Privacy Policy

12345678910111213141516

1. General Provisions

This Privacy Policy governs the processing of personal data that Senko Digital LLC (hereinafter referred to as the Company) collects from users when they use the website and hosting services. As a company registered in Georgia, operating servers located in Germany, Finland, and the Netherlands, we are committed to protecting your privacy and personal data in accordance with applicable laws.

  • The Company is primarily subject to the Law of Georgia on Personal Data Protection. Additionally, where we process personal data of individuals located in the European Economic Area (EEA), we comply with the EU General Data Protection Regulation (GDPR). For individuals in the United Kingdom, we comply with the UK GDPR and the Data Protection Act 2018.
  • This Privacy Policy applies to all personal data processed by the Company, regardless of the means of collection (website, client area, email, support tickets, or other communication channels).
  • By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data processing practices, please do not use our services.

2. Data We Collect

Data You Provide Directly

  • Full name (for identification, account creation, and service provision)
  • Email address (for account management, notifications, support, and essential communications)
  • Country of residence (for service provision, tax compliance, and jurisdictional requirements)
  • Phone number, if provided (for account verification and support)
  • Billing address (for billing, invoicing, and tax purposes)
  • Payment information and payment method (for processing payments, refunds, and recurring billing)
  • Payment card data: Senko Digital LLC does not store full credit card numbers or sensitive authentication data (CVV/CVC). We store only the minimum data necessary to identify the transaction: card provider (e.g., Visa), last 4 digits, holder name, bank name, and bank country. All recurring billing is processed by our PCI-DSS compliant payment processors, who retain the necessary payment tokens on our behalf. This minimal data is stored for fraud prevention and recurring billing purposes.
  • Support ticket contents and communications (for providing customer support and maintaining service records)

Data Collected Automatically

  • IP address (for security, fraud prevention, abuse detection, and service delivery)
  • Browser type and version, operating system, and device information (for website optimization and security)
  • Pages visited, time spent on pages, referral sources, and clickstream data (for analytics and service improvement)
  • Cookies and similar technologies (for website functionality and user experience — see Section 8)
  • Server access logs and error logs (for security monitoring, troubleshooting, and abuse prevention)

Data Received from Third Parties

  • Payment confirmation and transaction data from payment processors (for order fulfillment and fraud prevention)
  • Fraud screening results from payment processors (for fraud prevention and risk assessment)

3. Purpose of Data Processing

  • To provide, manage, and maintain our hosting services and user accounts (legal basis: contract performance)
  • To process payments, refunds, and manage billing (legal basis: contract performance)
  • To communicate with users and provide customer support (legal basis: contract performance, legitimate interests)
  • To ensure network security and prevent fraud, abuse, and unauthorized access (legal basis: legitimate interests)
  • To monitor and enforce compliance with our Terms of Service and Acceptable Use Policy (legal basis: legitimate interests, contract performance)
  • To improve our services based on user feedback and analytics (legal basis: legitimate interests, consent where required)
  • To send essential service notifications such as maintenance alerts, security updates, and billing reminders (legal basis: contract performance)
  • To comply with applicable legal obligations, respond to legal processes, and cooperate with regulatory authorities (legal basis: legal obligation)

4. Legal Basis for Processing

We process your personal data only when we have a valid legal basis to do so. The specific legal basis depends on the type of data and the purpose of processing:

  • Contract performance — processing necessary for providing our hosting services, managing your account, processing payments, and delivering customer support (applies to: account data, billing data, support communications).
  • Consent — where we seek your explicit permission, such as for marketing communications, non-essential cookies, or optional analytics. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
  • Legitimate interests — where processing is necessary for our business purposes, such as fraud prevention, network security, service improvement, and abuse detection, provided these interests do not override your fundamental rights and freedoms.
  • Legal obligation — where we need to process data to comply with applicable laws, including Georgian tax law, anti-money laundering regulations, and law enforcement requests.

5. Your Data Protection Rights

Depending on your location and applicable laws, you may have the following data protection rights:

Under Georgian Data Protection Law

  • Right to know what personal data is being processed about you
  • Right to request correction of inaccurate data
  • Right to request deletion of data when processing is no longer necessary
  • Right to object to data processing
  • Right to lodge a complaint with the Georgian Personal Data Protection Service (PDPS)

Under EU GDPR (for EEA residents)

  • Right to be informed about how your personal data is used
  • Right to access your personal data and receive a copy
  • Right to have inaccurate data rectified
  • Right to erasure ('right to be forgotten') in certain circumstances
  • Right to restrict processing of your data
  • Right to data portability
  • Right to object to processing based on legitimate interests or direct marketing
  • Right not to be subject to automated decision-making, including profiling
  • Right to lodge a complaint with your local data protection authority

Under UK GDPR (for UK residents)

  • You have the same rights as those listed under EU GDPR above. Complaints may be directed to the UK Information Commissioner's Office (ICO).

