Skip to content
Updedicated
Configure Server
Home About Build Your Server
Sign In Configure Server

Privacy Policy

Last updated: March 2026

1. Introduction

Updedicated ("we", "us", "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, store, and protect your information when you use our dedicated server hosting services and visit our website at updedicated.com.

This policy applies to all individuals who interact with our services, including account holders, authorized users, website visitors, and anyone who contacts us for information about our services.

We act as a data controller for the personal data we collect directly from you (such as account and billing information), and as a data processor for any personal data stored on our dedicated server infrastructure as part of your hosted services. Where we act as a data processor, the terms of our Data Processing Agreement govern how we handle that data on your behalf.

2. Information We Collect

We collect the following categories of information to operate and improve our services:

Account Data

Name, email address, billing address, company name (if applicable), phone number (if provided), and payment information necessary for service delivery and invoicing. This data is collected directly from you during registration, account management, and billing interactions.

Technical Data

IP addresses, browser type and version, operating system, device identifiers, screen resolution, referring URLs, and connection metadata collected automatically when you access our services. This includes server access logs and API request metadata used for diagnostics and security monitoring.

Usage Data

Service usage patterns, resource consumption metrics (CPU, memory, bandwidth, storage), support ticket interactions, login timestamps, session durations, and feature utilization data. This information is used to maintain, monitor, and improve our platform, as well as for capacity planning and performance optimization.

Communication Data

Records of correspondence between you and our team, including support tickets, emails, and any feedback you provide. This helps us improve our support quality, track the resolution of issues, and maintain a record of service-related communications for quality assurance.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Delivering, maintaining, and improving our dedicated server hosting services
  • Processing billing, payments, and generating invoices
  • Providing technical support and responding to inquiries
  • Monitoring infrastructure security and detecting threats
  • Ensuring compliance with our Terms of Service and Acceptable Use Policy
  • Communicating service updates, maintenance schedules, and important notices
  • Improving our platform based on aggregated usage patterns
  • Performing capacity planning and resource allocation
  • Preventing fraud, abuse, and unauthorized access to our systems
  • Meeting legal and regulatory obligations

We do not use your personal data for automated decision-making or profiling that produces legal effects. We do not use your data for targeted advertising or sell it to marketers.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing necessary to deliver the dedicated server services you have purchased, including server provisioning, hardware deployment, billing, and technical support.
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as infrastructure security monitoring, fraud prevention, service improvement, and capacity planning, provided these interests are not overridden by your fundamental rights and freedoms.
  • Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable laws and regulations, including tax record-keeping, financial reporting, and responding to lawful requests from public authorities.
  • Consent (Article 6(1)(a)): Where we rely on your consent for specific processing activities, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Data Storage & Security

All personal data and customer data is stored exclusively on dedicated servers within European data centers that meet or exceed Tier IV standards. Our data centers are equipped with redundant power supplies, environmental controls, and physical access restrictions.

We implement robust security measures including:

  • AES-256 encryption for data at rest across all storage systems
  • TLS 1.3 encryption for all data in transit
  • Role-based access controls with mandatory multi-factor authentication for all administrative access
  • Regular third-party security audits and penetration testing
  • 24/7 infrastructure monitoring and intrusion detection systems
  • Network segmentation and firewall protection at every layer
  • Automated vulnerability scanning and patch management
  • DDoS mitigation with multi-Tbps capacity
  • Physical security controls including biometric access and CCTV surveillance at data center facilities

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Our incident response team follows documented procedures to contain, investigate, and remediate security incidents.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Our retention schedule is as follows:

  • Account data: Retained for the duration of your active account plus 12 months following account closure to handle any outstanding matters, disputes, or legal claims.
  • Billing records: Retained for 7 years as required by applicable tax and financial regulations within the European Union.
  • Server and access logs: Retained for 90 days for security monitoring, troubleshooting, and abuse prevention.
  • Support correspondence: Retained for the duration of your active account plus 6 months to ensure continuity of service and quality assurance.
  • Marketing consent records: Retained for as long as the consent remains valid, plus 3 years thereafter as evidence of consent.

