Privacy Policy

Our Commitment: HostiMatic does not sell your personal data. We do not use your data for advertising profiling. We collect only what is necessary to deliver and improve our services.

1.1 Who We Are

HostiMatic ("we", "us", "our") is a web hosting company registered and operating in Bangladesh, providing shared hosting, VPS servers, dedicated servers, business email, and BDIX hosting services through hostimatic.com and associated subdomains. We act as the Data Controller for personal data collected through our website and services.

1.2 Scope of This Policy

This Privacy Policy explains how HostiMatic collects, uses, stores, shares, and protects personal information when you:

Visit our website at hostimatic.com or any of our subdomains.
Register for and use any HostiMatic product or service.
Contact our support team via ticket, chat, email, or phone.
Subscribe to marketing communications or participate in promotions.
Interact with our client area, billing system, or control panel.

1.3 Acceptance

By using HostiMatic's website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services and contact us to close your account.

Category	Examples	Purpose
Identity Data	Full name, username, date of birth (if provided)	Account creation, identity verification
Contact Data	Email address, phone number, mailing address	Service delivery, billing, support communications
Billing & Payment Data	Invoice records, payment method type, transaction IDs	Processing payments, fraud prevention
Technical Data	IP address, browser type, device type, OS, referral URL	Security, abuse prevention, service optimization
Account & Service Data	Hosting plan, domain names, cPanel username, usage statistics	Providing and managing your services
Communication Data	Support ticket content, live chat logs, email exchanges	Customer support, dispute resolution
Usage Data	Pages visited, features used, session duration, click patterns	Improving website and service quality
Marketing Preferences	Newsletter subscription status, communication opt-in/out choices	Sending relevant communications with your consent

2.1 Data We Do NOT Collect

Full payment card numbers — Card payments are processed by our payment partners. We only receive masked card details and transaction confirmations.
Your website visitors' data — We do not collect, access, or process data belonging to your website's end users unless it is incidentally present in support interactions.
Sensitive personal data — We do not intentionally collect race, ethnicity, religion, health information, biometric data, or political opinions.

2.2 Customer Content

Files, databases, emails, and any other data you upload to HostiMatic servers ("Customer Content") are your property. HostiMatic does not inspect, process, or use Customer Content for any purpose other than delivering the services you have subscribed to. Access to Customer Content is strictly limited to authorized technical staff and only when necessary to resolve a reported issue or comply with a legal obligation.

3.1 Directly From You

We collect data you voluntarily provide when you:

Register for an account or complete an order form.
Submit a support ticket, live chat message, or email to our team.
Update your account profile or billing information in the client area.
Subscribe to our newsletter or respond to a survey or promotion.
Report a problem or request a service change.

3.2 Automatically via Technology

When you visit our website or use our services, we automatically collect certain technical data through:

Server access logs — IP address, request timestamps, pages visited, HTTP status codes.
Cookies and similar technologies — Session management, preference storage, and analytics. See Section 9 for full details.
Control panel activity — Login timestamps, IP addresses, and actions performed within cPanel or the client area for security auditing.
Email tracking — Open and click tracking on transactional and marketing emails (you may opt out of marketing tracking at any time).

3.3 From Third Parties

Payment processors (bKash, Nagad, card gateways) — We receive payment confirmation data and masked financial identifiers to reconcile transactions.
Identity verification services — For high-risk account reviews or legal compliance, we may verify identity information via third-party services.
Analytics partners — Aggregated, anonymized visitor statistics from services such as Google Analytics (configured with IP anonymization).
Fraud detection services — Risk scores and signals associated with registration attempts or payment transactions.

4.1 Service Delivery & Account Management

Creating and managing your HostiMatic account and service subscriptions.
Provisioning, configuring, and maintaining your hosting services.
Processing payments, generating invoices, and managing billing history.
Sending service notifications including activation confirmations, renewal reminders, and maintenance alerts.
Providing technical support and responding to your enquiries.

4.2 Security & Abuse Prevention

Detecting and preventing unauthorized account access, fraudulent activity, and payment fraud.
Monitoring server infrastructure for abuse, DDoS activity, malware distribution, and AUP violations.
Maintaining audit logs of account and administrative activity for security incident investigation.
Verifying your identity when you contact support for sensitive account changes.

4.3 Legal & Regulatory Compliance

Complying with applicable laws of Bangladesh including the Digital Security Act, ICT Act, and tax regulations.
Responding to valid legal requests, court orders, or regulatory enquiries from government authorities.
Enforcing our Terms and Conditions and Acceptable Use Policy.
Retaining transaction records as required by financial and tax regulations.

4.4 Service Improvement

Analyzing aggregated, anonymized usage patterns to improve website performance and user experience.
Understanding which services and features customers use most to inform product development.
Conducting customer satisfaction surveys (participation is always voluntary).

4.5 Marketing Communications

Sending promotional offers, product announcements, and newsletters — only where you have given your consent or where we have a legitimate interest as an existing customer.
You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by updating your preferences in the client area.
Opting out of marketing will never affect your receipt of transactional service communications.

HostiMatic processes your personal data on the following legal bases:

Legal Basis	When We Rely On It
Contract Performance	Processing necessary to fulfil the service agreement between you and HostiMatic — account setup, billing, service delivery, and support.
Legitimate Interests	Security monitoring, fraud prevention, service improvement, and direct marketing to existing customers — balanced against your rights and interests.
Legal Obligation	Compliance with applicable Bangladeshi law, tax regulations, court orders, and government authority requests.
Consent	Sending marketing communications to new prospects; placing non-essential cookies; any processing you have specifically opted into.

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawal of consent will not affect your contracted services.

We do not sell your personal data. HostiMatic does not rent, trade, or sell your personal information to any third party for commercial purposes.

6.1 Service Providers (Data Processors)

We share limited personal data with trusted third-party companies who help us operate our business. These providers are contractually bound to use your data only for the specific purposes we instruct and to maintain appropriate security standards.

Payment processors — bKash, Nagad, and card payment gateways process payment transactions on our behalf.
Data centre operators — Our hosting infrastructure partners who provide physical server colocation and network connectivity in Bangladesh.
Email delivery services — Transactional and marketing email delivery platforms.
Analytics providers — Web analytics services used with anonymization enabled.
Fraud prevention tools — Services that help detect and prevent fraudulent registrations and transactions.
Customer support software — Ticketing and live chat platforms used to manage support interactions.

6.2 Legal Authorities

We may disclose your personal data to government authorities, law enforcement agencies, or regulatory bodies when required to do so by:

A valid court order, subpoena, or legal process.
A directive from BTRC, RAB, or another Bangladeshi government authority.
Any applicable national security or law enforcement obligation.

Where legally permitted, we will notify you of such a request before complying. We will not voluntarily disclose customer data to any authority without a valid legal basis.

6.3 Business Transfers

In the event of a merger, acquisition, corporate restructuring, or sale of all or part of HostiMatic's business, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data becomes subject to a different privacy policy.

6.4 With Your Consent

In situations not described above, we will only share your personal data with third parties where you have given us your explicit consent to do so.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, and to resolve any disputes.

Data Type	Retention Period	Reason
Account & Identity Data	Duration of account + 3 years after closure	Legal disputes, regulatory compliance
Billing & Transaction Records	7 years from transaction date	Tax law and financial regulation compliance
Support Ticket Correspondence	3 years from ticket closure	Quality assurance and dispute resolution
Server Access & Security Logs	90 days	Security incident investigation
Marketing Consent Records	Until withdrawal of consent + 1 year	Proof of lawful marketing
Website Analytics	26 months (aggregated)	Trend analysis and service improvement
Customer Content (post-termination)	7 days after account termination	Brief recovery window, then securely deleted

7.1 Secure Deletion

When personal data reaches the end of its retention period, it is securely deleted or anonymized so that it can no longer be associated with any individual. For data stored on physical servers, deletion follows the DoD 5220.22-M standard or equivalent secure overwrite procedure.

Depending on applicable law, you may have some or all of the following rights with respect to your personal data:

👁️

Right of Access

Request a copy of the personal data we hold about you and information about how we use it.

✏️

Right of Rectification

Request correction of any inaccurate or incomplete personal data we hold about you.

🗑️

Right of Erasure

Request deletion of your personal data where there is no compelling reason for us to continue processing it.

⏸️

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances, such as while a dispute is being resolved.

📦

Right to Data Portability

Receive your personal data in a structured, machine-readable format and transfer it to another service provider.

🚫

Right to Object

Object to processing based on legitimate interests, including direct marketing and profiling for marketing purposes.

↩️

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

🤖

Right Against Automated Decisions

Not be subject to decisions made solely by automated processing that significantly affect you, without human review.

8.1 How to Exercise Your Rights

To exercise any of these rights, submit a request to [email protected] from your registered email address, clearly stating the right you wish to exercise and providing sufficient detail for us to identify your account. We will respond within 30 days. For complex requests, we may extend this by a further 60 days with prior notification.

8.2 Identity Verification

To protect your data from unauthorized disclosure, we will verify your identity before processing any privacy rights request. This may involve confirming account details or asking you to authenticate via your registered email address.

8.3 Limitations

Some rights are subject to legal limitations. For example, the right to erasure does not apply where we are required to retain data for legal compliance (such as billing records required by tax law). Where we are unable to fulfil a request, we will explain the reason in writing.

9.1 What Are Cookies?

Cookies are small text files placed on your device by a website. They allow the website to remember your actions and preferences over time. HostiMatic uses cookies and similar technologies on our website and client area.

9.2 Types of Cookies We Use

Cookie Type	Purpose	Can Be Disabled?
Strictly Necessary	Session management, login state, CSRF protection, load balancing. Required for the website and client area to function correctly.	No — essential to operation
Functional / Preference	Remembering your language, currency preference (BDT/USD), and display settings between sessions.	Yes — disabling may affect experience
Analytics	Anonymized visitor statistics to understand how pages are used and improve website performance. Powered by Google Analytics with IP anonymization.	Yes — opt out via cookie settings
Marketing / Tracking	Recording whether you arrived via a referral link or campaign, used to assess marketing effectiveness. No cross-site behavioral tracking.	Yes — opt out via cookie settings

9.3 Managing Your Cookie Preferences

You can adjust or withdraw cookie consent at any time via the cookie preferences panel accessible from the footer of our website.
Most browsers allow you to refuse or delete cookies via your browser settings. Note that disabling strictly necessary cookies will prevent login and client area access.
You can opt out of Google Analytics tracking across all websites at tools.google.com/dlpage/gaoptout.

9.4 Do Not Track

HostiMatic respects browser "Do Not Track" (DNT) signals. When a DNT signal is detected, we disable analytics and marketing cookies for that session. Strictly necessary and functional cookies are unaffected.

HostiMatic implements appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, loss, destruction, or alteration. Our security practices include:

10.1 Technical Measures

Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
Encryption at rest — Sensitive account data and credentials are stored using industry-standard hashing and encryption algorithms.
Access controls — Strict role-based access control (RBAC) limits which staff members can access customer data, and only on a need-to-know basis.
Two-factor authentication — 2FA is available and recommended for all HostiMatic client area accounts.
Firewalls & intrusion detection — Network-level and host-based security monitoring systems operate continuously across our infrastructure.
DDoS protection — Enterprise-grade DDoS mitigation protects our network and customer services.

10.2 Organizational Measures

Staff with access to customer data receive regular data protection training.
Third-party service providers are vetted for security compliance before being engaged.
Internal data access is logged and audited on a regular basis.
We maintain an incident response plan for data security events.

10.3 Data Breach Notification

In the event of a personal data breach that is likely to affect your rights or interests, HostiMatic will notify you without undue delay and in any event within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, the categories of data affected, the likely consequences, and the measures we have taken or intend to take to address it.

Your Responsibility: Security is a shared responsibility. You are responsible for keeping your client area password and any account credentials secure, using strong unique passwords, enabling two-factor authentication, and promptly reporting any suspected unauthorized account access to [email protected].

HostiMatic's services are intended for adults aged 18 and over. We do not knowingly collect or process personal data from individuals under the age of 18.

If you are a parent or guardian and believe that a minor has provided us with personal data without your consent, please contact us immediately at [email protected]. We will promptly investigate and, where confirmed, delete the personal data of any minor from our systems.

By creating an account or using our services, you represent and warrant that you are at least 18 years of age. Accounts found to belong to minors will be suspended and the account holder will be notified to involve a parent or legal guardian.

Our website and client area may contain links to third-party websites, payment portals, knowledge base articles referencing external tools, or integrations with third-party platforms. These third-party services operate under their own privacy policies, which HostiMatic does not control.

Clicking a third-party link will direct you away from our site. We encourage you to review the privacy policy of every third-party website you visit.
HostiMatic bears no responsibility for the content, privacy practices, or security of any third-party website or service.
Integrations you enable within your hosting account (e.g., third-party WordPress plugins, external API connections) are your responsibility and are subject to the respective third party's terms and privacy practices.

HostiMatic reviews this Privacy Policy at least annually and may update it to reflect changes in our data processing practices, applicable law, or regulatory requirements.

13.1 How We Notify You

Minor changes (e.g., clarifications, updated contact details) — Updated on this page with a revised "Last Updated" date. No direct notification will be sent.
Material changes (e.g., new data uses, changed retention periods, new sharing arrangements) — We will notify you via email to your registered address at least 14 days before the changes take effect.
In cases of significant changes, we may also display a prominent notice on our website homepage and client area login page.

13.2 Your Continued Use

Your continued use of HostiMatic services after the effective date of any updated Privacy Policy constitutes your acknowledgment of the updated terms. If you do not agree with the updated policy, you may request account closure by contacting [email protected] before the effective date. We will process all outstanding data rights requests before closing your account.

If you have any questions about this Privacy Policy, want to exercise your data rights, or wish to raise a privacy concern, please contact us through any of the following channels:

Privacy Requests

General Support

Legal / DMCA

Website

Location

Dhaka, Bangladesh

Response Time

Within 30 days

14.1 Complaints

If you believe HostiMatic has handled your personal data in a manner inconsistent with this policy or applicable law, we encourage you to contact us first so we can investigate and resolve the matter. If you remain unsatisfied after our response, you have the right to escalate your complaint to the relevant data protection authority in Bangladesh or the jurisdiction where you are based.

Need Help? We Are Here To Help You

Need Help? We Are Here To Help You

Privacy Policy

Overview

Data We Collect

How We Collect Your Data

Why We Use Your Data

Legal Basis for Processing

Data Sharing & Disclosure

Data Retention

Your Privacy Rights

Cookies & Tracking Technologies

Data Security

Children's Privacy

Third-Party Links & Services

Changes to This Policy

Contact Us

Your privacy matters to us