Company Details
HOSXI Ltd is the data controller responsible for your personal data. As a UK-registered company, we process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Information We Collect
We collect personal information only when necessary to deliver our hosting services, process transactions, and provide support. The categories of data we collect are described below.
Personal Information
- Full name
- Email address
- Phone number
- Billing address
- Company name (where applicable)
- Payment information (processed securely via PCI-compliant third-party processors — we do not store full card details)
Account Information
- Login credentials (passwords are hashed and salted — never stored in plain text)
- Hosting plan details and service configuration
- Domain registration data
- Account preferences and settings
Technical Data
- IP addresses
- Browser type and version
- Device type and operating system
- Usage logs and session data
- Server access and error logs
- Referring URLs and navigation patterns
Support Data
- Support tickets and helpdesk records
- Live chat transcripts
- Email communications with our team
- Details provided when reporting issues
How We Use Your Data
We use the information we collect for the following clearly defined purposes:
- To provision, manage, and maintain your hosting services and account
- To process payments and manage billing records
- To register and manage domain names on your behalf
- To provide customer support and respond to your enquiries
- To monitor and improve the performance and reliability of our infrastructure
- To ensure platform security, detect fraud, and prevent abuse
- To comply with legal and regulatory obligations
- To send service-related communications (e.g. renewal reminders, outage notifications)
- To send marketing communications where you have provided consent (you may unsubscribe at any time)
- To conduct anonymised analytics that helps us improve our services
We will never use your personal data for purposes incompatible with those stated above without first obtaining your explicit consent.
Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal grounds, depending on the nature of the processing:
Contractual Necessity
Processing your data is necessary to fulfil our contract with you — for example, to provision your hosting account, process your payments, and manage your domain registrations.
Legal Compliance
We may process data where we are required to do so under applicable law — for example, retaining financial records to comply with UK tax legislation or responding to lawful requests from regulatory or law enforcement authorities.
Legitimate Interests
We process certain data where it is necessary for our legitimate business interests — such as improving our services, maintaining platform security, preventing fraud, and sending service-critical communications. We ensure these interests are not overridden by your fundamental rights.
Consent
Where we rely on your consent — for example, for marketing emails or optional analytics — we will ask for it explicitly. You have the right to withdraw consent at any time without affecting the lawfulness of prior processing.
Third-Party Services
To deliver our services, HOSXI may share limited personal data with trusted third-party providers. We only share data that is strictly necessary for each third party to perform their specific function.
Payment Processors
Secure processing of card and online payments (e.g. Stripe, PayPal). We do not store full card numbers.
Domain Registries
Registration of domain names requires sharing registrant contact details with ICANN-accredited registries.
Data Centres
Physical and cloud infrastructure providers where your hosting data and server resources reside.
Security Services
DDoS mitigation, threat intelligence, and fraud detection providers that help protect our platform.
Analytics Tools
Anonymised, aggregated usage analytics to help us understand and improve service performance.
Communications
Email delivery providers used to send service notifications, invoices, and support responses.
All third-party partners are required to handle your data in compliance with applicable data protection laws. HOSXI does not sell, rent, or trade your personal data.
International Transfers
HOSXI is a UK-based business; however, some of our infrastructure providers and third-party service partners may process your data in countries outside the United Kingdom or European Economic Area.
Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data, including:
- Transfers to countries that have received UK adequacy decisions under the UK GDPR
- UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) where required
- Binding Corporate Rules (BCRs) where applicable for group entities
- Supplementary technical and organisational measures where additional protection is warranted
If you would like more information about international transfers of your data or to obtain a copy of the relevant safeguards, please contact us at privacy@hosxi.com.
Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected. Our retention periods are as follows:
Active Account Data
Personal and account data is retained for the lifetime of your active account with HOSXI.
Financial & Billing Records
As required under UK tax and financial regulations (HMRC guidance).
Server & Access Logs
Retained for security monitoring, incident investigation, and infrastructure performance analysis.
Support Records
Helpdesk tickets and communications retained for quality assurance and legal protection.
Marketing Consent
Marketing consent records are maintained until you unsubscribe or withdraw consent.
You may request deletion of your personal data at any time. See Your Rights section below for details on how to exercise this right.
Data Security
HOSXI implements robust technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. Our security practices include:
SSL / TLS Encryption
All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols.
Secure Data Centres
Our infrastructure is hosted in ISO 27001-certified data centres with 24/7 physical security and access controls.
Firewall Protection
Enterprise-grade firewalls and intrusion detection systems protect our server infrastructure at all times.
DDoS Mitigation
Advanced DDoS protection systems monitor and mitigate volumetric and application-layer attacks.
Access Controls
Strict role-based access controls ensure only authorised personnel can access customer data, on a need-to-know basis.
Regular Monitoring
Continuous security monitoring, log analysis, and periodic security audits are conducted across our systems.
While we take all reasonable steps to protect your data, no method of transmission over the internet or method of electronic storage is 100% secure. We encourage you to use a strong, unique password for your HOSXI account and to enable two-factor authentication where available.
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain exemptions, but we are committed to honouring them in full wherever applicable.
Right of Access
You have the right to request a copy of the personal data we hold about you (a Subject Access Request). We will respond within 30 days.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it.
Right to Erasure
You have the right to request the deletion of your personal data where there is no compelling reason for us to continue processing it.
Right to Restrict Processing
You have the right to request that we restrict the processing of your data in certain circumstances — for example, while a dispute is being resolved.
Right to Object
You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis.
Right to Data Portability
Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
How to Exercise Your Rights
To exercise any of the rights above, please contact our privacy team at privacy@hosxi.com. We will acknowledge your request within 5 business days and respond in full within 30 days. We may need to verify your identity before processing your request.
HOSXI uses cookies and similar technologies to operate our website, remember your preferences, and understand how visitors use our platform. We use the following categories of cookies:
Required for the website to function correctly. These include session management, authentication, and security cookies. They cannot be disabled.
Help us understand how visitors interact with our website by collecting anonymised, aggregated data. These are only set with your consent.
Used to deliver relevant advertising and track campaign performance, only with your explicit consent. You can opt out at any time.
Children's Privacy
HOSXI's services are not directed at, intended for, or designed to attract individuals under the age of 18 years. We do not knowingly collect personal data from minors.
If you believe that we have inadvertently collected personal data from a minor, please contact us immediately at privacy@hosxi.com and we will take prompt steps to delete such data.
Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices. All updates will be published on this page with a revised Effective Date clearly displayed at the top.
For material changes that significantly affect your rights or the way we process your data, we will notify you directly via email or a prominent notice on our website prior to the change taking effect. We encourage you to review this policy periodically.
Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please do not hesitate to contact our dedicated privacy team:
Postal Address
HOSXI Ltd, 71–75 Shelton Street,
London WC2H 9JQ, UK
Right to Lodge a Complaint
If you are unhappy with how we have handled your personal data and we have been unable to resolve your concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) — the supervisory authority for data protection in the United Kingdom.
Related Pages
This Privacy Policy is provided for informational purposes only and does not constitute legal advice. While we have taken care to ensure accuracy, we recommend consulting a qualified legal professional for advice specific to your circumstances.