Windows Dedicated Servers

Privacy Policy

Your trust is our priority. We're committed to transparency and protecting your data with enterprise-grade security measures.

Data Collection & Usage

What we collect and how we use it

We collect only essential data to provide and improve our services while maintaining the highest security standards.

Personal Information

Contact details: Name, email, phone number for account management. Account credentials: Securely encrypted and hashed. Payment information: Processed through PCI-compliant providers. Communication data: Support tickets, emails, and chat logs.

Purpose: Service delivery, account management, security

Technical & Usage Data

Device information: Browser type, OS, IP address (anonymized). Usage metrics: Feature usage, performance data, error logs. Cookies: Essential, functional, and analytics cookies.

Purpose: Performance optimization, security monitoring
Advanced Data Collection Details

Our data collection practices are designed to minimize personal data while maximizing service quality:

  • IP addresses are anonymized after 30 days
  • Usage analytics are aggregated and pseudonymized
  • We employ differential privacy techniques where applicable
  • All data collection is documented in our Data Processing Register

Data Protection

Military-grade security measures

We implement multiple layers of security to protect your information at every level.

Encryption & Security

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Zero-trust architecture with strict access controls and microsegmentation
  • Multi-factor authentication required for all administrative access
  • Regular penetration testing by independent security firms
  • Real-time monitoring with SIEM and anomaly detection
Active Protection

Compliance & Certifications

We maintain compliance with global standards and undergo regular audits:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • ISO 27001 & 27018 certified
  • SOC 2 Type II compliant
  • HIPAA compliant for health data
Verified Security
Security Incident Protocol

In the unlikely event of a security incident:

  • Immediate isolation and containment of affected systems
  • Forensic investigation to determine scope and impact
  • Notification to affected users within 72 hours when required
  • Post-incident review and security enhancements

Data Sharing & Third Parties

When and how information is disclosed

We maintain strict controls over data sharing with third parties.

Trusted Service Providers

We share data only with vetted partners under strict contractual obligations:

  • Cloud infrastructure: AWS, Google Cloud, Cloudflare
  • Payment processors: Stripe, PayPal (PCI-DSS compliant)
  • Analytics providers: Google Analytics (with IP anonymization)
  • Support services: Zendesk, Intercom (data processing agreements in place)
All partners undergo rigorous vetting

Legal Requirements

We may disclose information when legally required, but we:

  • Scrutinize all requests for legal validity
  • Challenge overly broad requests
  • Notify users when legally permitted
  • Publish transparency reports about government requests
Legal Compliance
International Data Transfers

When data crosses borders, we ensure adequate protection:

  • EU-US Data Privacy Framework compliance
  • Standard Contractual Clauses for international transfers
  • Data localization options available for enterprise customers

Your Rights & Controls

You're in control of your data

You have comprehensive rights regarding your personal information under privacy laws.

Data Subject Rights

  • Access: Request a copy of your data in machine-readable format
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion under certain conditions (Right to be Forgotten)
  • Restriction: Limit processing of your information
  • Objection: Opt-out of specific data processing activities
  • Portability: Receive your data in a structured format
  • Withdraw Consent: Revoke previously given consent
GDPR Compliance

Privacy Controls

We provide multiple ways to manage your privacy:

  • Account settings dashboard with privacy controls
  • Cookie management preferences
  • Marketing communication opt-outs
  • Automated data export tools
  • Two-step verification for enhanced security
Self-Service Options
How to Exercise Your Rights

To make a privacy request or contact our Data Protection Officer:

  • Email: support@99server.com
  • In-app: Privacy Center in your account settings

We respond to all valid requests within 30 days. Verification is required to process requests.

Data Retention

How long we keep your information

We retain data only as long as necessary for the purposes collected.

Data Type Retention Period Notes
Account data While account is active + 1 year Deleted after 1 year of inactivity
Transaction records 7 years For tax and compliance purposes
Server logs 30 days IPs anonymized after 7 days
Support tickets 3 years from resolution For service improvement
Marketing data Until consent withdrawn or 2 years Based on consent and activity

Deletion Process

When data is deleted:

  • Immediate removal from active systems
  • Scheduled removal from backups within 90 days
  • Secure wiping of storage media before disposal
  • Certificates of destruction for physical media
Permanent Removal

PRIVACY POLICY VERSION 4.1 | LAST UPDATED: August 01, 2025

Windows Dedicated Servers