Privacy Policy

Last Updated: November 28, 2025

We respect the privacy rights of our online visitors and recognize the importance of protecting your information. This Privacy Policy describes how we collect, use, disclose, store and protect your information when you use our website and services. By using this website, you are accepting the practices described in this Privacy Policy. If you do not agree with the terms set forth in this Privacy Policy, please do not use our website.

Information We Collect and How We Use It
Legal Basis for Processing Your Data
Third-Party Services
E-commerce and Payment Processing
Email Communications
Cookies and Tracking Technologies
Data Retention
Disclosure of Your Information
International Data Transfers
Security of Your Information
Your Rights and Choices
GDPR Rights for EU Residents
Data Breach Notification
Children’s Privacy
Changes to This Privacy Policy
Contact Us

1. Information We Collect and How We Use It

Information You Provide to Us

When using our website and services, we may collect the following types of personal information that you provide:

Account Information: When you create an account or purchase a hosting subscription, we collect your name, email address, billing address, and phone number.
Payment Information: Billing information necessary to process your payment, though credit card details are processed securely through our payment processor and are not stored on our servers.
Communications: When you contact us via email or through our website, we retain those communications to process your inquiries and provide customer support.
Service Usage: Information about how you use our hosting services, including technical support requests and service configurations.

Information Collected Automatically

We automatically collect certain technical information when you visit our website:

Log Data: Your Internet Protocol (IP) address, browser type, operating system, referring URLs, pages viewed, and timestamps.
Cookies and Similar Technologies: We use cookies and similar tracking technologies to improve your experience, analyze website traffic, and understand usage patterns. Most browsers allow you to control cookies through their settings. You can learn more about managing cookies at www.allaboutcookies.org.
Analytics Data: We collect aggregated usage statistics to monitor website performance and improve our services.

How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our hosting services
Process transactions and send related information including confirmations and invoices
Send technical notices, updates, security alerts, and support messages
Respond to your comments, questions, and customer service requests
Monitor and analyze trends, usage, and activities in connection with our services
Detect, prevent, and address technical issues and fraudulent activity

2. Legal Basis for Processing Your Data

We process your personal information only when we have a valid legal basis to do so. Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, our legal bases for processing your personal information include:

Contractual Necessity

We process your personal information to fulfill our contractual obligations to you, including:

Creating and managing your hosting account
Processing your subscription payments
Providing hosting services and technical support
Sending transactional emails related to your service

Without this information, we cannot provide our services to you.

Legal Obligation

We process certain information to comply with legal requirements, including:

Maintaining financial records for tax and accounting purposes
Responding to lawful requests from government authorities
Preventing fraud and ensuring platform security

Consent

For certain processing activities, we rely on your consent, including:

Using cookies and tracking technologies (you can manage these through your browser settings or our cookie consent banner)
Sending you urgent service alerts via our Mailchimp mailing list (added when you become an active subscriber)
Collecting and processing information you voluntarily provide through contact forms

You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Legitimate Interests

We may process your information based on our legitimate business interests, such as:

Analyzing website usage to improve our services and user experience
Detecting and preventing fraud, security threats, and technical issues
Maintaining and improving our website performance
Protecting our business operations and legal rights

We only rely on legitimate interests when your rights and interests do not override these interests.

3. Third-Party Services

We use the following third-party services to operate our website and provide our services. Each of these services may collect and process data according to their own privacy policies:

Google Tag Manager and Google Analytics

We use Google Tag Manager to manage website tags and Google Analytics to understand how visitors interact with our website. Google Analytics collects information such as how often users visit our site, what pages they visit, and what other sites they used prior to coming to our site. We use this information to improve our website and services.

