1. Introduction
This page supplements our Privacy Policy and specifically addresses Serversify's obligations under the EU General Data Protection Regulation (GDPR).
If you are a resident of the European Economic Area (EEA), this document governs how your personal data is processed and explains your rights as a data subject.
2. Data Controller
The data controller responsible for your personal information is:
Serversify LLC
219 Carriage Cir
Cheyenne, WY 82009
United States
3. Legal Basis for Processing
We process your personal data under the following legal bases:
Performance of a contract (Art. 6(1)(b))
Account data, billing information, and server provisioning logs — processed to deliver the services you signed up for.
Legal obligation (Art. 6(1)(c))
Tax records, invoice data, and legally mandated disclosures to authorities — processed to comply with applicable law.
Legitimate interests (Art. 6(1)(f))
Fraud prevention, abuse detection, product analytics, and security monitoring — we balance our legitimate interests against your rights. You may object to this processing at any time.
Consent (Art. 6(1)(a))
Marketing emails and optional product surveys — only sent where you have explicitly opted in. Consent can be withdrawn at any time.
4. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
- Right of access (Art. 15): Request confirmation of whether we process your data and obtain a copy.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17): Request deletion of your personal data where it is no longer necessary, consent has been withdrawn, or processing is unlawful.
- Right to restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
- Rights related to automated decisions (Art. 22): Not to be subject to solely automated decision-making with legal or similarly significant effects.
To exercise any right, email [email protected]. We will respond within 30 days. Requests may be refused where we have a legal obligation to retain data or where the request is manifestly unfounded or excessive.
5. Data Retention
We retain personal data only for as long as necessary for the purpose it was collected:
6. International Data Transfers
Serversify is headquartered in the United States. Personal data from EEA residents is transferred to and processed in the US. We ensure appropriate safeguards are in place for such transfers:
- Standard Contractual Clauses (SCCs): Transfers from the EEA to the United States are covered by the European Commission's 2021 SCCs.
- Adequacy decisions: Transfers to other countries with an EU adequacy decision (e.g., Canada, Japan) require no additional safeguard.
A copy of our transfer impact assessments is available on request to [email protected].
7. Data Protection Officer
Serversify has appointed a Data Protection Officer (DPO) responsible for overseeing GDPR compliance.
DPO contact: [email protected]
You may contact the DPO directly for any GDPR-related concern, including escalations where you feel your initial request has not been handled appropriately.
8. Supervisory Authority Complaints
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority in your member state of residence. A list of EEA supervisory authorities is available at edpb.europa.eu.
We ask that you contact us directly at [email protected] before lodging a complaint, as we are usually able to resolve concerns quickly and informally.
This document was last updated on April 1, 2026. If you have questions about any of these policies, please contact us at [email protected].