Privacy Policy (UK GDPR)
Effective Date: 14 May 2025
Jarvis Technology Services Ltd t/a Jarvis Cloud X (“we”, “us”, “our”) operates a range of services:
- Shared Web Hosting & VPS
- Private VPN (no-logs)
- Prepaid Travel Data-Only eSIMs
- Domain Registration & SSL Certificates
- SMTP / Mail Relay Services
We respect your privacy and are committed to protecting your Personal Data. This Policy explains what we collect, how we use it, with whom we share it, your rights, and how we keep it secure.
2. What We Do Not Collect (VPN-specific no-logs)
For our Private VPN service only, we do not collect or store:
- Browsing history
- DNS queries
- Traffic destination or content
- Connection timestamps
- Session duration
- Source IP addresses
3. Personal Data We Do Collect
| Category | Examples | Purpose |
|---|---|---|
| Identity & Contact Data | Name, email address, billing address, phone number | Account setup, support, billing |
| Account & Subscription | Username, hashed password, service plan, status | Authentication, provisioning, renewals |
| Device & Network Data | IP (hosting logs only), IMEI/IMSI/ICCID (eSIM), MAC, user-agent | Connectivity, fraud prevention, troubleshooting |
| Usage & Log Data | Hosting usage, email delivery logs, VPN server load, data usage | Service improvement, capacity planning, abuse detection |
| Payment & Transaction | Processor tokens, transaction dates & amounts | Billing, accounting compliance |
| Support & Correspondence | Tickets, chats, complaints | Customer service, dispute resolution |
4. Legal Basis for Processing
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Service delivery & contract fulfilment | Article 6(1)(b) |
| Legal & regulatory compliance | Article 6(1)(c) |
| Legitimate interests | Article 6(1)(f) |
| Marketing & non-essential cookies | Article 6(1)(a) |
5. Data Retention
- Hosting & SMTP logs: up to 24 months, then anonymised.
- Billing & payments: retained 7 years for HMRC compliance.
- Support records: retained 5 years for ADR and audit.
- Credentials: deleted/anonymised within 30 days of account closure.
- Marketing consent: stored until withdrawn.
6. Cookies & Tracking
We use:
- Strictly-necessary cookies (login, sessions)
- Performance cookies (anonymous analytics)
- Preference cookies (language, theme)
You’ll be prompted to consent to cookies. You can manage preferences at any time using the “Cookie settings” link in our footer.
7. Data Sharing & International Transfers
- We share data with infrastructure providers, payment gateways, and email platforms.
- International transfers are secured via SCCs or UK adequacy decisions.
- We may disclose data if legally compelled (e.g., law enforcement).
8. Security Measures
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access & MFA for admin access
- Regular patching, scanning, ISO 27001 / SOC 2 reviews
- Backup, DR, and breach response procedures
9. Your Rights under UK GDPR
- Access your data and request a copy
- Rectify inaccuracies
- Request erasure (“right to be forgotten”)
- Restrict or object to certain uses
- Data portability (for automated processing)
- Withdraw consent (for marketing/cookies)
- Complain to the ICO at ico.org.uk
10. Marketing Communications
We only send marketing if you opt in. You can opt out via the unsubscribe link or by emailing [email protected].
11. Changes to This Policy
We may update this policy. Major changes will be posted on our website or emailed to you. Please check periodically.
12. Contact Information
Data Protection Officer
Jarvis Technology Services Ltd t/a Jarvis Cloud X
124 City Road, London, England, EC1V 2NX
Email: [email protected] | [email protected]
© 2025 Jarvis Technology Services Ltd. All rights reserved.