Data Policy
Last Updated: June 17, 2024
PerfGrid is committed to providing a secure hosting environment and transparency towards our customers, how we handle data and what data we collect.
All data is by default only accessible by staff at PerfGrid, unless we specify otherwise.
As long as you're a customer of PerfGrid, we log data such as visitor requests to your sites hosted by us, login requests to various systems you access within the PerfGrid environments.
In case you agree to our data policy, the agreement is valid for the period you're a customer of PerfGrid and has existing products with us.
Information such as invoices issued to you as a customer is kept even after terminating the products or ending your time as a customer at PerfGrid. You can, however, change your contact details to something "random" at our Client Area. In case you need a random email added to your account, please let us know by contacting support@perfgrid.com.
Below you will find different sections regarding the various products and tools we use as a company to function; you can click each title to read more:
Shared Hosting
When using our shared web hosting solution, you agree to specific ways we handle data:
Files (web files, emails, cache files)
We store files on web hosting related servers; these files are stored under each hosting account, it is your job as a customer to ensure the security and integrity of these files.
Whenever your hosting account gets created, it contains a default set of files and configurations - these files can be modified by customers and software from our servers.
All files get scanned for virus/malware and copyrighted data based on signatures.
Emails
When receiving emails, the emails will pass through our own Rspamd cluster located on our infrastructure. All communication within the cluster and towards our own servers are fully encrypted, for inbound email we accept both encrypted and unencrypted traffic since not all sending servers support encryption.
When sending emails, the emails get sent via an external SMTP relay called MailChannels - MailChannels is an outgoing spam-filtering solution used to prevent accounts from sending spam.
The MailChannels software stores sender address, the receiver address and the email subject of individual emails.
If you want to prevent transmitting any data via MailChannels, we advise you to use an alternative outgoing mail-server than ours.
Customers can also opt-in for a backup SMTP relay through interserver.net. Just as MailChannels the software stores sender address, the receiver address and the email subject of individual emails. This relay is fully opt-in and NOT enabled by default.
Databases
Databases are protected by username and password and IP restriction by default; it is up to the customer to take the correct measures to ensure the data is secured (encrypt sensible content) and ensure rotation of credentials.
Databases are permanent storage and only gets removed in case the customer do it, the customer gets terminated, or in case the customer gives permission to PerfGrid's support staff to make changes to the databases.
Logs (access logs, audit logs, FTP logs, error logs)
Access logs and error logs are fully available to the users. for audit logs and FTP logs, please contact our support to get access to these.
Access logs get sent to our statistics software which we use for doing capacity planning as well as detecting anomalies in traffic to prevent attacks.
There's no defined rotation policy for access or FTP logs; data gets removed during account termination or cleaned up by staff on a regular interval. Customers can contact PerfGrid's support department to request deletion of the logs.
Backups
Backups are stored on external backup servers managed by PerfGrid; data is backed up over a secure connection and is stored in plain files for the user to restore via our backup software.
Backups include all hosting account data: files (web, email, logs), databases, cronjobs, DNS zones, account statistics.
Backups do get rotated out automatically after termination of your account within one month or less.
Statistics
Hosting accounts get some metrics done:
Awstats/Webalizer/bandwidth data gets aggregated from the access logs; these statistics are available under the hosting account in the "tmp" folder in their home directory - the user can delete these at any time. The data also gets removed during account termination.
Access logs get sent via Filebeat or vector.dev over a secure connection to ClickHouse, ClickHouse is used to perform capacity planning of our platform and to detect attacks on our platform and individual customer's sites. Customers can request deletion of data from our ClickHouse cluster - by default; we also delete data after 45 days.
Our ClickHouse cluster can only be accessed from trusted networks by PerfGrid staff.
PerfGrid also collects metrics regarding the total amount of requests and traffic done - these numbers are split up per day, per server, there's no relation to customers or domains in any way in these statistics - these statistics get used in our yearly reports and for capacity planning.
Temporary URLs (Grid Hosting / hosting-panel.net only)
For temporary URLs for Grid Hosting / hosting-panel.net, we utilize a system developed by SkylonHost called https://site.slowtest.net. The system works by proxying traffic via temporary URLs, which rewrites the content of HTML, CSS and Javascript files to match the temporary domain, similar to how many Content Delivery Networks (CDNs) might process optimizations. No data is collected as a part of this process.
