1. Introduction and Scope
This Privacy Policy describes how Hoyist (“we”, “our”, “us”) collects, uses, protects, and discloses your personal information when you visit or interact with our website, use our products and services, or communicate with us. We are committed to protecting your privacy and handling your data transparently and securely.
This Policy applies to all information collected through our websites, including `hoyist.com` and its subdomains, any related services, and any sales, marketing, or events we participate in. By using or accessing any Hoyist service or site, you are consenting to the terms of this Privacy Policy. If you do not agree with the terms outlined herein, you must immediately cease all use of our websites and services.
We process your data on several legal bases:
(i) Contractual Necessity: To provide the services you have requested and fulfill our contractual obligations to you.
(ii) Legitimate Interests: To run our business, improve our services, prevent fraud, and ensure the security of our platform, provided these interests do not override your fundamental rights and freedoms.
(iii) Legal Obligation: To comply with legal requirements, regulatory mandates (e.g., ICANN), and law enforcement requests.
(iv) Consent: When we process your data based on your explicit consent, which you can withdraw at any time.
2. Access to Client Accounts
We do not access any client accounts, including WordPress dashboards, unless the client explicitly requests our assistance for troubleshooting or service purposes. We only intervene under two circumstances:
-
When the client requests help to fix a specific issue or perform a task. In this case, we confirm first that the client allows us to log in or access the account.
-
When unusually high bandwidth or storage usage exceeds expected limits. In this case, we only check your cPanel to identify the source, without accessing the client’s content.
We never access your SQL databases, admin panel, file manager, or any other sensitive data.
In all cases, we respect client privacy and make every effort to protect it.
3. Information We Collect and Its Purpose
We collect various types of information, both personally identifiable and non-personally identifiable, to deliver and improve our services.
Information from Website Visitors
Like most website operators, we automatically collect non-personally-identifying information that web browsers and servers typically make available. This data helps us understand how our visitors use our website, allowing us to optimize their experience and our service offerings. This information includes:
(i) Browser Type: To ensure compatibility and diagnose display issues.
(ii) Language Preference: To automatically tailor the language of our website and content.
(iii) Referring Site: To identify where our traffic originates from, aiding in marketing and partnership analysis.
(iv) Date & Time of Each Request: For performance monitoring, troubleshooting, and abuse detection.
(v) Pages You View: To analyze user engagement, improve site navigation, and identify popular content.
We also collect potentially personally-identifying information directly from you or through automated means, such as:
(i) Email Address: For account creation, login, password recovery, customer support, and essential service notifications.
(ii) Personal Website URL: If you provide it voluntarily, such as in a user profile or feedback form.
(iii) Internet Protocol (IP) Address: We collect and store IP addresses for logged-in users, customers placing orders, and users leaving comments on our blog. The IP address is a critical security tool, used primarily for fraud prevention, identifying and blocking malicious activity, and for analytical purposes. In specific cases, such as leaving a blog comment, your IP address may be visible to blog administrators, and it will be disclosed under the same strict circumstances as other personal information.
We are committed to disclosing IP addresses for logged-in users and commenters only under the same circumstances that we would use and disclose other personally-identifying information, as described in this policy.
Information for Account Creation and Service Provision
To provide our web hosting, domain registration, and related services, we require you to provide certain personal information during the registration and ordering processes. This information is essential for contract fulfillment and is used to manage your account and deliver services. This includes:
(i) Pre-registration Information: Data you provide before any formal registration, such as your email address when signing up for a newsletter or a waitlist.
(ii) Registration Data: Information you provide during the account creation process, which includes your full name, company name (if applicable), email address, phone number, and physical billing address.
(iii) Payment Details: Financial information, including credit card numbers, expiration dates, and security codes. This data is handled by our secure, PCI-compliant payment gateway providers and is never stored on our servers.
(iv) Geographic Location and Industry: This information helps us understand our customer base and may be used for marketing purposes or to comply with region-specific regulations.
