Privacy Policy
Effective Date: 19 Dec 2025
What personal data we collect and why we collect it
Personally Identifying Information
We collect information from you when you register on our site, place an order, subscribe to our newsletter or fill out a form.
When ordering or registering on our site, as appropriate, you may be asked to enter your: e-mail or credit card information. You may, however, visit our site anonymously.
Payment information
We never store full payment-card data on ElfHosted infrastructure. All card and wallet payments are processed by third-party providers—currently Stripe, PayPal, and Blockonomics (for Bitcoin). Those providers receive the billing details you submit (name, email, billing address, last 4 digits) in order to authorize the transaction. Their usage of that information is governed by their own privacy policies: Stripe, PayPal, and Blockonomics. We retain a transaction reference, payment status, and the last four digits of the card or wallet so we can reconcile orders and comply with accounting laws.
Gravatar
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/.
Cookies
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
We use Google Analytics to understand aggregate traffic patterns across both our public documentation site (docs.elfhosted.com) and our store (store.elfhosted.com). Both properties display the same cookie-consent banner; analytics scripts do not run until you grant consent, and you can revisit the banner at any time to withdraw consent.
Google Analytics sets cookies that help us see which pages are popular and where visitors come from; the data we view is aggregated, but Google may process IP addresses and device identifiers on our behalf. You can opt out by using browser-level tracking protection, disabling analytics cookies in the consent banner, or installing the Google Analytics opt-out browser add-on.
Operational logs and telemetry
To secure the platform and troubleshoot issues, we capture minimal operational metadata (for example: account identifier, IP address, timestamp, API endpoints accessed, resource usage counters, and sensor output from our orchestration layer). Logs are rotated frequently and retained for the shortest period needed—typically 7–30 days—unless longer retention is required for active investigations or legal obligations. We do not inspect customer payloads or media content, but we may correlate metadata with upstream providers (e.g., datacenter partners, RealDebrid, Abavia) when investigating abuse reports. See the Abuse Policy and Notice & Takedown policy for details on how we process lawful complaints.
Bundled third-party services
Some subscriptions integrate external providers such as TorBox or Abavia (NzbDAV), storage vendors, or communication platforms (Discord). When you enable these integrations we share the minimum necessary data—usually your email address, ElfHosted account ID, and service configuration—so the third party can provision access. Their collection and processing of your data is governed by their own policies; please review the relevant provider’s documentation before enabling any integration.
Who we share your data with
We do not sell customer information. We may share limited data with:
- Payment processors (Stripe, PayPal, Blockonomics) to complete transactions.
- Infrastructure vendors (cloud/datacenter providers, monitoring services, CDN, email delivery) strictly to operate the platform.
- Third-party apps you explicitly connect (e.g., TorBox, Abavia) to fulfill the features you request.
- Law enforcement, regulators, or other parties when required by law, court order, or to enforce our Terms of Service, Acceptable Use Policy, or to protect the rights and safety of ElfHosted, our users, or the public.
Data Retention
Site Data
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Server Data
As part of our commitment to protecting your privacy, customer application data is scheduled for deletion shortly after a service expires or is terminated. In most cases storage volumes are wiped within 7 days, but operational backups and replication targets may retain encrypted copies for up to 14 days before being purged automatically. If you have indicated a payment complication or reactivation request, we may retain data longer so you have an opportunity to resolve the issue. You can request self-service deletion at any time via our documented process: https://docs.elfhosted.com/how-to/delete-your-data/. Please note that security logs and billing records are excluded from deletion requests because we must retain them for auditing and legal compliance.
Account Deletion
Upon termination of services, account metadata is minimized but certain records (such as invoices, order history, and abuse investigation notes) must be retained for tax, accounting, and legal purposes. These records are restricted to authorized personnel only.
Data subject rights
Depending on your jurisdiction (e.g., GDPR, UK GDPR, CCPA), you may have rights to access, correct, download, or delete your personal data, as well as object to or restrict certain processing. To exercise these rights, open a support ticket or email legal@elfhosted.com with your request, and we will respond within the time frames specified by applicable law. When the law requires it, we may ask for additional verification to protect your account from unauthorized changes.
Security practices
We implement technical and organizational safeguards including encrypted storage, network segmentation, role-based access control, regular patching, and least-privilege credentials for staff and automation. While no system can be 100% secure, we continually monitor the platform and audit access to ensure customer data remains protected.
Your contact information
If you have any questions regarding this policy or any other policies of this website (ElfHosted), you may email your questions to legal@elfhosted.com.