HostingBox

Privacy Policy

Last updated: March 1, 2026

1. Introduction

Four Capital Ltd ("Company", "we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, share, and protect information about you when you use the HostingBox platform and related services ("Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use our Services.

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide

  • Account Registration: When you create an account, we collect your full name, email address, company name (if applicable), and a password. This information is required to provision and manage your account.
  • Service Configuration: Domain names, DNS records, email forwarding rules, and other hosting configurations that you submit through the platform.
  • Payment Information: Billing name, billing address, and payment method details. Payment card information is processed and stored exclusively by our PCI-compliant third-party payment processors. We do not store complete card numbers on our systems.
  • Communications: Records of your correspondence with us, including support requests, feedback, and any other communications.

2.2 Information Collected Automatically

  • Access Logs: IP addresses, browser type and version, operating system, referring URLs, pages visited, timestamps, and actions performed on our platform.
  • Device Information: Device type, screen resolution, and language preferences used to access our platform.
  • Service Usage Data: Information about how you use the platform, including the number of domains managed, DNS queries, and feature usage patterns. This data is used to improve our Services and is typically analysed in aggregate form.

3. How We Use Your Information

We process your personal information for the following purposes:

  • Service Delivery: To provision, operate, maintain, and improve our hosting, DNS, SSL, and email forwarding services.
  • Account Management: To create, authenticate, and administer your account, including the account approval process.
  • Billing and Payments: To process transactions, send invoices, and manage your subscription.
  • Communication: To respond to your enquiries, provide technical support, send service-related notices (such as maintenance windows or policy updates), and keep you informed about your account status.
  • Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activity, abuse, and security incidents that may affect our platform or our clients.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Service Improvement: To analyse usage patterns, diagnose technical issues, and develop new features and enhancements. Where possible, we use aggregated or anonymised data for this purpose.

4. Legal Basis for Processing

Where applicable data protection laws require a legal basis for processing personal data, we rely on the following:

  • Contractual Necessity: Processing necessary to perform our obligations under the Terms of Service (e.g., account provisioning, DNS management, billing).
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, platform security, and service improvement, provided these interests do not override your fundamental rights.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.
  • Consent: Where we process data based on your consent, you may withdraw that consent at any time by contacting us.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

  • Infrastructure Providers: We use third-party cloud infrastructure, DNS, and content delivery providers to operate our Services. These providers process data on our behalf and are contractually obligated to protect your information.
  • Payment Processors: Billing and payment data is shared with our PCI-compliant payment processors solely for the purpose of transaction processing.
  • Email Forwarding Providers: When email forwarding is configured for your domains, the relevant domain and forwarding rule information is shared with the email forwarding service provider.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, court order, or other governmental or law enforcement request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.

6. Data Security

We implement robust technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data at rest using AES-256 encryption (including API credentials and tokens stored in our database).
  • Encryption of data in transit using TLS 1.2 or higher for all platform communications.
  • Strict access controls with role-based permissions for administrative functions.
  • Password hashing using industry-standard bcrypt algorithms.
  • Regular security assessments and monitoring of our infrastructure.
  • Security headers (HSTS, CSP, X-Frame-Options) enforced on the platform and all hosted domains.

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as your account is active and as needed to provide our Services. Specifically:

  • Account Data: Retained for the duration of your account and for up to 90 days after account termination to allow for data retrieval and to resolve any outstanding matters.
  • Billing Records: Retained for a minimum period as required by applicable tax and financial reporting laws (typically 7 years).
  • Access Logs: Retained for up to 12 months for security analysis and incident investigation purposes.
  • Support Communications: Retained for up to 24 months after resolution to provide continuity of support.

After the applicable retention period, data is securely deleted or anonymised so that it can no longer be associated with you.

8. Your Rights

Depending on your jurisdiction and applicable data protection laws, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction: Request that we restrict processing of your personal data in certain circumstances.
  • Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to certain types of processing, including processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within 30 days. We may ask you to verify your identity before fulfilling your request.

9. Cookies and Tracking Technologies

Our platform uses only essential cookies that are strictly necessary for the operation of the Services. These include:

  • Session Cookies: Used to maintain your authenticated session while using the platform. These expire when you close your browser or after a period of inactivity.
  • CSRF Tokens: Used to protect against cross-site request forgery attacks on form submissions.
  • Preference Cookies: Used to remember your display preferences (such as light or dark mode).

We do not use advertising cookies, analytics tracking pixels, or third-party behavioural tracking technologies on our platform.

10. International Data Transfers

Our Services may involve the transfer of your data to servers and service providers located in countries other than your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, including standard contractual clauses or other approved transfer mechanisms.

11. Children's Privacy

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. We will notify you of material changes by email or through a prominent notice on our platform at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us at:

Four Capital Ltd

Email: [email protected]

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection supervisory authority.