Domain Registration and ICANN Requirements
When you purchase Domain Registration services for Top-Level Domains (TLDs), our collection of personal information is mandated by our contractual obligations with the Internet Corporation for Assigned Names and Numbers (ICANN) and various TLD registries. This information is necessary to register and manage your domain name. We are required to collect a range of contact details for the following roles:
(i) Registrant Contact: The legal owner of the domain name.
(ii) Administrative Contact: The individual authorized to make decisions regarding the domain.
(iii) Technical Contact: The individual managing the technical aspects of the domain (e.g., nameservers).
(iv) Billing Contact: The individual responsible for domain renewal and payment.
For each of these roles, we must collect the full name, organization (if applicable), complete mailing address, email address, and telephone and fax numbers. In some cases, certain registries may also require Additional Personal Information, such as professional identifications, affiliations, or other details necessary to meet their specific policies (e.g., .travel domains). The collection and use of this information are not optional and are a direct requirement for us to provide you with domain registration services.
Disclosure Requirements for Domain Data
Our contracts with ICANN and other registries impose strict disclosure requirements for domain name information.
(i) Public WHOIS: Our contracts with ICANN's Registrar Accreditation Agreement (RAA) require us to make certain domain name information ("WHOIS Information") available to the public. This includes the domain name, name servers, and the domain’s creation and expiration date. While we make every effort to utilize privacy protection services (e.g., Domain Privacy) to shield your personal details, certain data fields must always be accurate and accessible for legal reasons.
(ii) Domain Transfer Process: If you choose to transfer a domain away from Hoyist, we may be required by ICANN to temporarily publish your registrant email address on the public WHOIS for approximately five days. This is a mandatory part of the inter-registrar transfer process to verify ownership.
(iii) Registry-Specific Sharing: To complete your domain registration, we may be obligated to provide your personal and additional personal information to the specific TLD registry managing that domain.
(iv) Data Escrow: As per our ICANN contract, we are required to deposit all collected domain registration data with a secure, ICANN-approved third-party escrow provider. This is a crucial measure to ensure domain data is preserved in the event of a registrar's failure.
Use of Collected Data
Beyond service provision, we also use your data to:
(i) Send you essential account updates, security alerts, service offers, and feature notifications.
(ii) Enable cross-service functionality within our digital ecosystem (e.g., integrating your hosting and domain account).
(iii) Facilitate business transfers or asset sales in the event of a merger, acquisition, or bankruptcy.
(iv) Derive statistical insights from usage to drive data-led improvements and strategic business decisions.
(v) Provide our staff with necessary system access to ensure effective client communication and support.
(vi) Store your data securely across various infrastructure components, including system log files, back-end databases, and analytics platforms.
4. Protection of Personal Information
Hoyist takes the security of your data seriously. We have implemented technical, physical, and administrative measures to protect your information from unauthorized access, use, alteration, or destruction.
Internal Data Disclosure
We disclose personally identifiable information (PII) only to a limited set of Hoyist employees, contractors, and affiliated organizations who:
(i) Need to Know: The individuals must require the information to process it on our behalf or to provide services available at our website.
(ii) Confidentiality Agreements: They must be bound by strict confidentiality agreements that legally prohibit them from disclosing the information to others.
(iii) Cross-Border Data Transfer: Some of these employees, contractors, or organizations may be located outside of your home country. By using our website and services, you explicitly consent to this cross-border transfer of your information.
We will never rent or sell your PII to anyone. We take all reasonable and necessary measures to protect against unauthorized access, use, alteration, or destruction of PII. We have implemented various security controls, including but not limited to:
(i) Encryption: Use of Secure Sockets Layer (SSL) technology for all sensitive data transmission.
(ii) Restricted Access: Access to personal data is limited to a small number of personnel with special access rights.
(iii) Regular Scanning: Our systems are regularly scanned for security vulnerabilities and malware.