The URLs are only generated when requested, and no traffic will pass through these URLs unless the user explicitly does it themselves.
General
The customer should use secure passwords for all services (control panel, FTP, email accounts, databases) and rotate them frequently.
Content Delivery Network - CDN
PerfGrid runs a Content Delivery network with servers located all over the world.
All web content on servers are cached based on the customers defined "Cache-Control" when the cache time is up; the data gets automatically deleted within 10 seconds after it expired.
Access logs for the CDN get processed by our ElasticSearch cluster to aggregate statistics for each domain running on our CDN. Deletion of statistical data can happen by contacting our support at support@perfgrid.com.
Support
In case you use our support, you at the same time have to agree our support department accessing the required information about your account to resolve the issue.
We might require access to files (web files, emails, cache files), databases, logs, backups, statistics and/or IP information about logged in accounts.
In case you do not allow us to access any of the data, be aware that resolution of your problem might get prolonged or not possible to resolve.
When you create a support ticket, ticket information gets stored in our support software (billing.perfgrid.com and Zendesk) indefinitely and temporary for less than 24 hours on our Hosted Exchange (Office365) email.
Any emails coming from our support system gets sent via Amazon SES, PostmarkApp, MailChannels or Zendesk via secure connections.
Requesting deletion of data from our ticketing system requires you to contact support@perfgrid.com.
Domains
When registering domains, information such as full name, company name if applicable, phone number, address, the email address gets transmitted to the domain registry (Enom, OpenProvider or Hexonet). If you do not like any information getting transmitted to any of the registrars we use - then just do not register a domain.
The registrars submit the information to public whois databases accordingly to each registry (owner of the gTLD or ccTLD).
Billing/Client/Support area
Maxmind fraud lookups
When you place an order on our website, your data will get sent to MaxMind Fraud service.
The following information will get transmitted to MaxMind:
- IP address
- Full address
- Phone number
- Email address
- Browser User-Agent
The data gets transmitted to MaxMind to perform fraud lookups - this prevents abuse of credit cards.
MaxMind will store this information in a non-identifying or de-identified version, and they also use the IP addresses to make a database to plot IP addresses to a "likely location" where an IP address may be used. The precision of this database is at postal code level of resolution.
The IP addresses are also aggregated into larger subnets, meaning that they cannot be used to identify a single customer.
Account data
When you register on our billing/client software billing.perfgrid.com, we store data such as contact information (full name, full address, phone number, IP address, VAT number) according to European and Dutch law.
Emails
We use Amazon SES, Postmarkapp and/or Mailchannels to send emails to you as a customer; emails are transmitted using a secure connection.
SMS
We use Txty to send SMS's to customers; we use SMS to reach customers in some instances where we require immediate action or as a last resort. SMS also gets used for 2FA for our different services.
Payments
When you pay on our website, you will be given multiple options to pay your invoices:
Credit Card
By using Credit Card payments, your details will be encrypted on your computer and sent to our payment gateway OnPay and Clearhaus.
The details you transmit towards OnPay + Clearhaus during payment may include:
- Company
- Full name
- Full address and country
- Email address
- Phone number
- IP address
- Credit card details
We do not store any full credit card details within our billing software; we will, however, store your expiry date, card type as well as the last four digits of your card number.
Bank Transfer
If you select Bank Transfer, then transactions and any data you supply in these transactions will be handled either by Sparekassen Danmark, Revolut or ABN AMRO BANK N.V.
iDEAL
iDEAL transactions gets handled by Mollie. Mollie will receive your personal information from your bank.
Where we store our data
We use multiple suppliers to deliver our infrastructure, we make sure that all partners are GDPR compliant in case we'll store information on the server or service that requires GDPR-compliance.
Our CDN servers are spread across multiple providers in multiple continents. Normal access logs are gathered on these servers, and doesn't contain any personal information.
The remaining services we offer such as webhosting, email spam filtering, backup, support, billing and statistics are stored on either physical or virtual servers managed by us, and/or hosted with partners that are GDPR-compliant.
Analytics and statistics software
We use analytics across sites owned by "PerfGrid" or "Lucas Rolff". The below software is configured with the highest privacy settings possible.
Sentry (self-hosted)
We use Sentry to watch for javascript errors - this allows us to spot issues in code and resolve it for a better (bug-free) experience.
Matomo (self-hosted)
we do host our own Matomo instance for statistics.