Privacy Policy
This policy describes the information CloudForge HQ processes to provide domains, hosting, web design, renewals, billing, and support.
Information we collect
We collect account details, login identifiers, email addresses, registrant contact details, billing references, cart/order history, invoice references, support messages, and technical logs needed to operate the service.
For domain registrations, registrant information may include name, organisation, address, email, phone number, and registry-specific fields required by the TLD.
How we use information
We use information to create accounts, verify email addresses, process payments, register and renew domains, configure DNS, provision hosting/design services, send transactional emails, prevent abuse, and respond to support requests.
We also use operational records to diagnose failures, reconcile Stripe invoices, meet accounting obligations, and maintain security.
Processors and partners
CloudForge HQ may share required information with Stripe for payments and invoices, OpenSRS/Tucows and registries for domain services, DigitalOcean for DNS/hosting operations, and transactional email providers for service emails.
We only send the information needed for the relevant service.
Domain registration data
Domain registrant data can be processed by registrars, registries, escrow providers, dispute providers, and policy bodies. Some information may be published or disclosed where registry, WHOIS/RDAP, legal, or policy rules require it.
Accuracy of registrant data is required for domain ownership and compliance.
Retention
We retain account, order, invoice, email delivery, domain, and support records for as long as needed to provide services, resolve disputes, meet legal/accounting obligations, and protect the platform.
Password reset and verification tokens are time-limited and stored as hashes rather than plaintext tokens.
Your rights
You may request access, correction, deletion, or restriction of personal data where applicable law allows. Some domain, billing, security, and accounting records may need to be retained even after a deletion request.
For privacy requests, contact support through the support page or email the configured privacy/legal contact for the service.
Security
We use HTTPS, signed login tokens, hashed passwords, hashed recovery tokens, Stripe-hosted payment flows, and restricted admin endpoints.
No online service can be perfectly secure. Customers should use strong passwords and keep their email accounts secure.