Google Analytics collects only the IP address assigned to you on the date you visit our site, not your name or other identifying information. We do not combine the information collected through Google Analytics with personally identifiable information.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Learn more about Google’s privacy practices: https://policies.google.com/privacy

WooCommerce

Our website uses WooCommerce to power our subscription shop and manage customer orders. WooCommerce is integrated into our WordPress website and stores order information, customer accounts, and transaction history on our servers. WooCommerce itself does not collect your data; rather, it provides the framework for us to process and store your information securely.

Learn more about WooCommerce and Automattic’s privacy practices: https://automattic.com/privacy/

4. E-commerce and Payment Processing

Order Information

When you purchase a hosting subscription through our website, we collect:

Billing and shipping information (name, address, email, phone number)
Order details and purchase history
Payment method information (processed through PayPal)

PayPal Payment Processing

All payment transactions are processed through PayPal, our secure payment processor. We do not store your complete credit card information on our servers. PayPal collects and processes your payment information according to their privacy policy.

When you make a purchase, you will be directed to PayPal’s secure payment platform. PayPal may collect payment card details, billing information, and transaction data. We receive only confirmation of successful payment and transaction reference numbers from PayPal.

Learn more about PayPal’s privacy practices: https://www.paypal.com/us/webapps/mpp/ua/privacy-full

5. Email Communications

Mailchimp Newsletter Service

When you become an active hosting subscriber, your email address is automatically added to our Mailchimp mailing list. We use Mailchimp solely to send urgent service alerts and important notifications related to your hosting service. We typically send fewer than one email per year through this service.

The information shared with Mailchimp includes:

Your email address
Your name (if provided)
Subscription status

Mailchimp processes this data according to their privacy policy. You can unsubscribe from these communications at any time by clicking the unsubscribe link at the bottom of any email or by contacting us directly. However, please note that you will continue to receive essential transactional emails related to your hosting service (such as renewal notices and service updates) even if you unsubscribe from the Mailchimp list.

Learn more about Mailchimp’s privacy practices: https://www.intuit.com/privacy/statement/

Transactional Emails

Regardless of your email preferences, we will send you transactional emails necessary for your hosting service, including:

Order confirmations and receipts
Subscription renewal notifications
Service-related announcements
Responses to your support requests
Critical security notifications

6. Cookies and Tracking Technologies

What Are Cookies

Cookies are small text files that are placed on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and understanding how you interact with our site.

Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the operation of our website and cannot be disabled. They include:

Session cookies that enable you to navigate our website and use its features
Security cookies that authenticate users and prevent fraudulent use of login credentials
Shopping cart cookies that remember items you’ve added to your cart

Legal Basis: Contractual necessity and legitimate interest in website functionality

Analytics Cookies

We use Google Analytics cookies to understand how visitors use our website. These cookies collect information about:

Pages you visit and how long you spend on each page
How you arrived at our website
What you click on while visiting our website

This information is aggregated and anonymized, meaning we cannot identify you personally from this data.

Legal Basis: Consent (which you can withdraw at any time) and legitimate interest in improving our services

Functional Cookies

These cookies allow our website to remember choices you make and provide enhanced features, such as:

Remembering your login details
Storing your preferences
Customizing content based on your previous visits

Legal Basis: Consent and legitimate interest in providing you with a better user experience

Managing Your Cookie Preferences

You have several options for managing cookies:

Browser Settings

Most web browsers allow you to control cookies through their settings. You can set your browser to:

Block all cookies
Accept only first-party cookies
Delete cookies when you close your browser
Notify you before a cookie is set

To learn how to manage cookies on popular browsers, visit: www.allaboutcookies.org

Google Analytics Opt-Out

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Do Not Track Signals

Some browsers include a “Do Not Track” (DNT) feature that signals to websites that you do not want to have your online activity tracked. Our website does not currently respond to DNT signals, but you can use the cookie management options described above to control tracking.

