Serversify
Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: April 1, 2026

1. Introduction

Serversify LLC ("Serversify", "we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have.

By using our services at serversify.com or any associated infrastructure management tools, you agree to the collection and use of information in accordance with this policy.

If you are a resident of the European Economic Area (EEA) and have questions about how we handle your data under GDPR, please review our GDPR Policy.

2. Information We Collect

Account information: When you register, we collect your name, email address, and a hashed password. For billing purposes, we collect payment card details (processed by Stripe — we do not store raw card numbers) and billing address.

Usage data: We log API requests, control panel actions, server provisioning events, and support interactions. This includes IP addresses, timestamps, and feature usage patterns.

Technical data: Browser type, operating system, referring URL, and session duration collected via first-party analytics. We do not use third-party tracking pixels or advertising cookies.

Communications: If you contact us via support tickets, email, or live chat, we retain those conversations to provide continuity of service.

3. How We Use Your Information

We use the data we collect to:

  • Provision, operate, and maintain your servers and account
  • Process billing and prevent fraudulent transactions
  • Send service notifications, invoices, and critical security alerts
  • Provide technical support and respond to your requests
  • Improve our platform through aggregated, anonymised analytics
  • Comply with legal obligations, including tax and audit requirements

We do not sell your personal data to third parties. We do not use your data to train machine learning models without explicit consent.

4. Information Sharing

We share your data with third parties only where necessary to deliver our service:

  • Stripe — payment processing (PCI DSS Level 1 certified)
  • Equinix / data center operators — physical facility access logs for servers you own
  • Postmark — transactional email delivery
  • Legal authorities — only when compelled by a valid legal order

All sub-processors are bound by data processing agreements and are required to handle data in accordance with applicable law.

5. Data Retention

We retain account data for the duration of your subscription plus 90 days after account closure, to allow recovery and comply with billing reconciliation requirements.

Billing records and invoices are retained for 7 years to comply with UK and EU tax regulations.

Server logs (provisioning events, access logs) are retained for 30 days by default. Support tickets are retained for 3 years.

You may request earlier deletion of your personal data by contacting [email protected]. Deletion requests will be fulfilled within 30 days, subject to legal retention requirements.

6. Security

We apply industry-standard security measures to protect your data, including:

  • TLS 1.3 encryption in transit for all control panel and API traffic
  • AES-256 encryption at rest for all sensitive data stores
  • bcrypt hashing for passwords with a work factor of 12
  • Two-factor authentication available on all accounts
  • Regular third-party penetration testing (results available under NDA)
  • SOC 2 Type II audit in progress — expected certification Q3 2026

No method of transmission over the internet is 100% secure. In the event of a breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by applicable law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request that we limit how we use your data

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Cookies

We use a minimal set of first-party cookies:

  • session — authentication session token, expires on browser close
  • csrf_token — CSRF protection, session-scoped
  • _sfy_analytics — first-party analytics, no PII, 30-day expiry

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking cookies. You can disable cookies in your browser settings; note that this will prevent you from logging in to the control panel.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered account holders at least 14 days before they take effect. Continued use of our services after that date constitutes acceptance of the updated policy.

10. Contact

For privacy-related inquiries:

Data Controller: Serversify LLC
Email: [email protected]
Address: 219 Carriage Cir, Cheyenne, WY 82009, United States

This document was last updated on April 1, 2026. If you have questions about any of these policies, please contact us at [email protected].