Alpenglow← Back to Home

Privacy Policy

Last updated: 4 March 2026

1. Introduction

Alpenglow Hosting ("we", "us", "our") is operated by Winistörfer Webdesign, Solothurnstrasse 7, 4543 Deitingen, Switzerland. We are the data controller responsible for your personal data.

This Privacy Policy explains how we collect, process, store, and protect your personal data when you visit our website at alpenglowhosting.com or use our services. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and other applicable data protection laws.

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Your name
  • Email address
  • Password (stored as a one-way cryptographic hash — we never store your plaintext password)
  • IP address at the time of registration (for abuse prevention)

2.2 Payment Data

When you purchase credits, payment is processed by our payment provider Stripe. We do not receive or store your full credit card number. Stripe provides us with a transaction reference, the amount, and a truncated card identifier for your purchase history. Stripe's own privacy policy governs how they process your payment data: stripe.com/privacy.

2.3 Usage Data

When you use the Service, we automatically collect:

  • Server configurations and settings you create
  • Credit transaction history (purchases, usage deductions, refunds)
  • Server runtime statistics (start/stop events, resource consumption)
  • Timestamps of your interactions with the management panel

2.4 Analytics Data

With your consent, we use datafa.st to collect anonymised, aggregated analytics data about how visitors interact with our website. This may include:

  • Pages visited and time spent on each page
  • Referral source (e.g. search engine, direct link)
  • Browser type and operating system
  • Country-level geographic location (derived from your IP address at request time; the IP address itself is never stored or logged)

datafa.st is designed to be privacy-friendly: it does not use cross-site tracking cookies, does not fingerprint individual users, and does not share data with advertisers. Data is processed in accordance with the datafa.st Privacy Policy. Analytics are only loaded after you have given your explicit consent via the cookie banner. You can withdraw consent at any time via the Cookie Settings link in the footer.

2.5 Communication Data

When you contact us via email, we collect and store the contents of your message, your email address, and any attachments for the purpose of responding to your inquiry.

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service delivery: To create and manage your account, provision servers, and process credit transactions.
  • Communication: To send transactional emails such as email verification, password resets, and low-credit notifications.
  • Security & abuse prevention: To detect and prevent fraud, multi-account abuse, and unauthorised access.
  • Legal compliance: To comply with applicable legal obligations, such as tax and accounting requirements.
  • Service improvement: To analyse usage patterns and improve the quality and reliability of our Service.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6(1):

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you signed up for — account management, server hosting, and credit transactions.
  • Legitimate interests (Art. 6(1)(f)): Security measures, abuse prevention, and service improvement, where our interests do not override your fundamental rights.
  • Legal obligation (Art. 6(1)(c)): Retaining transaction records to comply with tax and accounting regulations.
  • Consent (Art. 6(1)(a)): Where applicable, for analytics cookies and optional marketing communications. You may withdraw consent at any time.

5. Third-Party Processors

We share personal data only with trusted third-party processors who assist in delivering the Service. Each processor is contractually bound to handle your data in accordance with GDPR requirements.

ProviderPurposeLocation
StripePayment processingUSA (EU SCCs in place)
Postmark (ActiveCampaign)Transactional email deliveryUSA (EU SCCs in place)
datafa.stWebsite analytics (anonymised, consent-gated)EU
Hetzner Online GmbHServer infrastructure & hostingGermany (EU)

For processors located outside the EU/EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs), to guarantee an adequate level of data protection.

6. Cookies

6.1 Essential Cookies

We use strictly necessary cookies to maintain your session, remember your authentication state, and ensure the security of the Service. These cookies cannot be disabled as the Service cannot function without them.

6.2 Analytics — datafa.st

With your explicit consent, we load the datafa.st analytics script (datafa.st/js/script.js) on our website. datafa.st uses a first-party, cookie-free approach to measure page views and visitor behaviour in an anonymised, aggregated form. It does not use persistent cross-site tracking cookies and does not collect personally identifiable information. The legal basis for this processing is your consent (GDPR Art. 6(1)(a)).

6.3 Managing Your Preferences

When you first visit our website, you will be shown a cookie consent banner where you can accept or decline non-essential analytics. The analytics script is only loaded after you explicitly click Accept cookies. You can change your choice at any time by clicking the Cookie Settings link in the website footer — this clears your stored preference and re-shows the consent banner. You can also clear your browser's local storage at any time to reset your choice.

7. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

  • Account data: Retained for the duration of your account and up to 30 days after deletion, to allow for account recovery.
  • Transaction records: Retained for 10 years to comply with Swiss and EU tax and accounting obligations.
  • Server data: Retained while your account is active. Server data for accounts with zero credit balance and no activity may be deleted after 90 days.
  • Communication data: Retained for up to 2 years after the last interaction.
  • Analytics data: Aggregated and anonymised; no personally identifiable data is retained.
  • Registration IP: Retained for up to 12 months for abuse prevention, then deleted.

8. Your Rights

Under the GDPR and the Swiss FADP, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction: Request that we restrict processing of your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, and machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@alpenglowhosting.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority — in Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/HTTPS)
  • Cryptographic hashing of passwords and security tokens
  • Access controls and role-based permissions
  • Regular security reviews of our infrastructure
  • Server infrastructure hosted within the EU (Germany)

While we take every reasonable precaution, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete such data promptly. If you believe a child under 16 has provided us with personal data, please contact us at support@alpenglowhosting.com.

11. International Data Transfers

Your personal data is primarily stored and processed on servers located in Germany (EU). Where data is transferred to processors outside the EU/EEA (see Section 5), we ensure that appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs), to provide an adequate level of protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Winistörfer Webdesign
Solothurnstrasse 7
4543 Deitingen, Switzerland
Email: support@alpenglowhosting.com