Upon expiration of the retention period, data is securely deleted using industry-standard data destruction methods, including cryptographic erasure for encrypted data and multi-pass overwriting for unencrypted data. You may request earlier deletion of your personal data at any time, subject to our legal retention obligations.

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request a copy of the personal data we hold about you, along with information about how it is processed and the purposes of processing.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data without undue delay.
  • Right to Erasure (Article 17): Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to legal retention requirements.
  • Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format (JSON or CSV) and have it transmitted to another controller where technically feasible.
  • Right to Restriction (Article 18): Request restriction of processing under certain circumstances, such as when you contest the accuracy of your data or the processing is unlawful.
  • Right to Object (Article 21): Object to processing of your data based on legitimate interests or for direct marketing purposes. Where you object, we will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to Withdraw Consent (Article 7): Where processing is based on consent, withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdrew.
  • Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will acknowledge your request within 5 business days and respond to all valid requests within 30 days. If we require additional time due to the complexity or volume of requests, we will notify you within the initial 30-day period and may extend by a further 60 days.

8. Cookies & Tracking

We use only essential cookies that are strictly necessary for the operation of our website and services. These include:

  • Authentication cookies: To maintain your login session securely across page requests and prevent unauthorized access to your account.
  • Session management cookies: For security and platform functionality, including load balancing across our infrastructure.
  • CSRF protection tokens: To prevent cross-site request forgery attacks and ensure the integrity of form submissions.
  • Preference cookies: To remember your language, timezone, and display settings for a consistent experience across sessions.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. No personal data is shared with third parties through cookie mechanisms. We do not use pixel trackers, web beacons, or fingerprinting technologies.

Essential cookies are set under the legal basis of legitimate interest, as they are required for the basic functionality of our services. They cannot be disabled without impairing the usability of the platform.

9. Third-Party Services

We engage a limited number of trusted third-party service providers to support our operations. Each provider is carefully vetted and bound by contractual obligations:

  • Payment processors: To securely process billing transactions. Payment card data is handled exclusively by PCI DSS-compliant processors and is never stored on our servers. We only receive confirmation of successful or failed transactions.
  • Email service providers: For transactional communications such as invoices, service notifications, and password resets. We do not send marketing emails through third-party platforms.
  • Domain registrars: For domain registration services where applicable, limited to the data necessary for WHOIS and registration requirements as mandated by ICANN.

All third-party providers are bound by data processing agreements (DPAs) that require them to process your data only on our instructions and in compliance with GDPR. We conduct regular reviews of our providers' compliance and security practices.

We do not sell, rent, or trade your personal data to any third parties. Data shared with service providers is limited to the minimum necessary for them to perform their contracted functions.

10. International Data Transfers

Your personal data is stored and processed exclusively within the European Economic Area (EEA). We do not transfer your personal data to countries outside the EEA as part of our standard operations.

In the limited circumstances where a third-party service provider may process data outside the EEA (for example, a payment processor with global operations), we ensure that appropriate safeguards are in place, including:

  • European Commission adequacy decisions for the recipient country
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Supplementary technical and organizational measures as recommended by the EDPB

You may request a copy of the safeguards in place for any international data transfer by contacting us at [email protected].

11. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at [email protected] and we will take steps to delete that information promptly.

If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will delete that data from our systems within a reasonable timeframe and notify you of the actions taken.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance. For material changes that affect how we handle your personal data, we will provide notice via email to the address associated with your account at least 14 days before the changes take effect.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of our services after changes take effect constitutes your acknowledgment of the revised policy. Previous versions of this policy are available upon request.

13. Contact & Data Protection

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is being processed, please contact our privacy team at:

[email protected]

We aim to resolve all privacy-related inquiries promptly and transparently. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority within the European Economic Area.