Privacy Policy

1. General Provisions#

This Privacy Policy governs the processing of personal data that Senko Digital LLC (hereinafter referred to as the Company) collects from users when they use the website and hosting services. As a company registered in Georgia, operating servers located in Germany, Finland, and the Netherlands, we are committed to protecting your privacy and personal data in accordance with applicable laws.

  • The Company is primarily subject to the Law of Georgia on Personal Data Protection. Additionally, where we process personal data of individuals located in the European Economic Area (EEA), we comply with the EU General Data Protection Regulation (GDPR). For individuals in the United Kingdom, we comply with the UK GDPR and the Data Protection Act 2018.
  • This Privacy Policy applies to all personal data processed by the Company, regardless of the means of collection (website, client area, email, support tickets, or other communication channels).
  • By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data processing practices, please do not use our services.
  • For personal data contained in the content that the Client stores on or transmits through our servers (such as the data of the Client's own customers or end users), the Client acts as the data controller and the Company acts as a data processor, processing such content only as necessary to provide the hosting services and in accordance with the Client's instructions and any applicable Data Processing Agreement (see Section 15).

2. Data We Collect#

Data You Provide Directly

  • Full name (for identification, account creation, and service provision)
  • Email address (for account management, notifications, support, and essential communications)
  • Country of residence (for service provision, tax compliance, and jurisdictional requirements)
  • Phone number, if provided (for account verification and support)
  • Billing address (for billing, invoicing, and tax purposes)
  • Payment information and payment method (for processing payments, refunds, and recurring billing)
  • Payment card data: Senko Digital LLC does not store full credit card numbers or sensitive authentication data (CVV/CVC). We store only the minimum data necessary to identify the transaction: card provider (e.g., Visa), last 4 digits, holder name, bank name, and bank country. All recurring billing is processed by our PCI-DSS compliant payment processors, who retain the necessary payment tokens on our behalf. This minimal data is stored for fraud prevention and recurring billing purposes.
  • Support ticket contents and communications, including the full chat history of support conversations conducted through our Telegram and Discord channels (for providing customer support and maintaining service records)
  • Account credentials and security data, including the password (stored only in hashed form), two-factor authentication (2FA) settings, and any SSH keys or API tokens added by the Client (for account access, authentication, and security)
  • Content the Client stores on or transmits through our servers, including files, databases, websites, emails, and application data, which may contain personal data of the Client's own end users (processed on the Client's behalf to provide the hosting services — see Section 1)

Data Collected Automatically

  • IP address (for security, fraud prevention, abuse detection, and service delivery)
  • Browser type and version, operating system, and device information (for website optimization and security)
  • Pages visited, time spent on pages, referral sources, and clickstream data (for analytics and service improvement)
  • Cookies and similar technologies (for website functionality and user experience — see Section 8)
  • Server access logs and error logs (for security monitoring, troubleshooting, and abuse prevention)

Data Received from Third Parties

  • Payment confirmation and transaction data from payment processors (for order fulfillment and fraud prevention)
  • Fraud screening results from payment processors (for fraud prevention and risk assessment)
  • Profile data from social login providers (Google, GitHub) when the Client chooses to register or sign in using them — such as name, email address, and provider account identifier (for account creation and authentication)

3. Purpose of Data Processing#

  • To provide, manage, and maintain our hosting services and user accounts (legal basis: contract performance)
  • To process payments, refunds, and manage billing (legal basis: contract performance)
  • To communicate with users and provide customer support (legal basis: contract performance, legitimate interests)
  • To ensure network security and prevent fraud, abuse, and unauthorized access (legal basis: legitimate interests)
  • To monitor and enforce compliance with our Terms of Service and Acceptable Use Policy (legal basis: legitimate interests, contract performance)
  • To improve our services based on user feedback and analytics (legal basis: legitimate interests, consent where required)
  • To send essential service notifications such as maintenance alerts, security updates, and billing reminders (legal basis: contract performance)
  • To comply with applicable legal obligations, respond to legal processes, and cooperate with regulatory authorities (legal basis: legal obligation)

