine-readable format where feasible.

  • Request deletion of your account and personal data.

  • Request correction of inaccurate or incomplete information.

  • Object to or restrict certain processing activities.

  • Withdraw consent for any processing based on consent at any time.

Requests can be submitted through your logged-in account. Verified requests are processed within a reasonable timeframe, and within 7 days for users covered by GDPR, CCPA/CPRA, or any other applicable law that mandates a processing deadline.

Additional Rights for EU/UK Users (GDPR)

Users in the European Union and United Kingdom additionally have the right to:

  • Data portability — receive your data in a structured, commonly used, machine-readable format

  • Lodge a complaint with a supervisory authority in your country of residence

  • Object to processing based on legitimate interests

Additional Rights for California Users (CCPA/CPRA)

We do not sell or share personal data as defined under the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA). California residents have the right to:

  • Know what personal information we collect, use, and disclose

  • Request deletion of personal information

  • Opt out of the sale or sharing of personal information (not applicable, as we do not engage in either)

  • Non-discrimination for exercising any of these rights

We honor Global Privacy Control (GPC) signals where technically feasible.

9. Legal Basis for Processing

We process your data only when necessary to:

  • Fulfill a contract (e.g., provide hosting services)

  • Comply with legal obligations

  • Protect legitimate business interests (e.g., fraud prevention, security)

  • Obtain consent where required

10. Children's Privacy

Our services are not directed at children under the age of 13 (or the equivalent minimum age in the user's jurisdiction). We do not knowingly collect personal information from children below this age.

Accounts may not be created by minors without verifiable parental or guardian consent. Parents or guardians who wish to create an account on behalf of their child must contact us by submitting a support ticket prior to account creation. We do not actively verify the ages of users at the time of account creation; responsibility for compliance with applicable age restrictions rests with the account holder.

If we become aware that a child below the applicable minimum age has provided personal information without verified parental consent, we will delete the information promptly.

11. International Data Transfers

Our infrastructure is operated primarily in the United States. By using our services, you understand that your data may be processed in the United States and other jurisdictions where our sub-processors operate. Where required by law, appropriate safeguards (such as Standard Contractual Clauses) are in place with our sub-processors.

We do not process significant volumes of data originating from the European Union and have not designated an EU representative under Article 27 of the GDPR. EU users retain all applicable rights under GDPR regardless.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via our website or user dashboard. Continued use of our services after any revision indicates acceptance of the updated policy.

13. Contact

For privacy or security-related inquiries, please contact us at:

Kraken Hosting (Bennett Helton, DBA)
Email: [email protected]
Website: https://krakenhosting.net

By using Kraken Hosting's services, you acknowledge that you have read and understood this Privacy Policy.