Skip to content
ProfutureDomains
Home About Client Area
Log In Start Growing

Privacy Policy

Last updated: February 2026

Who are we?

ProfutureDomains ("we", "us", "our") operates profuturedomains.com and provides web hosting and domain registration services. This Privacy Policy explains, in plain language, how we collect, use, store, and protect your personal data.

This policy applies to everyone who interacts with our services — whether you're an account holder, an authorized team member, or simply visiting our website. We act as a data controller for the information we collect directly from you, and as a data processor for any personal data stored within your hosted services.

Where we act as a data processor, our Data Processing Agreement governs how we handle that data on your behalf.

What information do we collect?

We collect only what's necessary to provide our services well. Here's a breakdown:

Account Data

When you create an account, we collect your name, email address, billing address, and payment information so we can deliver our services and process payments. If you're registering on behalf of a company, we may also collect the company name and phone number.

Technical Data

When you use our platform, we automatically gather technical details like your IP address, browser type and version, operating system, device identifiers, and referring URLs. This helps us keep things running smoothly, diagnose issues, and monitor security.

Usage Data

We track how your server resources are performing — things like CPU, memory, bandwidth, and storage consumption — along with login activity, session durations, and feature usage. This helps us identify areas where we can improve and plan capacity for growth.

Communication Data

Any messages you send us through support tickets, emails, or feedback forms are recorded so we can help you effectively, track issue resolution, and improve our support quality over time.

Why do we collect it?

Simply put, to give you the best possible experience. Specifically, we use your information to:

  • Provide, maintain, and improve our hosting and domain services
  • Process payments and send invoices
  • Communicate with you about your account, support requests, and service updates
  • Monitor security and protect against threats
  • Ensure compliance with our fair usage policies
  • Plan capacity and optimize infrastructure performance
  • Prevent fraud and unauthorized access
  • Meet our legal and regulatory obligations

We never use your personal data for automated decision-making, profiling, or advertising. Your data is never sold to marketers.

What's the legal basis?

Under GDPR, we need a lawful reason to process your data. Here's how ours break down:

  • Contract Performance (Article 6(1)(b)): We need to process your data to deliver the services you've purchased — account setup, server deployment, billing, technical support.
  • Legitimate Interests (Article 6(1)(f)): Things like security monitoring, fraud prevention, and service improvement are essential to running a reliable platform, and we ensure these interests don't override your fundamental rights.
  • Legal Obligation (Article 6(1)(c)): Tax records, financial reporting, regulatory compliance, and responding to lawful requests require us to keep certain data.
  • Consent (Article 6(1)(a)): Where we rely on your consent, you can withdraw it at any time — no hard feelings, and no impact on processing that happened before you withdrew.

Where is your data stored?

Exclusively in European data centers. Your data never leaves Europe. We use enterprise-grade encryption for both stored data (AES-256) and data in transit (TLS 1.3), ensuring your information stays protected at every step.

Our security measures also include:

  • Role-based access controls with mandatory multi-factor authentication
  • Network segmentation and multi-layer firewall protection
  • Automated vulnerability scanning and patch management
  • DDoS mitigation with multi-Tbps capacity
  • Regular third-party security audits and penetration testing
  • 24/7 monitoring and intrusion detection systems
  • Physical security controls at data center facilities

If a data breach ever occurs that poses a risk to your rights, we'll notify you and the relevant supervisory authority within 72 hours, as required by GDPR Article 33. Our incident response procedures are designed for rapid containment and remediation.

How long do we keep it?

We keep your data only as long as we need it:

  • Account data: For as long as your account is active, plus 6 months after closure to handle outstanding matters and disputes.
  • Billing records: 7 years, as required by EU tax regulations.
  • Server logs: 90 days for security monitoring and troubleshooting.
  • Support correspondence: Duration of your active account plus 3 months for quality assurance.

Once the retention period ends, your data is securely and permanently deleted using cryptographic erasure or multi-pass overwriting. You may request earlier deletion at any time, subject to our legal retention obligations.

What are your rights?

Under GDPR, you have strong rights over your data. You can:

  • Access (Art. 15) — Request a copy of the data we have about you and learn how it's being processed.
  • Correction (Art. 16) — Ask us to fix any inaccurate or incomplete information without undue delay.
  • Deletion (Art. 17) — Request that we erase your personal data when it's no longer necessary, subject to legal retention requirements.
  • Export (Art. 20) — Get your data in a portable, machine-readable format (JSON or CSV) and have it transmitted to another controller.
  • Restriction (Art. 18) — Limit how we process your data in certain situations, such as when you contest data accuracy.
  • Objection (Art. 21) — Object to specific types of data processing, including processing based on legitimate interests or direct marketing.
  • Withdraw Consent (Art. 7) — Take back your consent at any time without affecting prior processing.
  • Complaint — Lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, just email us at [email protected]. We'll acknowledge your request within 5 business days and respond within 30 days. If we need more time due to complexity, we'll let you know within that initial period.

Do we use cookies?

Only the essentials. We use a handful of cookies that are strictly necessary for our website and platform to function properly:

  • Authentication cookies — keeping you logged in securely and preventing unauthorized access
  • Session cookies — managing your session, load balancing, and security
  • CSRF tokens — protecting against cross-site request forgery and ensuring form integrity
  • Preference cookies — remembering your language, timezone, and display settings

We don't use tracking cookies, advertising cookies, or any third-party analytics. No pixel trackers, web beacons, or fingerprinting. Your browsing activity is your business, not ours. Essential cookies are set under the legal basis of legitimate interest.

Do we share your data?

Your data is never sold. We work with a small number of trusted service providers:

  • Payment processor: PCI DSS-compliant, receives only the data needed to process your transactions. Card data is never stored on our servers. We only receive transaction confirmations.
  • Email provider: Handles transactional emails only — invoices, service notifications, password resets. No marketing emails through third-party platforms.
  • Domain registrars: For domain registration services, limited to data required for WHOIS and registration compliance as mandated by ICANN.

All providers are bound by GDPR-compliant data processing agreements. We conduct regular compliance reviews. Beyond that, we only share data if required by law — and we'll always inform you if that happens, unless we're legally prevented from doing so.

What about international transfers?

Your data is stored and processed exclusively within the European Economic Area (EEA). We don't transfer your data outside the EEA as part of our standard operations.

In the rare case that a third-party provider processes data outside the EEA, we ensure appropriate safeguards are in place — including EU adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules, or supplementary technical measures. You can request details about these safeguards at any time.

What about children's privacy?

Our services are not designed for individuals under the age of 16. We don't knowingly collect personal data from children. If you're a parent or guardian and believe your child has shared personal information with us, please contact us at [email protected] and we'll delete it promptly.

If we become aware that we've collected data from a child under 16 without parental consent, we'll delete it from our systems within a reasonable timeframe.

Will this policy change?

We may update this policy from time to time. For any material changes that affect how we collect, use, or share your data, we'll notify you via email at least 14 days before the changes take effect. Minor wording adjustments may be made without notification.

The "Last updated" date at the top of this page tells you when the policy was most recently revised. Continued use of our services after changes take effect constitutes your acknowledgment of the revised policy. Previous versions are available upon request.

Questions?

We're here to help. If you have any questions about your privacy, how we handle your data, or want to exercise any of your rights, reach out to us at:

[email protected]

We aim to resolve all privacy-related inquiries promptly and transparently. If you're not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority within the European Economic Area.