Please note: If you choose to block or delete cookies, some features of our website may not function properly, and you may not be able to access certain areas or features of the site.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specific retention periods include:

Active Customer Data

Account Information: Retained for the duration of your active subscription and for 12 months after account cancellation or service termination.
Order and Transaction History: Retained for 7 years from the date of transaction to comply with tax and accounting requirements.
Payment Information: We do not store complete payment card details. Transaction reference numbers are retained for 7 years.
Communications and Support Records: Retained for 3 years after the last interaction to provide continuity of support and resolve any disputes.

Analytics and Technical Data

Website Analytics: Aggregated and anonymized analytics data is retained indefinitely for statistical purposes.
Log Files: Server logs containing IP addresses and access information are retained for 90 days for security and troubleshooting purposes.

Deleted Account Data

When you request account deletion or after the retention period expires, we will:

Delete or anonymize your personal information within 30 days, except where we are required by law to retain it
Remove your email address from our Mailchimp mailing list
Retain only the minimum information necessary for legal, tax, and accounting compliance

Please note that some information may persist in backup systems for up to 90 days after deletion, after which it will be permanently removed.

8. Disclosure of Your Information

We Do Not Sell Your Data

We never sell, rent, or share your personal information with third parties for their marketing purposes. Your data is yours, and we are committed to keeping it private and secure.

Service Providers

We may share your information with trusted third-party service providers who assist us in operating our website and providing our services, including:

Payment processors (PayPal)
Email service providers (Mailchimp)
Analytics providers (Google Analytics)
Hosting infrastructure providers

These service providers are contractually obligated to use your information only to provide services to us and are prohibited from using your data for their own purposes.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We will disclose your information when we believe in good faith that disclosure is necessary to:

Comply with a legal obligation
Protect and defend our rights or property
Prevent or investigate possible wrongdoing
Protect the personal safety of users or the public
Protect against legal liability

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

9. International Data Transfers

Bit Spring, LLC is based in the United States. If you are accessing our website or services from the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with data protection laws, please be aware that your personal information will be transferred to, stored, and processed in the United States.

Legal Safeguards for International Transfers

When we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries, we ensure appropriate safeguards are in place to protect your information:

Standard Contractual Clauses

For transfers to our service providers, we use Standard Contractual Clauses (SCCs) approved by the European Commission. These are legally binding contracts that ensure your data receives adequate protection when transferred outside the EEA.

Third-Party Service Providers

Our third-party service providers have implemented appropriate safeguards for international data transfers:

Google (Analytics, Tag Manager): Certified under the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses
PayPal: Complies with GDPR requirements and uses approved data transfer mechanisms
Mailchimp (Intuit): Certified under the EU-U.S. Data Privacy Framework and maintains GDPR compliance

Your Rights Regarding International Transfers

If you are located in the EEA, UK, or Switzerland, you have the right to:

Obtain information about the safeguards we use for international data transfers
Request a copy of the Standard Contractual Clauses we use
Object to the transfer of your personal data to countries outside your jurisdiction

By using our website and services, you acknowledge and consent to the transfer of your information to the United States and other countries where we or our service providers operate.

10. Security of Your Information

We take the security of your personal information seriously and use reasonable physical, technical, and administrative safeguards to protect it against loss, theft, unauthorized access, disclosure, copying, use, or modification. These measures include:

Secure Socket Layer (SSL) encryption for data transmission
Secure servers and databases with restricted access
Regular security assessments and updates
Employee training on data protection and privacy

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

11. Your Rights and Choices

You have the following rights regarding your personal information:

Access: You can request access to the personal information we hold about you and receive a copy of it.
Correction: You can request that we correct any inaccurate or incomplete personal information.
Deletion: You can request that we delete your personal information, subject to certain legal exceptions (such as our obligation to retain financial records).
Data Portability: You can request a copy of your personal information in a structured, commonly used, machine-readable format that you can transfer to another service provider.
Opt-Out: You can opt out of receiving non-essential email communications by using the unsubscribe link in emails or contacting us directly.
Cookies: You can control cookies through your browser settings as described in Section 6.

