Privacy and Data Handling Policy

Updated on May 18, 2026.

This Privacy and Data Handling Policy (“Policy”) applies to services provided by Springs Hosting (“SH”), including shared hosting, VPS hosting, PCI hosting, colocation, domain registration, SSL/TLS certificates, email hosting, DNS, backup services, remote hands, support, and related services.

This Policy is incorporated into and governed by the Master Service Agreement and any applicable Accompanying Agreement. Capitalized terms not defined in this Policy have the meanings given to them in the Master Service Agreement.

1. PURPOSE

   This Policy describes how SH collects, uses, accesses, retains, and discloses information in connection with the Services. This Policy is intended to address account information, billing information, support information, technical information, logs, domain information, and Client Data handled by SH while providing Services.

2. RELATIONSHIP TO MASTER SERVICE AGREEMENT AND ACCOMPANYING AGREEMENTS

   This Policy supplements the Master Service Agreement and applicable Accompanying Agreements. If there is a conflict between this Policy and an Accompanying Agreement, the Accompanying Agreement controls for service-specific privacy, security, compliance, or data handling terms. If there is a conflict between this Policy and the Master Service Agreement, the Master Service Agreement controls for general legal, billing, liability, confidentiality, indemnification, termination, and dispute terms unless this Policy expressly states otherwise.

3. INFORMATION SH COLLECTS

   SH may collect information necessary to provide, manage, bill, secure, support, and improve the Services. This information may include:

   1. Account owner name, company name, address, phone number, email address, and billing contact information.
   2. Administrative, technical, billing, security, and abuse contact information.
   3. Client Portal, cPanel, VPS, domain, DNS, or service account information.
   4. Order history, invoices, payment status, service history, renewal history, cancellation history, and support history.
   5. Domain registration, renewal, transfer, DNS, WHOIS, registrant, administrative, technical, and billing contact information.
   6. IP addresses, assigned services, server names, hostnames, usernames, DNS records, routing information, reverse DNS information, and other technical service information.
   7. Support tickets, emails, phone call recording and notes, chat records, screenshots, logs, error messages, diagnostic information, and troubleshooting details.
   8. Security alerts, abuse reports, spam complaints, blacklist reports, malware reports, phishing reports, copyright complaints, provider complaints, and law enforcement or legal requests.
   9. Logs and metadata generated by SH Infrastructure, SH Network, hosting platforms, mail systems, DNS systems, control panels, backup systems, monitoring systems, and security systems
4. WEBSITE VISITORS, COOKIES, AND ANALYTICS

   When visitors use SH’s public website, SH may collect basic information such as IP address, browser type, device information, pages visited, referring pages, timestamps, form submissions, and similar website usage information.

   SH may use cookies, analytics tools, spam-prevention tools, security tools, embedded content, or similar technologies to operate the website, understand website usage, secure forms, prevent abuse, and improve the website.

   Visitors can control cookies through their browser settings. Disabling cookies may affect certain website or portal features.

   If applicable law requires consent, opt-out rights, or other choices for certain cookies, tracking, or analytics, SH will provide those choices as required.

5. CLIENT DATA

   Client Data includes data, files, websites, email, databases, applications, software, content, logs, configurations, credentials, and other information uploaded, transmitted, stored, processed, or used by Client or Client’s users through the Services.

   Client owns or controls Client Data. SH does not claim ownership of Client Data.

   Client is responsible for ensuring that Client Data is lawful, accurate, properly licensed, properly secured, and handled in compliance with applicable laws, regulations, contracts, and industry requirements.

   SH may host, process, transmit, copy, back up, restore, migrate, scan, quarantine, access, or otherwise handle Client Data as reasonably necessary to provide, secure, support, maintain, troubleshoot, or enforce the Services.

6. LOGS, MONITORING, AND SECURITY DATA

   SH may collect and review logs, metadata, alerts, and monitoring data related to the Services. This may include:

   1. IP addresses.
   2. Login attempts.
   3. Authentication events.
   4. Email sending activity.
   5. Mail queue information.
   6. DNS queries or DNS configuration information.
   7. Network traffic metadata.
   8. Bandwidth usage.
   9. Storage usage.
   10. CPU, memory, disk, inode, database, and process usage.
   11. Web server logs.
   12. Error logs.
   13. Firewall, IDS, IPS, WAF, malware, antivirus, EDR, SIEM, or security monitoring alerts.
   14. Backup job logs.
   15. Control panel activity logs.

   SH uses logs and monitoring data to operate the Services, troubleshoot issues, investigate abuse, protect security, maintain availability, respond to incidents, enforce agreements, and comply with legal or provider requirements.

