Privacy Notice

Last updated: 13 May 2026

1. Who we are

This notice is issued by Timotej Planinc, trading as CelerHost ("we", "us"), the seller and operator of the CelerHost VPS hosting service. We are the data controller for the personal data described below.

2. What we collect and why

Category	Examples	Purpose	Legal basis
Account data	Email, name, hashed password, OAuth identifier	Create and operate your account, authenticate you	Contract
Order & subscription data	Plan, region, hostname, period, order status	Provision and bill your VPS	Contract
Service telemetry	VPS instance ID, IP address, uptime/health	Operate, monitor, and secure the Service	Legitimate interests (running a reliable service)
Support communications	Emails and messages you send us	Respond to your enquiries	Legitimate interests / contract
Security & fraud signals	IP, user-agent, device fingerprints, payment risk flags from Paddle	Prevent fraud, abuse, and chargebacks	Legitimate interests / legal obligation
Cookies (essential only)	Auth session, CSRF token	Keep you logged in and the site working	Strictly necessary

Payment-card and tax-residency data are collected directly by our Merchant of Record, Paddle, and by NOWPayments for cryptocurrency. We do not receive or store full card numbers.

3. Who we share data with

Paddle.com Market Limited — Merchant of Record for card and wallet payments; handles checkout, tax, invoicing, refunds, and chargebacks.
NOWPayments — cryptocurrency payment processor.
Contabo GmbH — upstream infrastructure provider that hosts your VPS.
Hosting & platform subprocessors — Supabase (database & auth) and Lovable (application hosting).
Email & support tooling — providers used to send transactional email and handle support tickets.
Professional advisers (legal, accounting) and authoritieswhere we are legally required.

4. International transfers

Some recipients listed above are located outside the EEA/UK. Where data is transferred internationally we rely on adequacy decisions or the EU Standard Contractual Clauses (and the UK Addendum where relevant) to safeguard it.

5. How long we keep data

Account and order records are retained for as long as your account is active and for up to 7 years afterwards to meet tax and accounting obligations. Service telemetry and security logs are retained for up to 12 months. Backups follow a 30-day rolling window. We delete or anonymise data when it is no longer needed.

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal data, to object to processing, and to withdraw consent. EEA/UK residents may also lodge a complaint with their local supervisory authority. We aim to respond to requests within one month.

To exercise any right, email privacy@celerhost.com.

7. Security

We use appropriate technical and organisational measures — encryption in transit, hashed credentials, scoped access controls, and audit logging — to protect personal data. No system is perfectly secure, and we cannot guarantee absolute security.

8. Cookies

We use only strictly-necessary cookies (authentication session, CSRF protection). We do not run analytics or marketing cookies. If that changes we will update this notice and ask for your consent where required.

9. Changes

We will post any updates here and, for material changes, notify you by email. Please check back from time to time.

10. Contact

Privacy questions: privacy@celerhost.com. General support: support@celerhost.com.