Effective date: July 12, 2026
Paul Kruger provides server hosting and related services. Our servers are located in Canada.
This statement explains how we handle personal information in connection with:
Our own websites, support, billing, and hosting services; and
Websites and applications hosted on our servers.
It does not cover the independent privacy practices of our customers who operate their own websites or applications on our infrastructure. Those customers are responsible for their own privacy policies and compliance with applicable laws with respect to their own end user’s data.
3. Information we collect and hold
We collect and process personal information that you provide to us directly or that is generated through your use of our services, including:
Account and contact information (name, email, phone, billing details);
Technical and usage data (IP addresses, logs, device information, support tickets);
Content and data that you explicitly ask us to store or manage on your behalf (for example, backups we manage, databases we administer, or sites we maintain for you).
We do not routinely access or control the content of websites, databases, or applications that our customers operate and manage themselves on our leased servers. That data is under the control of the respective customer, not us.
4. How we use your information
We use the personal information we hold to:
Provide, maintain, and improve our hosting services;
Communicate with you about your account, support requests, and service updates;
Process payments and manage billing;
Monitor and protect our infrastructure against abuse, fraud, and security threats;
Comply with applicable laws and legal processes.
For data that customers manage themselves on our servers, our role is limited to providing infrastructure and, where agreed, basic system‑level monitoring and security. We do not use, view, or process that customer‑managed content except as required to operate, secure, or maintain the infrastructure, or as required by law.
5. Roles under data protection laws
For our own business data (e.g., customer account, billing, support, our website analytics), we act as a data controller (or equivalent role under local law).
For data that our customers control and manage on their hosted sites and applications, we generally act as a service provider / data processor (or equivalent), processing that data only on their instructions and for the purposes of providing hosting and related services.
End users of our customers' websites should refer to those customers' privacy policies for details on how their data is handled.
6. International scope and applicable laws
We serve customers in multiple countries, including the United States, Argentina, Kenya, Nigeria, and others. We aim to comply with the core principles of major data protection regimes that may apply, including:
U.S. state privacy laws (e.g., laws in Florida, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive consumer privacy statutes, as applicable to the data we control);
Where these laws impose specific obligations on us as a service provider or controller, we implement policies and contractual measures intended to meet those requirements.
7. Data location and cross‑border transfers
Our servers are located in Canada. We may use third‑party infrastructure providers and subcontractors in other jurisdictions to deliver our services. Where personal information is transferred across borders, we take steps to ensure appropriate safeguards are in place in accordance with applicable law, including contractual clauses and security measures.
We do not sell personal information. We may share personal information with:
Our infrastructure and data center providers (including the operator of the Canadian data center where our servers reside);
Payment processors, fraud‑prevention, and billing services;
Professional advisors (legal, accounting, security) as needed;
Public authorities when we believe in good faith that we are legally required to do so (e.g., in response to a valid court order, warrant, or other lawful request).
Where we engage third parties to process personal information on our behalf, we require them to protect that information and use it only for the purposes we specify.
For websites, applications, and databases that our customers operate and manage themselves on our leased servers:
Those customers are the controllers (or equivalent) of the personal information processed through those sites and apps;
Their own privacy policies and practices govern how they collect, use, and disclose end‑user data;
As the infrastructure provider, we have the technical ability to access server storage and systems, but we do not view, use, or interact with our customers' data unless:
The customer explicitly requests our assistance (e.g., support, troubleshooting, migration, backups);
It is necessary to operate, secure, or maintain the infrastructure (for example, addressing abuse, security incidents, or outages); or
We are required to do so by law or a valid legal process.
End users of those customer‑operated sites should refer to the relevant customer's privacy policy for information about how their data is handled.
We implement technical and organizational measures to protect personal information against unauthorized access, loss, misuse, or disclosure, including access controls, encryption in transit, monitoring of our infrastructure, and regular security reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
We retain personal information we hold for as long as necessary to:
Provide our services;
Comply with legal obligations (including tax, accounting, and data protection laws);
Resolve disputes and enforce our agreements.
Customer‑managed data on our servers is retained according to the customer's instructions and our service agreement.
Depending on your location and applicable law, you may have rights regarding your personal information, such as the right to:
Access your data;
Request correction or deletion;
Object to or restrict certain processing;
Receive a copy of your data in a structured, commonly used format;
Lodge a complaint with a data protection authority.
To exercise these rights with respect to the data we control, contact us at [email]. For data controlled by our customers (e.g., end users of their websites), please contact the relevant customer directly.
Where specific laws apply:
United
States (including Florida, and other states):
For
U.S. state privacy laws, we provide the notices and rights described
above as applicable to the personal information we control. We do
not sell personal information as defined under these laws. Where a
state law requires specific notices (e.g., categories of data
collected, purposes, retention), this policy and our service
documentation together serve that purpose. We
do not collect payment data in the form of credit or debit cards or
bank account information, instead we use third party payment
processors.
We may update this privacy statement from time to time. We will post the updated version on our website and indicate the effective date.
If
you have questions about this privacy statement or our data
practices, contact us at:
office@stuffdone.com
or visit our web site at https://stuffdone.com/privacy
Paul Kruger AKA StuffDone.com Privacy notice 2026