External Data Disclosure
Except for the mandatory disclosures required for domain registration (WHOIS, etc.) and sharing with our trusted service providers, we will only disclose your data when legally compelled to do so. This includes:
(i) In response to a subpoena, court order, government investigation, or other lawful governmental requests.
(ii) To comply with the rules and policies of ICANN or other regulatory bodies.
(iii) When we believe, in good faith, that disclosure is reasonably necessary to protect the property, rights, or safety of Hoyist, our customers, or the general public.
Occasionally, we may send registered users emails about new features, solicit feedback, or keep you updated on Hoyist and our products. These communications are a vital part of our service. While we primarily use our blog and social media for such updates, limited email communications may still be sent. Furthermore, if you submit a request to us (e.g., via a support ticket or feedback mechanism), we reserve the right to publish it to clarify or respond to your request or to help other users, although we will anonymize it as needed.
5. Usage of Your Information
Our use of your information is grounded in our legitimate interest to provide a robust, secure, and user-friendly service. We use the information we collect for the following purposes:
Service Provision and Improvement
(i) To Provide Requested Services: We use your data to deliver the web hosting, domain registration, and other services you have purchased.
(ii) To Ensure Functionality: Your data helps us ensure the proper functioning and stability of our websites and services.
(iii) To Enhance User Experience: By analyzing how you interact with our site, we can improve our services and offer a more personalized experience.
Support and Communication
(i) To Provide Technical Support: Your contact and account information allows us to provide timely and effective technical support.
(ii) To Communicate with You: We use your information to send you essential service-related communications, updates, and account notifications.
(iii) To Personalize Your Experience: We may use aggregated data to offer content and product offerings that are most relevant to you.
Security and Compliance
(i) To Prevent Fraud and Abuse: Your IP address and other behavioral data are crucial for diagnosing problems, detecting fraudulent activities, and administering our security and compliance programs.
(ii) To Comply with Legal Obligations: We process your data to fulfill legal obligations imposed by ICANN, governmental bodies, or court orders.
(iii) To Maintain Service Quality: We may use recorded calls or support tickets for quality control and training purposes.
6. How We Share Information
Hoyist may share personal data with trusted third parties to provide a better, more efficient service, but only under strict contractual terms.
(i) Service Providers: We may share your information with third-party providers who assist us with essential business functions, such as:
(a) Payment processing and credit card handling.
(b) Marketing and customer relationship management (CRM) tools.
(c) Email delivery and content delivery networks (CDNs).
(d) Sales leads and customer support platforms.
(e) Web analytics and fraud prevention services.
These providers are obligated to protect your data and only use it as instructed by us.
(ii) Advertising: We may work with advertising companies that use cookies and tracking technologies to display ads based on your browsing activities. This is only done with your explicit consent where legally required. We do not sell your personal information to these advertisers.
(iii) Business Transactions: In the event of a reorganization, merger, sale, assignment, or bankruptcy of Hoyist, your information may be provided to a third party as part of the business assets transferred. You acknowledge that your data may be transferred to a successor entity, subject to the same terms and protections outlined in this Policy.
(iv) Aggregated Data: Anonymized and aggregated insights may be shared for research, marketing, or business analysis. This data does not identify individual users.
(v) Legal and Safety: We may share your information to comply with legal obligations (e.g., a subpoena), to enforce our site policies, or to protect the safety of Hoyist, its customers, or the public and to investigate fraud or security issues.
(vi) Consent: We may share your information with third parties with your explicit consent.
7. Cookie Policy & Tracking Technologies
We use cookies, web beacons, tags, and other tracking technologies to gather demographic information, personalize your experience, and improve our services.
(i) Cookies: Small text files that a site or its service provider transfers to your computer's hard drive (if you allow). They enable our systems to recognize your browser and remember certain information. We use them for:
(a) Strictly Necessary Cookies: Essential for the site to function, like maintaining your login session.
(b) Functionality Cookies: To remember your preferences, like your language setting or display currency.