4. Legal Basis for Processing#

We process your personal data only when we have a valid legal basis to do so. The specific legal basis depends on the type of data and the purpose of processing:

  • Contract performance — processing necessary for providing our hosting services, managing your account, processing payments, and delivering customer support (applies to: account data, billing data, support communications).
  • Consent — where we seek your explicit permission, such as for marketing communications, non-essential cookies, or optional analytics. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
  • Legitimate interests — where processing is necessary for our business purposes, such as fraud prevention, network security, service improvement, and abuse detection, provided these interests do not override your fundamental rights and freedoms.
  • Legal obligation — where we need to process data to comply with applicable laws, including Georgian tax law, anti-money laundering regulations, and law enforcement requests.

5. Your Data Protection Rights#

Depending on your location and applicable laws, you may have the following data protection rights:

Under Georgian Data Protection Law

  • Right to be informed about how your personal data is processed
  • Right to access your personal data and receive a copy
  • Right to request the correction, update, or completion of inaccurate or incomplete data
  • Right to request the blocking of your personal data
  • Right to request the deletion or destruction of your data, including where it has been processed unlawfully or is no longer necessary
  • Right to data portability — to receive your personal data in a structured, commonly used format
  • Right to withdraw your consent at any time where processing is based on consent
  • Right not to be subject to a decision based solely on automated processing, including profiling
  • Right to lodge a complaint with the Georgian Personal Data Protection Service (PDPS) or to seek a judicial remedy

Under EU GDPR (for EEA residents)

  • Right to be informed about how your personal data is used
  • Right to access your personal data and receive a copy
  • Right to have inaccurate data rectified
  • Right to erasure ('right to be forgotten') in certain circumstances
  • Right to restrict processing of your data
  • Right to data portability
  • Right to object to processing based on legitimate interests or direct marketing
  • Right not to be subject to automated decision-making, including profiling
  • Right to lodge a complaint with your local data protection authority

Under UK GDPR (for UK residents)

  • You have the same rights as those listed under EU GDPR above. Complaints may be directed to the UK Information Commissioner's Office (ICO).

To exercise any of these rights, please contact us at support@senko.digital. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

6. Data Retention#

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to meet our legal obligations. The following retention periods apply:

  • Account information (name, email, country): Retained for the duration of the account and up to 7 years after account closure for tax, legal, and regulatory purposes as required by Georgian law.
  • Payment and billing data: Retained for up to 7 years after the last transaction for tax and accounting obligations.
  • Server and access logs: Retained for up to 12 months for security and abuse prevention purposes.
  • Support ticket records: Retained for up to 3 years after resolution for quality assurance and dispute resolution.
  • Analytics data: Aggregated and anonymized analytics data may be retained indefinitely. Identifiable analytics data is retained for up to 26 months.
  • The Company may retain certain data for longer periods as required by law or for legitimate business purposes, including dispute resolution and enforcement of agreements.

7. Data Sharing with Third Parties#

Your data will not be shared with third parties without your consent, except when necessary for service provision, legal compliance, or protection of our legitimate interests. When we share data with processors, we ensure appropriate safeguards are in place.

  • The Company engages the following categories of third-party service providers who may process your data on our behalf:
  • Payment processors: Keepz, Payssion, PayPal, Cryptomus, and NOWpayments — for processing payments, refunds, and fraud prevention.
  • Infrastructure and security: CloudFlare — for CDN services, DDoS protection, and website security.
  • Communications: Mailgun — for transactional email delivery (order confirmations, support responses, account notifications).
  • Analytics: Google Analytics and Umami — for website usage analysis and service improvement.
  • All third-party processors are bound by data processing agreements that require them to implement appropriate security measures, process data only as instructed, and comply with applicable data protection laws.
  • We may also disclose your data when required by law, court order, or governmental authority, or when necessary to protect our rights, property, or safety, or that of our users or the public.

8. Use of Cookies#

We use cookies and similar technologies on our website. Cookies are small text files stored on your device that help us provide and improve our services.

