Privacy Policy

1. Introduction

Nobregas Hosting ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web hosting services and visit our website at nobregas.org.

By using our services, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

When you register for an account or use our services, we may collect:

• Full name
• Email address
• Billing address
• Payment information (processed securely via third-party payment processors)
• Phone number (optional)
• Company name (optional)

2.2 Automatically Collected Information

When you visit our website, we automatically collect:

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent
• Referring website
• Language preferences

2.3 Cookies and Tracking

We use cookies and similar technologies to enhance your experience, remember your preferences (such as language selection), and analyze website traffic via Google Analytics.

3. How We Use Your Information

We use collected information to:

• Provide and maintain our hosting services
• Process payments and send billing notifications
• Respond to support requests and inquiries
• Send service-related announcements and updates
• Detect and prevent fraud or abuse
• Improve our website and services
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Payment Processors: To process your payments securely
• Infrastructure Providers: Our datacenter and server providers as needed to deliver services
• Analytics Services: Google Analytics for website usage data (anonymized where possible)
• Legal Authorities: When required by law or to protect our rights

5. Data Security

We implement industry-standard security measures including:

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information as follows:

• Account Data: Retained while your account is active and for 30 days after cancellation
• Billing Records: Retained for 7 years for tax and legal purposes
• Support Tickets: Retained for 2 years after resolution
• Server Logs: Retained for 90 days
• Backups: Retained for 7 days on a rolling basis

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format
• Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, contact us at contact@nobregas.org.

8. Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

9. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on our website. Your continued use of our services after changes constitutes acceptance.

11. Contact Us

For questions about this Privacy Policy, please contact us:

1. Additional Information We Collect

1.1 Account & Service Data

When you use the Web Hosting Service, we collect and store:

• cPanel/control panel account credentials (encrypted)
• Hosting plan details, account status, and provisioning metadata
• WHMCS service identifier linking your billing account to the hosting account
• Server assignment, IP address allocations, and resource usage metrics
• Domain names and addon domains associated with your account

1.2 Website & Usage Data

To provide and manage your hosting account, we process:

• Website access logs (visitor IP addresses, URLs accessed, HTTP status codes, user agents, referrers)
• Error logs (PHP errors, server errors, application errors with file references)
• Bandwidth and resource consumption statistics
• Database names, sizes, and metadata
• Email accounts and mailbox sizes (we do not read your email content)
• FTP/SFTP connection logs
• Cron job configurations and execution logs

1.3 Security Data

For security and abuse prevention, we record:

• Failed login attempts to cPanel, email, and FTP with IP addresses and timestamps
• Firewall (CSF/LFD) blocks and intrusion detection alerts
• Malware scan results and quarantined files metadata
• ModSecurity rule triggers and blocked requests
• SSH access attempts (if enabled)

2. How We Use Web Hosting Data

In addition to the uses described in our general Privacy Policy, we use your Web Hosting data to:

• Provision, maintain, and deliver your web hosting account and associated services
• Monitor resource usage and enforce plan limits (disk, bandwidth, CPU, RAM, I/O, inodes)
• Generate server and website access logs for your review via cPanel
• Perform automated daily backups of your account data
• Detect and prevent abuse, malware, spam, and unauthorized access
• Enforce our Acceptable Use Policy and Terms of Service
• Deliver email hosting services and manage mail queues
• Issue and renew SSL certificates via Let's Encrypt or equivalent certificate authorities
• Synchronize your account and plan details with our billing system (WHMCS)
• Provide technical support related to your hosting account

3. Data Sharing Specific to Web Hosting

In addition to the data sharing described in our general Privacy Policy:

• Datacenter Providers: Your websites and data are hosted on dedicated servers in our Canadian datacenter. Server hardware, network, and physical security are managed by the datacenter operator.
• WHMCS Billing System: Account details, plan information, resource usage, and service status are shared with WHMCS for billing, provisioning, and plan management.
• Certificate Authorities: Domain names are shared with Let's Encrypt (or equivalent) for SSL certificate issuance and renewal.
• Cloudflare (if enabled): If Cloudflare integration is enabled, website traffic is routed through Cloudflare's network. Cloudflare's own privacy policy applies to data processed by their network.