(c) Performance & Analytics Cookies: To compile aggregate data about site traffic and interaction, helping us understand user behavior and improve our services.
(d) Advertising Cookies: To serve personalized ads.
(ii) Web Beacons (or "Tags"): Tiny graphics with a unique identifier, used to track online movements of web users. Unlike cookies, which are stored on your computer, web beacons are embedded invisibly on web pages.
(iii) Log Files: As is true of most websites, we automatically gather and store information in log files, including IP addresses, browser type, ISP, referring/exit pages, operating system, and timestamps.
Your control over these technologies: You can control how websites use cookies by changing your browser settings. However, disabling cookies may limit the functionality of some features and services. You can also opt out of interest-based advertising from many providers through the Network Advertising Initiative (NAI) opt-out page or the European Interactive Digital Advertising Alliance (EDAA) opt-out page.
8. Your Choices and Preferences
(i) Email Communications: Once you provide your email, you acknowledge that we may send you communications related to your account and service. We will also send promotional emails, but these will include an unsubscribe link that allows you to opt out. Note that you cannot opt out of essential transactional emails related to your account or service changes. We comply with the CAN-SPAM Act and similar regulations.
(ii) "Do Not Track" Signals: We currently do not offer functionality for you to opt out through "Do Not Track" listings. If you wish to opt out of our tracking, please contact us at `[email protected]`.
9. Your Data Rights
Individuals located in certain jurisdictions, particularly the European Economic Area (EEA), may have specific data protection rights under the General Data Protection Regulation (GDPR) or other local laws. Depending on your jurisdiction, these rights may include:
(i) The Right to Access: You have the right to request a copy of the personal information we hold about you.
(ii) The Right to Rectification: You can request that we correct any inaccurate or incomplete data we have about you.
(iii) The Right to Erasure ("Right to Be Forgotten"): You have the right to request the deletion of your personal data under certain conditions.
(iv) The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
(v) The Right to Object to Processing: You have the right to object to our processing of your personal data, particularly for direct marketing purposes.
(vi) The Right to Data Portability: You have the right to request that we transfer your collected data to another organization or directly to you, in a structured, commonly used, and machine-readable format.
(vii) The Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us via email at `[email protected]`. We will respond to your request within 30 days and may require identity verification to ensure the security of your data.
10. Children’s Privacy
Our services are not directed at, nor are they intended to be used by, children under the age of 13. We do not knowingly collect information from anyone under this age. If we become aware that we have collected personal data from a child under 13, we will take reasonable steps to delete it from our records as quickly as possible.
11. Third-Party Links
Our website may contain links to third-party websites that are not operated by us. We are not responsible for the privacy policies or practices of these third-party sites. We strongly encourage you to review the privacy policy of any site you visit before providing any personal information.
12. Data Security and Safeguards
We use a combination of physical, administrative, and electronic safeguards to protect your information. These include:
(i) Physical Safeguards: Secure facilities, restricted access to servers.
(ii) Electronic Safeguards: Firewalls, encryption, regular vulnerability scanning, and secure data storage.
(iii) Administrative Safeguards: Strict access controls, employee training, and confidentiality agreements.
While we take these measures, it is important to remember that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal information. We recommend that you protect your own information by using strong passwords, practicing good cyber hygiene, and using antivirus and firewall software.
13. International Data Transfers
Your information, including personal data, may be transferred to and stored on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. By using our website and services, and by submitting your information, you consent to these transfers and the processing of your data in the United States and other locations, as necessary. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
14. Privacy Policy Changes
We reserve the right to modify this Privacy Policy at any time, for any reason. We will post any changes to this page and will update the "Last Updated" date at the top. We may also notify you of significant changes via email or through a notice on our website. Continued use of our services after any changes have been posted will constitute your acceptance of the updated terms. We encourage you to review this policy frequently to stay informed.
15. Contact Information
If you have any questions or concerns about this Privacy Policy, our data practices, or if you would like to exercise your data rights, please contact us on our support channels.
