Privacy Policy
Last updated: June 15, 2026
This Privacy Policy explains how RP NET MEDIA ("Company", "we"), a company registered in Romania, collects, uses, and protects your personal data when you use host4.ai ("Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).
1. What We Collect
| Data | When | Why |
|---|---|---|
| Email address | Registration | Account creation, billing, communication |
| Full name | Registration / billing | Account identification, invoicing |
| Phone number | Optional, at billing | Account recovery, support |
| Billing address | At payment | Tax compliance, invoicing |
| IP address | Every visit | Security, abuse prevention, analytics |
| Browser & device info | Every visit | Compatibility, analytics |
| Pages visited | Every visit | Service improvement, analytics |
2. How We Use Your Data
- Provide the Service — Creating and managing your hosting environment, authenticating your sessions, and delivering support.
- Billing — Processing payments, generating invoices, and managing subscriptions.
- Analytics — Understanding how the Service is used so we can improve it. We use privacy-friendly, self-hosted analytics (see below).
- Security — Detecting and preventing fraud, abuse, and unauthorized access.
- Communication — Sending transactional emails (billing receipts, account alerts) and occasional product updates. You can opt out of non-essential emails at any time.
3. Payment Processing
All payment processing is handled by Stripe (stripe.com). When you enter your card details, they go directly to Stripe's PCI-compliant servers. We never see, store, or have access to your full card number. We receive only a confirmation of payment, a customer ID, and the last four digits of your card for reference.
4. Analytics
We use a self-hosted, privacy-friendly analytics tool hosted at analytics.wsgratis.ro. It tracks page views and basic visit data to help us understand traffic patterns and improve the Service. It does not use fingerprinting or cross-site tracking.
5. Cookies
We use a minimal number of cookies:
- PHPSESSID — Session cookie for login authentication. Expires when the browser is closed. Essential.
- h4a_ref — Tracks affiliate referrals. Expires after 30 days. Functional.
- h4a_consent — Records your cookie consent choice. Expires after 365 days. Essential.
- Analytics cookie — A first-party cookie for page view tracking. No personal data is stored in it.
We do not use third-party tracking cookies. We do not use Google Analytics or Facebook Pixel.
6. Third-Party Services
- Stripe (stripe.com) — Payment processing. Stripe's privacy policy governs payment data. Based in the US with EU data processing.
- Cloudflare (cloudflare.com) — DNS and DDoS protection. May process IP addresses and request headers.
- Hetzner (hetzner.com) — Server infrastructure. All data is hosted on servers in Germany (EU). Hetzner is GDPR compliant.
7. Data Retention
- Active accounts: Your data is retained for the duration of your account.
- After account deletion: Personal data is deleted within 30 days of account closure.
- Server and access logs: Retained for 90 days for security and debugging, then deleted.
- Analytics data: Retained for 90 days, then aggregated and anonymized.
8. Your Rights (GDPR)
As a data subject under the GDPR, you have the right to:
- Access — Request a copy of all personal data we hold about you.
- Rectification — Request correction of inaccurate or incomplete data.
- Erasure — Request deletion of your personal data ("right to be forgotten").
- Data portability — Receive your data in a structured, machine-readable format.
- Object — Object to processing of your data based on legitimate interest.
To exercise any of these rights, email hello@host4.ai. We will respond within 30 days as required by law.
9. Security
We take the security of your data seriously. Our measures include:
- All data in transit is encrypted via HTTPS/TLS.
- Passwords are hashed using bcrypt — never stored in plain text.
- Each user's hosting environment runs in an isolated container with no cross-access.
- Server-level firewalls, fail2ban, and container security hardening are in place.
10. Children
host4.ai is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we learn that a user is under 18, we will promptly delete their account and associated data.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification at least 30 days before taking effect. The "Last updated" date at the top indicates the most recent revision.
12. Contact
For privacy inquiries, data requests, or questions about this policy:
RP NET MEDIA
Email: hello@host4.ai
Romania