The short version: we collect only what we need to operate your account, run your servers, and bill you correctly. We don't sell your data. We don't use third-party trackers on this website. We retain logs only as long as legally required, then we delete them.
1. Who we are
OliveVPS ("we", "us", "our") is a hosting provider operated by Olive Hosting Inc., a Delaware-registered corporation. For privacy questions, contact privacy@olivevps.com.
2. What we collect
We collect three categories of data:
- Account data: name, email, billing address, phone (optional), and password hash. Required to create and operate your account.
- Payment data: processed by Stripe and Coinbase Commerce. We store only the last four digits of cards and a token, never full card numbers.
- Service data: server IPs, bandwidth usage, login timestamps, and abuse complaints. Required to operate, secure, and bill your services.
3. How we use your data
We use your data to:
- Provision, operate, and bill your services
- Send service notifications (maintenance, abuse, billing)
- Comply with legal obligations (tax, law enforcement requests)
- Investigate and respond to abuse reports
- Improve our products (in aggregated, de-identified form only)
We do not use your data for advertising, behavioral profiling, or any third-party marketing.
4. Who we share it with
We share data only with:
- Payment processors (Stripe, Coinbase Commerce) — to process payments
- Email infrastructure (Postmark) — to send transactional email
- Compliance providers (Persona) — only when KYC is legally required
- Law enforcement — only with valid legal process and never beyond the scope required
We never sell, rent, or trade personal data.
5. Data retention
Account data is retained while your account is active. Server access logs are retained for 90 days, then deleted. Billing records are retained for 7 years for tax compliance, then deleted. Abuse complaints are retained for 2 years.
You may request deletion of your account and personal data at any time. Some records (billing, court-ordered) may be retained where legally required.
6. Your rights
Under GDPR (EU), CCPA (California), and similar laws, you have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Request deletion ("right to be forgotten")
- Export your data in a machine-readable format
- Object to processing or restrict it
- Withdraw consent at any time
To exercise these rights, email privacy@olivevps.com. We respond within 30 days.
7. Cookies
This website uses only essential cookies required for the control panel session. We do not use Google Analytics, Facebook Pixel, or any third-party trackers on our marketing pages. The control panel uses a session cookie that expires when you close your browser.
8. Security
All passwords are hashed with bcrypt. All connections use TLS 1.2+. Internal access to customer data is restricted to authorized engineers and audited monthly. We have never had a known breach of customer data.
9. International transfers
Your data may be processed in any country where we operate data centers. We use Standard Contractual Clauses for transfers out of the EU/UK. By using OliveVPS, you consent to these transfers.
10. Children
Our services are not directed at children under 16. We do not knowingly collect data from minors. If you believe we have collected data from a child, contact privacy@olivevps.com for prompt deletion.
11. Changes to this policy
We may update this policy as our practices evolve. Material changes will be announced by email at least 30 days in advance. The current version is always available at this URL.
12. Contact
Questions, concerns, or rights requests: privacy@olivevps.com.
EU representative: appointed and listed in our public DPA.
Supervisory authority: you have the right to lodge a complaint with your local data protection authority.
This policy is provided in good faith but does not constitute legal advice. Consult a qualified attorney for specific compliance questions.