Privacy Policy
Last updated: 12 August 2025
Quietly Hosted is a UK-based managed hosting, email, and domain service run by Colin Thurston as a sole trader. This policy explains how and why we collect, use, and protect your personal data.
1. Who we are
Quietly Hosted is the trading name of Colin Thurston, a sole trader based in the UK.
Under the UK General Data Protection Regulation (UK GDPR), we are a data controller for information we collect about our own customers. If you're one of our clients, you are the data controller for your website and your own end users' data.
For joint data processing (e.g., handling support requests that involve end-user info), we act as a processor only when instructed by the client.
2. What personal data we collect
We only collect what we need in order to provide and support our services. This may include:
When you become a client:
- Your name
- Email address
- Business name (if applicable)
- Postal address (for invoices)
- Domain registration details
- Payment reference from GoCardless (we never see your bank details)
When you contact us:
- Information you submit via our contact form (powered by Tally)
- Any email or chat correspondence
If you're using our hosting or email services:
- Server logs (e.g. IP addresses, connection attempts, error logs)
- Email metadata (sender, recipient, timestamps)
- Email content if we access your mailbox (with consent) as part of a support request
3. How we use your data
We use your personal data to:
- Set up and manage your hosting, domain, and email services
- Process payments and send invoices
- Respond to your queries and support requests
- Monitor and maintain the performance and security of our infrastructure
- Comply with legal obligations (e.g. tax reporting)
We do not use your data for marketing, profiling, or advertising.
4. Who we share your data with
We only share your data with trusted providers we rely on to deliver our services:
| Provider | Purpose | Location |
|---|---|---|
| Krystal Hosting | Web hosting infrastructure | UK |
| Cloudflare | DNS, security, and performance services | Global (inc. US) |
| GoCardless | Payment processing (Direct Debit) | UK/EU |
| Tally.so | Contact form submissions | Hosted in EU |
| HMRC | Where required for tax/accounting purposes | UK |
We do not sell or rent your data to anyone. If we need to share your data for legal reasons (e.g. a court order), we’ll do so only where required.
5. International transfers
Some data may be routed through or stored in countries outside the UK (for example, via Cloudflare). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions under UK GDPR.
6. How long we keep your data
We only keep your data for as long as necessary. For example:
- Account and billing data – kept for 6 years to meet legal obligations
- Support requests – kept for up to 2 years
- Server logs – usually kept for 90 days, unless needed for troubleshooting or legal reasons
You can request deletion of your data where we no longer have a legal reason to retain it. When we delete data, we will take reasonable steps to remove it from backups within a reasonable timeframe.
7. Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate or outdated information
- Request deletion of your data (where we no longer need it)
- Object to or restrict certain types of processing
- Complain to the ICO if you're unhappy with how we handle your data
To exercise any of these rights, email: [email protected]
8. Cookies and website tracking
We do not currently use cookies or tracking scripts on our website. If this changes, we’ll update this policy and provide a cookie notice.
9. Security
We take reasonable measures to protect your data, including:
- Encrypted connections (HTTPS, SFTP)
- Two-factor authentication where supported
- Access logs and activity monitoring
- Limited internal access based on need
However, no system is 100% secure – if we ever become aware of a breach, we will notify affected individuals as required by law.
Clients are responsible for maintaining the security of their login details.
10. Changes to this policy
We may update this privacy policy from time to time. Any changes will be posted at quietlyhosted.com/privacy and, where appropriate, we’ll notify you by email.