4. Data Security Specific to Web Hosting

In addition to the security measures described in our general Privacy Policy, the Web Hosting Service implements:

5. Data Retention Specific to Web Hosting

• Website Files & Databases: Retained on our servers while your hosting service is active. Upon termination, all files, databases, and email data are permanently deleted within 30 days.
• Backup Files: Retained for 7 days on a rolling basis. Upon account termination, all backups are permanently deleted.
• Access Logs: Web server access logs are retained for 30 days and then automatically rotated.
• Error Logs: Application and server error logs are retained for 90 days.
• Security Logs: Firewall blocks, brute-force detections, and security events are retained for 1 year for auditing purposes.
• Email Data: Email messages and mailboxes are retained while your account is active. Upon termination, all email data is permanently deleted.
• Account Data: Retained while your account is active and for 30 days after termination, after which it is permanently deleted.

6. Your Rights Regarding Web Hosting Data

In addition to the rights described in our general Privacy Policy, you have the right to:

• Download: Generate and download a full backup of your hosting account (files, databases, emails, configurations) at any time via cPanel.
• Access Logs: View and download your website access logs and error logs via cPanel.
• Email: Access, download, and delete your email messages via webmail or email clients at any time.
• Account Deletion: Request complete deletion of your hosting account, including all files, databases, emails, backups, and associated data.

7. Automated Decision-Making

The Web Hosting Service uses automated systems to enforce plan resource limits (disk space, bandwidth, CPU, RAM, I/O, inodes). Exceeding limits may result in automatic throttling or temporary restrictions. These are technical enforcement measures, not profiling.

Our security systems (firewall, intrusion detection, malware scanning) may automatically block IP addresses, quarantine files, or restrict access based on detected threats. Account suspension may be applied automatically by WHMCS for non-payment or by administrators for policy violations.

8. Children's Privacy

The Web Hosting Service is intended for use by individuals and businesses for website and application hosting purposes. It is not intended for use by children under 18 years of age.

9. Contact

For questions about this Web Hosting Privacy Policy Addendum, contact us at:

1. Additional Information We Collect

1.1 Account & Service Data

When you use the MySQL Hosting service, we collect and store:

• Email address and full name (provided during provisioning or account creation)
• Hashed password (bcrypt; we never store plaintext passwords)
• Account status (active, suspended, or terminated)
• API keys (stored as SHA-256 hashes)
• WHMCS service identifier (linking your billing account to the MySQL Panel)
• Login timestamps and session metadata
• Database prefix assigned to your account

1.2 Database & Usage Data

To provide and manage your MySQL databases, we collect:

• Database names, character sets, collations, and creation dates
• Database sizes (calculated from MySQL metadata)
• Table structures, row counts, and storage engine types
• MySQL usernames you create and their associated privilege grants
• Current storage consumption relative to your plan limits
• Connection counts and queries-per-hour metrics

1.3 Query & Activity Data

To maintain security, enable troubleshooting, and provide service features, we record:

• SQL queries you execute through the panel (full query text, execution time, rows affected, success/error status, and any error messages) — retained as query history
• All panel actions (such as logins, database creation, privilege changes, backup operations, import/export) logged with your user ID, IP address, browser user agent, and timestamp
• Failed login attempts with IP address and timestamp
• Error logs including PHP, MySQL, and application errors with associated stack traces, file references, and user context

1.4 Backup Data

When you create or restore backups:

• Backup metadata (file path, file size, backup type — manual or automatic, status, and creation timestamp)
• Backup files themselves, which contain complete SQL dumps of your database structure and data, stored on our servers

1.5 Network & Access Data

• IP addresses you whitelist for remote MySQL access (up to 20 per account)
• Cloudflare-detected originating IP addresses
• Session identifiers, CSRF tokens, and "remember me" tokens (hashed)
• Password reset tokens (hashed, valid for 1 hour)

1.6 Import/Export Data

• Uploaded SQL and gzip-compressed SQL files (processed for import, not permanently stored after import completes)
• Exported SQL and CSV files generated on-demand from your databases

2. How We Use MySQL Service Data

In addition to the uses described in our general Privacy Policy, we use your MySQL Service data to:

• Provision, maintain, and deliver your MySQL databases on our infrastructure
• Enforce plan quotas and resource limits (databases, storage, connections, queries per hour)
• Provide query history so you can review and re-run previous queries
• Generate and deliver database backups (manual and, if included in your plan, automated daily backups)
• Enable phpMyAdmin Single Sign-On access using time-limited encrypted tokens (valid for 30 seconds)
• Monitor system health, detect abuse, prevent unauthorized access, and enforce our Acceptable Use Policy
• Log all administrative and database operations for security auditing and incident response
• Synchronize your account and plan details with our billing system (WHMCS)
• Deliver technical support related to your MySQL databases

3. Data Sharing Specific to MySQL Hosting

In addition to the data sharing described in our general Privacy Policy:

• MySQL Node Providers: Your databases are hosted on dedicated MySQL server nodes operated by Nobregas Hosting. Database contents, user credentials, and connection metadata reside on these nodes.
• WHMCS Billing System: Your email, name, account status, storage usage, and plan limits are shared with WHMCS for provisioning, billing, and plan management.
• phpMyAdmin: When you access phpMyAdmin via SSO, a temporary MySQL user credential is created and transmitted securely to the phpMyAdmin instance. This credential is rotated on each access and expires within 30 seconds.

4. Data Security Specific to MySQL Hosting

In addition to the security measures described in our general Privacy Policy, the MySQL Service implements:

5. Data Retention Specific to MySQL Hosting

• Database Contents: Retained on our MySQL nodes while your service is active. Upon termination, all databases and MySQL users are permanently dropped from the node.
• Backup Files: Retained according to your plan's backup retention period (default 30 days for automatic backups). Manual backups are retained until you delete them or your service is terminated. Upon termination, all backup files are permanently deleted from disk.
• Query History: Retained while your service is active. You may clear your query history at any time. All query history is deleted upon service termination.
• Activity Logs: Retained for 2 years for security auditing purposes.
• Error Logs: Retained for 90 days.
• Account Data: Retained while your account is active and for 30 days after termination, after which it is permanently deleted.
• Password Reset Tokens: Expire automatically after 1 hour and are removed.
• Remember Me Tokens: Expire after 30 days and are removed.
• Import Files: Processed immediately upon upload and not permanently stored after import completes.

6. Your Rights Regarding MySQL Service Data

In addition to the rights described in our general Privacy Policy, you have the right to:

• Export: Download your database contents at any time via SQL or CSV export, or by creating and downloading a backup file.
• Query History: View, re-run, or clear your entire query history at any time.
• Backup Management: Create, download, and delete your backup files at any time.
• IP Whitelist: Add or remove whitelisted IP addresses for remote access at any time.
• Account Deletion: Request complete deletion of your account and all associated databases, users, backups, logs, and query history.

7. Automated Decision-Making

The MySQL Panel enforces plan quotas (database count, storage limits, connections, queries per hour) automatically. If you exceed your plan limits, you may be unable to create new databases or your queries may be throttled. These are technical enforcement measures, not profiling. You may upgrade your plan at any time to increase your limits.

Account suspension may be applied automatically by our billing system (WHMCS) for non-payment or by an administrator for policy violations. Suspended accounts cannot log in or access databases until the issue is resolved.

8. Children's Privacy

The MySQL Hosting service is intended for use by individuals and businesses for database hosting purposes. It is not intended for use by children under 18 years of age.

9. Contact

For questions about this MySQL Hosting Privacy Policy Addendum, contact us at: