Privacy Policy
We take your privacy seriously. Here's exactly how we handle your data -- no surprises, no funny business.
Last updated: February 2026
This Privacy Policy explains how SillyHost ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website at sillyhost.co.uk and our associated services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Information We Collect
We collect different types of information depending on how you interact with our Services:
1.1 Account Information
When you create an account, we collect your name, email address, and password (stored in hashed form). If you register a domain, we may also collect your postal address, phone number, and organisation name as required by domain registration regulations.
1.2 Payment Information
When you make a purchase, our payment processors (Stripe, PayU) collect your payment card details, billing address, and transaction information. SillyHost does not store your full credit or debit card numbers on our servers. We retain only a reference to the transaction, the last four digits of your card, and the card type for your records and our billing administration.
1.3 Usage Data
We automatically collect certain information when you visit our website and use our Services, including:
- IP address and approximate geographic location.
- Browser type, version, and operating system.
- Pages visited, time spent on pages, and navigation patterns.
- Referring website or source.
- Device type and screen resolution.
- Hosting account resource usage statistics (CPU, memory, bandwidth, storage).
1.4 Communications
When you contact us via our contact form, email, or support tickets, we collect and retain the contents of your messages along with your name and email address to provide support and improve our Services.
2. How We Use Your Information
We use the information we collect for the following purposes and legal bases:
- To provide and maintain our Services (legal basis: contract performance) -- including provisioning your hosting account, registering domains, processing payments, and delivering the AI Website Builder functionality.
- To communicate with you (legal basis: contract performance / legitimate interest) -- including sending service-related notifications, renewal reminders, invoices, security alerts, and responding to your support requests.
- To improve our Services (legal basis: legitimate interest) -- analysing usage patterns to enhance performance, develop new features, and fix issues.
- To ensure security (legal basis: legitimate interest) -- detecting and preventing fraud, abuse, and security threats to our infrastructure and your account.
- To comply with legal obligations (legal basis: legal obligation) -- including tax reporting, responding to lawful requests from authorities, and maintaining records as required by law.
- To send marketing communications (legal basis: consent) -- only where you have explicitly opted in. You can unsubscribe at any time via the link in any marketing email or through your account settings.
3. Data Storage & Security
We take the security of your data seriously and implement appropriate technical and organisational measures to protect it. These measures include:
- Encryption of data in transit using TLS/SSL (HTTPS).
- Encryption of sensitive data at rest, including password hashing using industry-standard algorithms (bcrypt).
- Regular security updates and patching of our server infrastructure.
- Access controls limiting employee access to personal data on a need-to-know basis.
- Regular backups stored in geographically separate locations.
- Firewall protection and intrusion detection systems.
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users and the relevant supervisory authority in the event of a personal data breach, as required by law.
4. Third-Party Services
We work with trusted third-party service providers to deliver our Services. These providers may process your personal data on our behalf or as independent data controllers. Our key third-party partners include:
| Provider | Purpose | Data Shared |
|---|---|---|
| Namecheap | Domain registration | Registrant contact details (name, address, email, phone) |
| Cloudflare | DNS, CDN, DDoS protection | Domain names, IP addresses, traffic data |
| Stripe | Payment processing | Payment card details, billing address, transaction amounts |
| PayU | Payment processing | Payment card details, billing address, transaction amounts |
Each of these providers has their own privacy policy governing their use of your data. We recommend reviewing their privacy policies for further information. We ensure that appropriate data processing agreements are in place with all third-party processors in compliance with UK GDPR requirements.
6. Your Rights (GDPR)
Under the UK General Data Protection Regulation (UK GDPR), you have the following rights regarding your personal data:
- Right of Access: You can request a copy of the personal data we hold about you. We will respond within one month of receiving your request.
- Right to Rectification: You can request that we correct any inaccurate or incomplete personal data. You can also update much of your information directly through your account dashboard.
- Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data, subject to any legal obligations that require us to retain certain information (such as billing records for tax purposes).
- Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON).
- Right to Restrict Processing: You can request that we limit the processing of your personal data in certain circumstances, for example while we verify the accuracy of your data following a rectification request.
- Right to Object: You can object to the processing of your personal data where we are relying on legitimate interest as the legal basis, and we will cease processing unless we have compelling legitimate grounds.
- Right to Withdraw Consent: Where processing is based on your consent (such as marketing emails), you can withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at support@sillyhost.co.uk. We may ask you to verify your identity before processing your request.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are:
- Account data: Retained for the duration of your account plus 30 days after account closure (to allow for reactivation requests).
- Billing and transaction records: Retained for 7 years after the transaction date, as required by UK tax law (HMRC requirements).
- Support communications: Retained for 3 years after the last interaction to provide context for ongoing support.
- Server logs and usage data: Retained for up to 12 months for security and performance analysis.
- Marketing consent records: Retained for as long as the consent is valid, plus 3 years after withdrawal for compliance evidence.
When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.
8. Children's Privacy
Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are under 16, please do not create an account or provide any personal information to us.
If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as promptly as possible. If you believe that a child under 16 has provided us with personal data, please contact us at support@sillyhost.co.uk.
9. International Transfers
Some of our third-party service providers (such as Cloudflare and Stripe) operate globally, which means your personal data may be transferred to and processed in countries outside the United Kingdom.
Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR, including:
- Transfers to countries that have received an adequacy decision from the UK government.
- Use of Standard Contractual Clauses (SCCs) approved by the ICO.
- Reliance on the recipient's binding corporate rules or other approved transfer mechanisms.
You may request further details about the safeguards we use for international data transfers by contacting us.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify you via email or a prominent notice on our website.
- Where required by law, seek your consent to any material changes in how we process your personal data.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.
11. Contact & Data Protection Officer
If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please get in touch:
If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113.
Related policies: