1. Executive Commitment to Privacy

At Eleven Orbits, we believe that data privacy is not merely a compliance requirement—it is a fundamental human right. As architects of the digital ether, we are entrusted with the lifeblood of your business: your data. This policy serves as our transparent pact with you, outlining exactly how we collect, fortify, and govern your information across our ecosystem, including VPS Hosting, Managed WordPress, and Private Email Services.

By utilizing our infrastructure, you acknowledge that you have read this mandate and consent to the practices described herein.

2. The Data We Collect (and Why)

We practice “Data Minimization,” collecting only what is strictly necessary to deliver enterprise-grade performance and security.

2.1. Account & Identity Data

  • What: Names, physical addresses, email addresses, phone numbers, and verification documents (if required).

  • Why: To establish a binding Service Level Agreement (SLA), process billing, and verify identity to prevent fraud.

  • Legal Basis: Contractual Necessity.

2.2. Technical & Telemetry Data (Server Logs)

  • What: IP addresses, browser types, operating system details, timestamps, and resource utilization metrics (CPU/RAM usage).

  • Why: To maintain server health, diagnose latency issues, and defend against Distributed Denial of Service (DDoS) attacks.

  • Legal Basis: Legitimate Interest (Network Security & Performance Optimization).

2.3. Transactional Financial Data

  • What: Partial credit card numbers (last 4 digits), transaction timestamps, and billing history.

  • Why: To process payments and maintain tax records.

  • Note: We do not store full credit card numbers. All sensitive financial data is tokenized and processed directly by our PCI-DSS compliant payment gateway partners.

2.4. Hosted Content (The “Black Box” Principle)

  • What: The files, databases, and emails you store on our VPS or Shared Hosting servers.

  • Policy: We treat your hosted content as a “Black Box.” We do not access, read, or mine your private server data for marketing purposes. Access is granted only upon your explicit request (e.g., a support ticket) or when legally compelled by a valid court order.

3. How We Fortify Your Data

We do not leave security to chance. Your personal data is protected by a Defense-in-Depth architecture:

  • Encryption in Transit: All data moving between your browser and our dashboard is sealed with industry-standard TLS/SSL encryption.

  • Encryption at Rest: Sensitive records in our databases are hashed and salted.

  • Access Control: We enforce strict “Least Privilege” access policies. Only authorized engineers with a specific operational need can access infrastructure management tools.

4. Data Sharing & Third-Party Processors

We are a hosting provider, not a data broker. We never sell your data. However, to function globally, we work with select infrastructure partners:

  1. Domain Registrars: If you register a domain with us, specific contact details must be shared with ICANN and the relevant TLD registry (e.g., Verisign, CIRA) as per international law.

  2. Payment Gateways: To process subscriptions securely.

  3. Security Vendors: We may share traffic patterns (not personal content) with partners like Cloudflare to identify and block global botnets.

  4. Law Enforcement: We cooperate with valid legal requests. However, we rigorously validate every request to ensure it is lawful and proportionate before disclosing any data.

5. International Data Sovereignty

Eleven Orbits operates a global infrastructure. Your data may be processed or stored on servers located outside your country of residence (e.g., Canada, India, or the USA). Regardless of location, your data remains protected by the stringent standards outlined in this policy and applicable international data transfer agreements.

6. Your Data Rights

You remain the captain of your digital identity. You have the right to:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Correct inaccurate or incomplete information via your dashboard.

  • The “Right to be Forgotten”: Request the deletion of your account and associated data (subject to data retention laws for tax/legal records).

  • Portability: Receive your data in a structured, commonly used format.

To exercise these rights, submit a ticket via the Client Area.

7. Cookie Governance

Our website utilizes cookies not to spy, but to serve.

  • Essential Cookies: Required for you to log in and maintain your shopping cart.

  • Security Cookies: Used to detect brute-force attacks and identify trusted devices.

  • Analytics Cookies: Aggregated, anonymized data to help us understand which server plans are most popular. You may opt-out of non-essential cookies via your browser settings.

8. Data Retention Policy

  • Active Accounts: Data is retained for the lifetime of your active service to ensure continuity.

  • Cancelled Accounts: Server data is wiped immediately upon termination. Billing and account records are retained for 7 years to comply with tax and audit obligations, after which they are permanently expunged.

9. Policy Updates

As the digital landscape evolves, so too will this policy. We will notify you of any significant changes via email or a dashboard notification. Continued use of our services implies acceptance of the evolved terms.

10. Contact the Privacy Team

For privacy concerns, data export requests, or security reports, please contact our Data Governance Officer:

  • Email: support@elevenorbits.com

  • Method: For the fastest response, please open a “Privacy & Security” ticket from your Client Area.