7. SUPPORT ACCESS AND ADMINISTRATIVE ACCESS

   SH may access Client Systems or Client Data as reasonably necessary to:

   1. Provide, maintain, secure, monitor, troubleshoot, migrate, back up, restore, or support the Services.
   2. Respond to Client requests.
   3. Investigate abuse, malware, spam, phishing, security incidents, network issues, service disruptions, or policy violations.
   4. Protect SH Infrastructure, SH Network, SH customers, third-party networks, providers, carriers, registries, or the public.
   5. Comply with law, court order, subpoena, government request, carrier requirement, registry requirement, payment processor requirement, or law enforcement request.

   SH does not routinely review Client Data for content, accuracy, legality, security, or compliance.

   Client understands that support requests may require SH personnel to view files, databases, email settings, mail logs, DNS records, website configurations, control panel settings, server settings, or other information related to the requested support issue.

8. HOW SH USES INFORMATION

   SH may use information collected under this Policy to:

   1. Provide, provision, renew, modify, suspend, cancel, or terminate Services.
   2. Process orders, invoices, payments, renewals, refunds, and cancellations.
   3. Manage accounts, authorized contacts, billing contacts, technical contacts, and support contacts.
   4. Provide technical support and customer service.
   5. Monitor and maintain SH Infrastructure and SH Network.
   6. Detect, investigate, prevent, and respond to abuse, spam, phishing, malware, security incidents, fraud, unauthorized access, network attacks, and policy violations.
   7. Maintain IP address utilization, IP reputation, routing, DNS, reverse DNS, and network operations.
   8. Process domain registrations, renewals, transfers, WHOIS updates, DNS changes, and registrar-related requests.
   9. Perform backups, restores, migrations, maintenance, updates, and service changes.
   10. Comply with laws, regulations, legal process, provider requirements, carrier requirements, registry requirements, registrar requirements, payment processor requirements, and contractual obligations.
   11. Enforce the Master Service Agreement, Accompanying Agreements, Acceptable Use Policy, Terms of Service, Service Level Agreement, and other Policies.
   12. Maintain business records, tax records, billing records, security records, abuse records, and compliance records.
9. DISCLOSURE OF INFORMATION

   SH may disclose information when reasonably necessary to provide Services, operate its business, protect its rights, protect its customers, comply with legal obligations, or enforce agreements. SH may disclose information to:

   1. SH employees, contractors, and agents who need the information to provide, support, secure, bill, or manage the Services.
   2. Payment processors and financial institutions.
   3. Domain registrars, registries, ICANN-related systems, OpenSRS, eNom, Tucows, or other domain service providers.
   4. SSL/TLS certificate authorities and certificate service providers.
   5. Software vendors, control panel vendors, backup vendors, monitoring vendors, security vendors, and infrastructure providers.
   6. Internet carriers, upstream providers, transit providers, cross-connect providers, colocation providers, and network operators.
   7. Law enforcement, courts, regulators, government agencies, or other parties when required or reasonably appropriate under legal process.
   8. Third parties involved in abuse, spam, phishing, malware, copyright, trademark, security, blacklist, routing, network, or provider complaints.
   9. Professional advisors, including attorneys, accountants, auditors, insurers, and consultants.
   10. A successor or potential successor in connection with a merger, acquisition, sale, financing, reorganization, or transfer of all or part of SH’s business.

   SH will not sell Client Data hosted on SH Services.

10. LEGAL REQUESTS AND LAW ENFORCEMENT

    SH may disclose information in response to subpoenas, court orders, warrants, law enforcement requests, government requests, regulatory inquiries, legal claims, or other legal process. SH may also disclose information if SH believes disclosure is reasonably necessary to:

    1. Comply with law.
    2. Protect SH’s rights, property, business, infrastructure, network, customers, or personnel.
    3. Prevent or investigate fraud, abuse, security incidents, illegal activity, or threats.
    4. Respond to emergencies involving danger of death, serious physical injury, cyberattack, service disruption, or substantial harm.
    5. Enforce the Master Service Agreement, Accompanying Agreements, Acceptable Use Policy, Terms of Service, or other Policies.

    SH may notify Client of legal requests when SH determines notice is legally permitted and commercially reasonable. SH may delay or withhold notice when prohibited by law, court order, law enforcement request, government request, or when SH determines notice could create risk to SH, another customer, a third party, an investigation, or the public.

    Client is responsible for legal costs, administrative costs, and direct expenses incurred by SH as a result of legal process, civil investigation, criminal investigation, subpoena, court order, discovery request, preservation request, or similar request related to Client, Client Data, Client Systems, or Client’s use of the Services.

11. PAYMENT INFORMATION

    SH may collect and process payment-related information necessary to bill for Services.

    Payment card, ACH, or other payment information may be processed by third-party payment processors. SH may receive limited payment information, such as payment status, transaction identifiers, card type, expiration date, last four digits, billing address, or processor response codes.

    SH does not intend to store full payment card numbers or sensitive payment authentication data on SH systems unless expressly stated otherwise.

    Client is responsible for keeping payment information current and accurate.

12. DOMAIN REGISTRATION AND WHOIS INFORMATION

    Domain registration, renewal, transfer, and management may require SH to collect and provide domain-related contact information to registrars, registries, ICANN-related systems, WHOIS services, privacy/proxy providers, and other domain service providers.

    Domain-related information may include registrant, administrative, technical, and billing contact information, domain name, nameservers, DNS records, registration dates, expiration dates, transfer status, and similar information.

    Client understands that domain registration information may be subject to registrar, registry, ICANN, TLD-specific, WHOIS, RDAP, privacy/proxy, verification, and public disclosure rules.

    SH is not responsible for registrar, registry, ICANN, WHOIS, RDAP, or TLD-specific handling of domain registration information.

13. THIRD-PARTY PROVIDERS

    SH may use third-party providers to deliver, support, bill, secure, monitor, or manage the Services.

    Third-party providers may include domain registrars, registries, payment processors, certificate authorities, software vendors, control panel vendors, data center vendors, cloud providers, backup vendors, monitoring vendors, security vendors, carriers, upstream providers, and professional service providers.

    Client understands that third-party providers may process information according to their own terms, policies, security practices, retention rules, and legal obligations.

    SH is not responsible for the privacy, security, availability, policies, or practices of third-party providers except to the extent required by applicable law or expressly stated in an Accompanying Agreement.

14. DATA RETENTION

    SH may retain information for as long as reasonably necessary to provide Services, operate the business, maintain records, resolve disputes, enforce agreements, comply with legal obligations, respond to security incidents, investigate abuse, and protect SH or its customers.

    Retention periods may vary depending on the type of information, Service, legal requirement, billing need, tax requirement, security purpose, abuse history, backup process, or operational requirement.

    SH may retain account records, invoices, payment records, support records, domain records, logs, abuse records, security records, legal records, and business records after Services end.

    Backups may continue to contain Client Data for a limited period after deletion from active systems, until those backups expire or are overwritten according to SH’s backup practices.

15. DATA DELETION AFTER TERMINATION

    Client is responsible for downloading, migrating, backing up, or otherwise preserving Client Data before cancelling, terminating, allowing expiration of, or failing to renew Services.

    After cancellation, termination, expiration, nonpayment, or account closure, SH may delete Client Data, websites, email, databases, VPS data, files, backups, DNS records, configurations, and related information according to SH’s retention practices and the applicable Accompanying Agreement.

    SH has no obligation to retain Client Data after cancellation, termination, expiration, or nonpayment unless required by law or expressly agreed in writing.

    SH may retain account records, billing records, logs, abuse records, security records, domain records, support records, and business records as needed for legal, tax, billing, security, compliance, archival, or business purposes.

16. SECURITY

    SH maintains commercially reasonable administrative, technical, and physical safeguards designed to protect SH Infrastructure and Client information handled by SH in connection with the Services.

    No hosting, network, storage, backup, or security system is completely secure. SH does not guarantee that Services will be immune from unauthorized access, cyberattack, malware, data loss, interruption, or security incident.

    Client is responsible for securing Client Data, Client Systems, applications, websites, scripts, email accounts, passwords, user accounts, access controls, and any systems or software under Client’s control unless the applicable Accompanying Agreement expressly assigns that responsibility to SH.

    Client must promptly notify SH of any actual or suspected unauthorized access, credential compromise, malware infection, data breach, payment card incident, spam issue, phishing issue, or other security event involving Services provided by SH.

17. CLIENT RESPONSIBILITIES

    Client is responsible for:

    1. Providing accurate account, billing, technical, domain, and contact information.
    2. Keeping contact information current.
    3. Maintaining secure credentials and access controls.
    4. Restricting access to authorized users.
    5. Protecting Client Data and Client Systems.
    6. Maintaining appropriate backups unless backup services are expressly included in the applicable Accompanying Agreement.
    7. Complying with laws, regulations, industry standards, contractual obligations, and privacy requirements applicable to Client’s business and Client Data.
    8. Obtaining all required consents, notices, permissions, and authorizations for data Client stores, processes, transmits, or collects through the Services.
    9. Responding promptly to abuse, security, legal, copyright, privacy, spam, phishing, malware, or other complaints related to Client’s Services.
18. NO SALE OF CLIENT DATA

    SH does not sell Client Data hosted, stored, transmitted, or processed through the Services.

    SH may share information as described in this Policy to provide Services, operate its business, comply with law, enforce agreements, process payments, manage domains, investigate abuse, respond to security issues, or protect SH, SH customers, third parties, or the public.

19. POLICY UPDATES

    SH may update this Policy from time to time.

    Changes required by law, regulation, court order, provider requirement, carrier requirement, registry requirement, security necessity, abuse prevention, operational necessity, or compliance requirement may become effective immediately upon posting or notice.

    Other material changes will become effective upon renewal of the applicable Service unless Client accepts the changes earlier by continuing to use the Services after notice.