Skip to content
Contact

Clear and minimal

Privacy Policy

Last updated: 19 February 2026

1. Who we are

Quietly Hosted is the trading name of Colin Thurston, a sole trader based in the United Kingdom.

For the purposes of the UK General Data Protection Regulation (UK GDPR), Quietly Hosted is a data controller in relation to information we collect about our own customers.

Our clients remain the data controllers for their own websites, email accounts, and end users. In those cases, Quietly Hosted acts solely as a hosting provider.

2. What data we collect

We collect only the data necessary to provide and support our Services.

When you become a client:

  • Name and contact details
  • Business name (if applicable)
  • Billing address
  • Domain registration details
  • Payment reference from GoCardless (we do not see bank details)

When you contact us:

  • Information you provide via our contact form
  • Email correspondence

When using hosting or email services:

  • Server logs (e.g. IP addresses, connection attempts)
  • Email metadata (sender, recipient, timestamps)
  • Email content only where accessed with your permission for support purposes

3. How we use your data

  • To set up and manage hosting, domain, and email services
  • To process payments and issue invoices
  • To respond to support requests
  • To maintain infrastructure performance and security
  • To meet legal and accounting obligations

We do not use your data for marketing, profiling, advertising, or automated decision making.

4. Third party providers

We share data only with providers necessary to deliver our Services.

  • Krystal – hosting infrastructure (UK)
  • Cloudflare – DNS, security, performance services
  • GoCardless – Direct Debit processing (UK/EU)
  • HMRC – where required for legal obligations

We do not sell or rent personal data.

5. International transfers

Some services (for example, Cloudflare) may route data outside the UK. Where this occurs, appropriate safeguards are used in accordance with UK GDPR, such as adequacy decisions or standard contractual clauses.

6. Data retention

  • Account and billing records – retained for 6 years
  • Support correspondence – typically up to 2 years
  • Server logs – generally retained for up to 90 days

Where data is deleted, we take reasonable steps to remove it from active systems. Backups may retain copies for a limited period.

7. Your rights

Under UK GDPR, you have the right to:

  • Access personal data we hold about you
  • Request correction of inaccurate information
  • Request erasure where we no longer have a lawful basis
  • Object to or restrict certain processing
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, email: colin@quietlyhosted.com.

8. Cookies and tracking

Quietly Hosted’s website does not use advertising trackers or analytics tools.

Basic server level logs may record technical information necessary for security and performance.

9. Security

  • Encrypted connections (HTTPS, SFTP)
  • Two factor authentication where supported
  • Access controls and activity monitoring

Quietly Hosted manages hosting infrastructure directly. Clients may be provided with access to website or email administration where appropriate, but this is not required.

Access to client systems is performed only where necessary to provide support and only with the client’s authorisation. Quietly Hosted does not routinely retain client passwords.

While reasonable security measures are in place, no system can be guaranteed 100% secure. In the event of a notifiable breach, we will act in accordance with legal requirements.

If anything in this policy is unclear, please get in touch. I’m happy to explain how data is handled in plain English.