To exercise any of these rights, please contact us at support@senko.digital. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to meet our legal obligations. The following retention periods apply:

  • Account information (name, email, country): Retained for the duration of the account and up to 7 years after account closure for tax, legal, and regulatory purposes as required by Georgian law.
  • Payment and billing data: Retained for up to 7 years after the last transaction for tax and accounting obligations.
  • Server and access logs: Retained for up to 12 months for security and abuse prevention purposes.
  • Support ticket records: Retained for up to 3 years after resolution for quality assurance and dispute resolution.
  • Analytics data: Aggregated and anonymized analytics data may be retained indefinitely. Identifiable analytics data is retained for up to 26 months.
  • The Company may retain certain data for longer periods as required by law or for legitimate business purposes, including dispute resolution and enforcement of agreements.

7. Data Sharing with Third Parties

Your data will not be shared with third parties without your consent, except when necessary for service provision, legal compliance, or protection of our legitimate interests. When we share data with processors, we ensure appropriate safeguards are in place.

  • The Company engages the following categories of third-party service providers who may process your data on our behalf:
  • Payment processors: Keepz, Payssion, PayPal, Cryptomus, and NOWpayments — for processing payments, refunds, and fraud prevention.
  • Infrastructure and security: CloudFlare — for CDN services, DDoS protection, and website security.
  • Communications: Mailgun — for transactional email delivery (order confirmations, support responses, account notifications).
  • Analytics: Google Analytics and Umami — for website usage analysis and service improvement.
  • All third-party processors are bound by data processing agreements that require them to implement appropriate security measures, process data only as instructed, and comply with applicable data protection laws.
  • We may also disclose your data when required by law, court order, or governmental authority, or when necessary to protect our rights, property, or safety, or that of our users or the public.

8. Use of Cookies

We use cookies and similar technologies on our website. Cookies are small text files stored on your device that help us provide and improve our services.

Strictly Necessary Cookies

These cookies are essential for the website to function properly. They include session cookies, authentication cookies, and security cookies. These cannot be disabled.

Analytical Cookies

We use Google Analytics and Umami to understand how visitors interact with our website. These tools collect information such as pages visited, time spent on pages, and referral sources. Umami is a privacy-focused analytics platform that does not use cookies or collect personal data.

Functional Cookies

These cookies enable enhanced functionality such as language preferences and region selection. They may be set by us or by third-party providers whose services we have added to our pages.

Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your browser settings or through our cookie consent mechanism on the website.

9. Data Protection Measures

The Company implements appropriate technical and organizational measures to protect Client data against unauthorized access, alteration, disclosure, or destruction.

  • Technical measures include: encryption of data in transit (TLS/SSL), encrypted storage where applicable, firewall protection, intrusion detection systems, regular security updates and patching, and access logging.
  • Organizational measures include: role-based access controls limiting data access to authorized personnel only, employee confidentiality obligations, regular security assessments, and incident response procedures.
  • No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

10. International Data Transfers

As the Company is registered in Georgia and operates servers in Germany, Finland, and the Netherlands, your personal data may be transferred to and processed in countries outside your country of residence.

  • For transfers from the EEA to Georgia (which does not currently have an EU adequacy decision), we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
  • For transfers to our server locations within the EEA (Germany, Finland, Netherlands), no additional transfer mechanism is required as these countries are within the EEA.
  • By using our services, you acknowledge that your data may be processed in Georgia and in the EEA countries where our servers are located.

11. Changes to the Privacy Policy

The Company reserves the right to make changes to this Privacy Policy. We will provide at least 14 days' notice of material changes via email or website notification before they take effect. Continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have any questions regarding the processing of your data or wish to exercise your data protection rights, please contact us:

  • Email: support@senko.digital
  • Registered address: Senko Digital LLC, Georgia (full address available upon request)
  • Georgian Personal Data Protection Service (PDPS): For complaints regarding data processing under Georgian law, you may contact the PDPS at www.pdps.ge.
  • EU/EEA Data Protection Authorities: If you are located in the EU/EEA and believe your data has been processed unlawfully, you have the right to lodge a complaint with your local data protection authority.

13. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information promptly.

If you believe that we have inadvertently collected data from a minor, please contact us immediately at support@senko.digital.

14. Automated Decision-Making

The Company does not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. If this changes in the future, we will update this Privacy Policy and provide appropriate information and safeguards.

15. Data Processing Agreement Availability

For Clients who require a Data Processing Agreement (DPA) under GDPR or other applicable data protection laws, the Company makes a standard DPA available upon request.

To request a DPA, please contact us at support@senko.digital. The DPA outlines the parties' obligations regarding the processing of personal data, including the scope, nature, and purpose of processing, data security requirements, and sub-processor management.

16. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, the Company will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, unless the data was encrypted or other measures render the data unintelligible to unauthorized persons.

Revision dated February 2nd, 2026