Privacy Policy

My Commitment to Your Privacy

I believe privacy is a right, not a feature. My approach is simple: collect as little data as possible, share nothing without legal compulsion, and be transparent about what I can't control.

This policy explains what happens to your data when you use my services.

What Data I Collect

I collect only what's necessary to operate the service:

  • Account data: First name, last name, and email address. Pseudonymous signups are allowed—I don't care what you enter as long as the email address is valid for communication.
  • Billing data: Only what's required for invoicing and service delivery (order history, resource allocation).
  • Infrastructure data: Metrics necessary to provision and manage your VMs (CPU, RAM, Disk, Network stats).

That's it. I do not collect:

  • Your VM contents or traffic
  • What services or applications you run
  • Geographic location data
  • Device fingerprints or tracking data

What I Don't Do With Your Data

I do not:

  • Sell your data
  • Share your data with third parties unless required by law
  • Use your data for marketing or advertising
  • Profile you for suggesting add-on services
  • Track your activity across other services

Legal Requests & Data Disclosure

If I receive a legal request for your data (subpoena, warrant, law enforcement request), I will:

  1. Ensure the request meets a clear legal standard: documented criminal activity or an imminent threat to safety.
  2. Comply with valid requests, but only for the specific data requested.
  3. Notify you if legally permitted to do so.

I will not provide data in response to vague, overreaching, or legally questionable requests. If you believe I've received a request for your data, you can contact me directly.

Payment Methods & Privacy Vetting

I've carefully researched payment methods based on their privacy practices. Here's what I support and why:

  • Stripe (Card payments, Apple Pay, MB Way, Pix, Korean Cards): I use Stripe as a "blind processing pipe" only. Stripe handles payment processing while I maintain minimal visibility into transaction details. Link is explicitly disabled to prevent Stripe from storing your payment data for marketing or cross-platform tracking.
  • Apple Pay: Uses hardware-level biometric tokenization that keeps your purchases invisible to Apple and merchants.
  • MB Way & Pix: Privacy-respecting banking utilities that do not engage in behavioral profiling or ad targeting.
  • NOWPayments (Cryptocurrency): Full support for 200+ cryptocurrencies. Crypto payments provide maximum anonymity with no fiat processing.

Why I've excluded other payment methods: I researched popular options like Google Pay, PayPal, Amazon Pay, and Samsung Pay. All of them use transaction data for advertising, behavioral profiling, or other purposes that would expose you to unwanted marketing or data harvesting. While these methods are convenient, I prioritize protecting your data over conversion metrics. You shouldn't lose privacy or receive ads because you decided to use my service.

Payment Processor Data

Both Stripe and NOWPayments handle their own data collection and retention:

  • Stripe: Processes payment information according to their privacy policy and PCI compliance requirements. I do not store or access your payment card details—Stripe does.
  • NOWPayments: Processes cryptocurrency transactions according to their privacy policy. I do not store or access your crypto wallet information.

For questions about their data practices, please review their respective privacy policies.

Technical Protections

I implement multiple layers of protection to limit my own access to your data:

  • LUKS Encryption: Your VM storage is encrypted with LUKS. You control the encryption passphrase. Unless you opt for auto-boot (which still comes with its own protections), I have no ability to access your data without extensive forensic operations.
  • VNC Console Warnings: When you access the VNC console, you see a message stating that keystrokes pass through a cleartext buffer. I suggest changing credentials after using the console and provide a canary that alerts you if the console should be considered compromised.
  • Minimal Administrator Access: I've intentionally designed the infrastructure to limit what I can see into your environment.

IP Addresses & Logs

Several applications maintain logs for security, accountability, and account protection.
This includes IP addresses which are generally anonymous except as follows:

  • Billing audit logs: necessary to comply with various record keeping standards.
  • Client session logs: necessary to keep you informed of devices logged into your account.

These logs are never used for advertising, profiling, tracking, or any purpose other than stated above.

Data Deletion Requests

If you request deletion of your data, I will remove everything within my control:

  • Can be deleted: Your account profile, order history, and associated data in my systems.
  • Cannot be deleted: Transaction records held by Stripe or NOWPayments. These are subject to payment processor compliance requirements and are outside my control.

Contact me directly to request data deletion.

Changes to This Policy

If I make material changes to this policy, I will notify you via email. I commit to maintaining these privacy principles as the business grows.

Questions or Concerns?

If you have questions about your data or this policy, please reach out. I take your privacy as seriously as my own.
support@needinput.host