1. Data Controller
The data controller is Gewiation Network. Contact us via support.gewiation.com or Discord.
2. Data We Collect
- Account: Username and bcrypt-hashed password. We never store plaintext passwords.
- Order: Name, email address, and any optional notes provided during checkout.
- Technical data: IP address at login time (for rate limiting and security), error logs.
- Cookies: A session cookie for authentication (HttpOnly, Secure, SameSite=Lax). No third-party analytics cookies.
3. Purpose of Processing
- Providing the hosting service and managing your account.
- Communication regarding orders and technical support.
- Security — attack detection, rate limiting, abuse prevention.
4. Data Sharing
We do not share personal data with third parties for marketing purposes. Data may be accessible to:
- Infrastructure providers (server hosting, database hosting) — solely for operating the service.
- Relevant authorities — when required by law.
5. Retention
- Account and orders: for the duration of the contract and 1 year after termination.
- IP addresses for rate limiting: max. 24 hours in memory (not persisted to disk).
- Server data after termination: 14 days, then permanently deleted.
6. Your Rights (GDPR)
- Access: You have the right to know what data we hold about you.
- Rectification: You have the right to correct inaccurate data.
- Erasure: You have the right to request deletion of your account and personal data.
- Portability: You have the right to receive your data in a machine-readable format.
To exercise any of these rights, contact us at support.gewiation.com.
7. Security
Passwords are stored as bcrypt hashes (hash + salt). All connections are encrypted with TLS 1.2/1.3. Database access is restricted to authorised staff members only.
8. Contact
Privacy questions: support.gewiation.com or Discord.