To exercise any of these rights, please contact us using the information provided in the “Contact Us” section below. We will respond to your request within 30 days.

12. GDPR Rights for EU Residents

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent data protection laws:

Your GDPR Rights

Right to Access (Article 15)

You have the right to obtain confirmation that we are processing your personal data and to receive a copy of your personal data along with specific information about how it is being processed.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

Right to Erasure / “Right to be Forgotten” (Article 17)

You have the right to request deletion of your personal data when:

The data is no longer necessary for the purposes for which it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
The data must be erased to comply with a legal obligation

Please note that we may retain certain information as required by law or for legitimate business purposes.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data when:

You contest the accuracy of the data (restriction applies during verification)
Processing is unlawful but you prefer restriction to erasure
We no longer need the data but you need it for legal claims
You have objected to processing (restriction applies pending verification of legitimate grounds)

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller when:

Processing is based on consent or contract
Processing is carried out by automated means

Right to Object (Article 21)

You have the right to object at any time to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Withdraw Consent (Article 7)

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not engage in automated decision-making or profiling.

How to Exercise Your GDPR Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Subject line: “GDPR Rights Request”
Include: Your full name, email address, and specific right you wish to exercise

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension and reasons for delay.

Verification Process

To protect your privacy and security, we may need to verify your identity before processing your request. We may ask for additional information to confirm your identity, particularly for deletion or data portability requests.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of alleged infringement if you believe our processing of your personal data violates data protection laws.

For EU residents, you can find your local supervisory authority here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

For UK residents, you can contact the Information Commissioner’s Office (ICO): https://ico.org.uk

However, we encourage you to contact us first so we can address your concerns directly.

No Fees for Exercising Your Rights

You will not have to pay a fee to exercise any of your GDPR rights unless your request is clearly unfounded, repetitive, or excessive. In such cases, we may charge a reasonable fee or refuse to comply with the request.

13. Data Breach Notification

We take data security seriously and have implemented appropriate technical and organizational measures to prevent data breaches. However, in the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we are committed to transparent and timely notification.

Our Notification Process

What Constitutes a Data Breach

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

When We Will Notify You

If a data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

What Our Notification Will Include

Our notification to you will include:

The nature of the personal data breach
The categories and approximate number of individuals affected
The categories and approximate number of personal data records concerned
The likely consequences of the breach
The measures we have taken or propose to take to address the breach
Contact information for obtaining more information
Steps you can take to protect yourself

How We Will Notify You

We will notify affected individuals via:

Direct email to the address associated with your account
Prominent notice posted on our website
Other communication methods as appropriate based on the severity of the breach

Notification to Authorities

Where required by law, we will also notify the relevant supervisory authorities (such as the Information Commissioner’s Office for UK residents or the appropriate Data Protection Authority for EU residents) within 72 hours of becoming aware of a breach.

Your Responsibilities

If you become aware of any unauthorized access to your account or any security breach, please notify us immediately at [email protected] with the subject line “Security Incident.”

14. Children’s Privacy

Our services are not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 13, please contact us immediately at the email address provided below.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will not reduce your rights under this Privacy Policy without your explicit consent.

When we make material changes to this Privacy Policy, we will notify you by:

Posting the updated Privacy Policy on this page with a new “Last Updated” date
Sending an email notification to the email address associated with your account
Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bit Spring, LLC
1210 Liberty Grove Road
Conowingo, Maryland 21918
United States
Email: [email protected]

Data Protection Inquiries

For specific inquiries related to your personal data or to exercise your privacy rights, please email us at [email protected] with the subject line “Privacy Request” or “GDPR Rights Request” (for EU residents).

We will respond to your inquiry within 30 business days (or within one month for GDPR requests).

EU Representative

As a small business based in the United States, we do not currently have a designated representative in the European Union. However, we are committed to GDPR compliance and will respond to all data protection inquiries from EU residents promptly at the contact information above.

This Privacy Policy was last updated on November 28, 2025