Last updated: 12 March 2026

HostCare respects your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK GDPR and the Data Protection Act 2018.

If anything here feels unclear, email us and we’ll explain it in plain English.

1) Who we are

HostCare is the data controller for personal information collected via https://sit.hostcare.uk (our website).

Contact (privacy queries): hello@hostcare.uk

HostCare operates from the United Kingdom.

2) What data we collect

A) Data you provide to us

When you contact us or request information, we may collect:

• Name
• Email address
• Phone number
• Business name
• Address (where relevant for billing/onboarding)

If you become a client, we may also hold service-related information such as:

• domain name(s)
• website/admin contact details
• notes about support requests and changes you’ve asked for
• invoices/records (see retention)

B) Data we collect automatically when you use our website

When you visit https://sit.hostcare.uk we may collect:

• IP address
• browser/device information
• pages viewed and basic usage data (for security and site operation)

We do not use analytics tools (e.g. Google Analytics) at the time of writing.

C) Payment data

We use Stripe to process payments. When you pay an invoice, you are directed to Stripe’s secure payment environment. HostCare does not store your card details. Stripe processes payment data as an independent data controller under its own privacy policy, available at https://stripe.com/gb/privacy.

D) Data from third parties

In limited cases we may receive data from third parties, for example:

• domain registrars (when registering or transferring a domain)
• hosting/platform providers involved in delivering our service

3) How we use your data

We use personal data for the following purposes:

• responding to enquiries and providing quotes
• onboarding new clients and delivering hosting/website care services
• billing and record-keeping
• security, abuse prevention, and service reliability
• communicating service updates and important notices

We do not sell personal data, and we do not share personal data for marketing.

4) Legal basis for processing (UK GDPR)

We process personal data under one or more of these legal bases:

• Contract: to provide the services you’ve requested (or to take steps to enter into a contract)
• Legitimate interests: to run and improve our services, keep systems secure, and respond to enquiries
• Legal obligation: to keep records for tax/accounting where required
• Consent: where we must ask (e.g. certain non-essential cookies)

5) Who we share data with (our processors)

We share personal data only when necessary to deliver the service. This may include:

• Hosting provider: our hosting infrastructure is provided via our reseller hosting platform (UK-based hosting through Krystal.io).
• Website management/monitoring tools: used to manage WordPress updates and monitor uptime (e.g. ManageWP and WordPress management tools within our hosting control panel).
• Backups: backups are handled using server backups from our hosting platform and a WordPress backup plugin (Backuply Pro).
• File sharing (if used): if you send us files via our cloud service, they are stored on our Nextcloud instance at https://cloud.hostcare.uk
• Email: we use cPanel email for service communications.
• CRM / invoicing: we use Zoho Invoice to record enquiries, clients, and invoices. Zoho’s privacy policy is available at https://www.zoho.com/privacy.html
• Payment processing: we use Stripe to process card payments securely. Stripe acts as an independent data controller for payment data. Stripe’s privacy policy is available at https://stripe.com/gb/privacy

These providers act as data processors where they process personal data on our behalf.

6) International data transfers

We aim to use UK-based services where possible. However, some suppliers/tools we use may process data outside the UK.

Where personal data is transferred internationally, we will use appropriate safeguards (such as adequacy regulations or standard contractual clauses) as required by UK GDPR.

7) Client websites: controller vs processor (important)

A) HostCare website (hostcare.uk)

For enquiries submitted on hostcare.uk, HostCare is the data controller.

B) Websites we host/manage for clients

When we host or maintain a client’s website, the client is typically the data controller for personal data collected through their website (for example, contact form submissions from their customers).

HostCare typically acts as a data processor in relation to hosting/maintenance, because we may store and handle website data to provide the service (e.g. backups, updates, troubleshooting).

Where a client’s website forms send messages directly to the client (not to HostCare), the client receives and controls that personal data.

Clients are responsible for having their own privacy policy for their own website visitors and for choosing where form submissions are delivered.

8) Data retention

We keep data only as long as necessary.

• Enquiries (non-clients): up to 90 days
• Client records (including invoices and service notes): up to 7 years
• Website data after termination: typically retained for up to 30 days after service ends, then deleted (unless we’re legally required to keep certain records)

Backups: we run daily website backups retained for 10 days as standard operational backups.

9) Security

We take security seriously and use reasonable technical and organisational measures to protect personal data, including:

• SSL/TLS encryption for data in transit (where applicable)
• access controls and limited admin access
• 2-factor authentication (2FA) on admin accounts
• regular updates and security maintenance for the systems we manage

No method of transmission or storage is 100% secure, but we work to reduce risk and respond quickly if issues arise.

10) Cookies and consent

We use cookies and similar technologies to:

• make the website function properly (essential cookies)
• remember your cookie preferences

We use CookieAdmin Pro to manage cookie consent and preferences.

We also use reCAPTCHA on forms to reduce spam. reCAPTCHA may set cookies and process technical data (such as IP address and browser/device signals) to help detect abuse.

You can control cookies using:

• the cookie banner/preferences on our website, and/or
• your browser settings (note: blocking some cookies may affect site functionality)

11) Your rights (UK GDPR)

You have rights including:

• access to your personal data
• correction of inaccurate data
• deletion in certain circumstances
• restriction or objection to processing in certain circumstances
• data portability (where applicable)
• withdrawing consent where processing is based on consent

To request any of the above, email hello@hostcare.uk. We aim to respond within one month.

You also have the right to complain to the UK Information Commissioner’s Office (ICO).

12) Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top shows the current version.

If we make significant changes, we will post an update on our website.

13) Contact

Questions about privacy or data handling: hello@hostcare.uk