Strictly Necessary Cookies

These cookies are essential for the website to function properly. They include session cookies, authentication cookies, and security cookies. These cannot be disabled.

Analytical Cookies

We use Google Analytics and Umami to understand how visitors interact with our website. These tools collect information such as pages visited, time spent on pages, and referral sources. Umami is a privacy-focused analytics platform that does not use cookies or collect personal data.

Functional Cookies

These cookies enable enhanced functionality such as language preferences and region selection. They may be set by us or by third-party providers whose services we have added to our pages.

Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your browser settings or through our cookie consent mechanism on the website.

9. Data Protection Measures#

The Company implements appropriate technical and organizational measures to protect Client data against unauthorized access, alteration, disclosure, or destruction.

  • Technical measures include: encryption of data in transit (TLS/SSL), encrypted storage where applicable, firewall protection, intrusion detection systems, regular security updates and patching, and access logging.
  • Organizational measures include: role-based access controls limiting data access to authorized personnel only, employee confidentiality obligations, regular security assessments, and incident response procedures.
  • No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

10. International Data Transfers#

As the Company is registered in Georgia and operates servers in Germany, Finland, and the Netherlands, your personal data may be transferred to and processed in countries outside your country of residence.

  • For transfers from the EEA to Georgia (which does not currently have an EU adequacy decision), we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
  • For transfers to our server locations within the EEA (Germany, Finland, Netherlands), no additional transfer mechanism is required as these countries are within the EEA.
  • By using our services, you acknowledge that your data may be processed in Georgia and in the EEA countries where our servers are located.

11. Changes to the Privacy Policy#

The Company reserves the right to make changes to this Privacy Policy. We will provide at least 14 days' notice of material changes via email or website notification before they take effect. Continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

12. Contact Information#

If you have any questions regarding the processing of your data or wish to exercise your data protection rights, please contact us:

  • Email: support@senko.digital
  • Registered address: Senko Digital LLC, Zhiuli Shartava Avenue N7, Floor N7, Apartment N22, Batumi 6004, Georgia
  • Georgian Personal Data Protection Service (PDPS): For complaints regarding data processing under Georgian law, you may contact the PDPS at www.pdps.ge.
  • EU/EEA Data Protection Authorities: If you are located in the EU/EEA and believe your data has been processed unlawfully, you have the right to lodge a complaint with your local data protection authority.

13. Children's Data#

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information promptly.

If you believe that we have inadvertently collected data from a minor, please contact us immediately at support@senko.digital.

14. Automated Decision-Making#

The Company does not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. If this changes in the future, we will update this Privacy Policy and provide appropriate information and safeguards.

15. Data Processing Agreement Availability#

For Clients who require a Data Processing Agreement (DPA) under GDPR or other applicable data protection laws, the Company makes a standard DPA available upon request.

To request a DPA, please contact us at support@senko.digital. The DPA outlines the parties' obligations regarding the processing of personal data, including the scope, nature, and purpose of processing, data security requirements, and sub-processor management.

16. Data Breach Notification#

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, the Company will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, unless the data was encrypted or other measures render the data unintelligible to unauthorized persons.

17. Marketing Communications#

  • When you create an account, you are automatically subscribed to our newsletter, which contains company news such as new product lineups, important service announcements, service updates, and similar information.
  • You may unsubscribe at any time by clicking the unsubscribe link in the footer of any such email. Unsubscribing from the newsletter does not affect essential service communications (such as billing, security, and maintenance notifications), which are necessary to provide the Services.

18. Final Provisions#

  • This Privacy Policy should be read together with our Terms of Service and Acceptable Use Policy, which together govern your use of the Services.
  • If any provision of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions will continue in full force and effect.
  • This Privacy Policy is governed by the laws of Georgia, without prejudice to any mandatory data protection rights you may have under the GDPR, UK GDPR, or other applicable laws of your country of residence.
  • This Privacy Policy is provided in multiple languages for convenience. In the event of any discrepancy between versions, the English version prevails.

Revision dated May 28th, 2026