Privacy Policy

1. What We Collect

• Account information: Email address, optional name, and hashed password
• Usage information: Storage amounts, login times, snapshot counts, device names, and service activity needed to operate your vault
• Billing information: Stripe customer and subscription IDs only. We never store raw card data.
• Technical information: IP addresses for security and rate limiting, session tokens, and basic operational logs

2. What We Cannot See

3. How We Use Information

• To provision and operate your backup vault
• To process payments and manage subscriptions
• To send transactional emails such as verification, password reset, billing, and service notices
• To detect abuse, fraud, and unauthorized access
• To monitor service health and reliability

4. Sharing

We do not sell your data. We share information only with service providers needed to operate ServerCrate, such as Stripe for billing and relevant infrastructure providers, or when legally required to do so.

5. Retention

Account data is retained while your account is active. Vault data is deleted within 30 days of deprovisioning unless a longer retention period is legally required. Billing records may be retained for up to 7 years for accounting and compliance purposes.

6. Cookies

We use HTTP-only session cookies for authentication and security. We do not run third-party advertising trackers. We do not use your data for ads.

7. Security

We use HTTPS, HTTP-only Secure cookies, CSRF protection, password hashing, rate limiting, TOTP-based 2FA, and isolated customer environments. No system is perfect, but we design around minimizing exposure and protecting account access.

8. Your Rights

You may request access to, correction of, or deletion of your personal data, subject to legal and operational requirements. Contact privacy@servercrate.net.

9. Contact

privacy@servercrate.net