Skip to content
  • Bitcoin accepted
  • MMonero accepted
  • DMCA-resilient
  • Anonymous signup
  • ΞEthereum accepted
  • No KYC
  • 99.99% uptime
  • 24/7 support
  • 7-day money-back
  • Provisioned in < 5 min
  • Iceland · Switzerland · Netherlands
  • USDT accepted
Bitcoin accepted. Monero accepted. DMCA-resilient. Anonymous signup. Ethereum accepted. No KYC. 99.99% uptime. 24/7 support. 7-day money-back. Provisioned in under 5 minutes. Iceland, Switzerland, Netherlands. USDT accepted.
SilentHosts
Get started

1. The Short Version

We collect the minimum data needed to bill and support you. We do not ask for your full name, address, phone, or government identification. We use a self-hosted analytics tool that stores no cookies and no personal identifiers. We do not sell, share, or transfer your data to advertising networks or marketing partners. We do not retain server-resident data — the contents of your VPS belong to you and we do not inspect them.

This Section is a plain-language summary. The detailed provisions follow.

2. Who We Are

The data controller for this Privacy Policy is SilentHosts LLC, a limited liability company organised under the laws of the Republic of Seychelles. We are reachable at privacy@silenthosts.io for all privacy-related correspondence.

For matters governed by the EU General Data Protection Regulation (GDPR) where we do not maintain a representative in the European Union under Article 27, we will respond to enquiries directly through the same email address.

3. What We Collect

3.1 At signup

The only data we require at signup is a working email address. We use it to deliver invoices, service notices, and support correspondence. You may optionally provide a display name, organisation name, billing jurisdiction, or VAT identifier; these are not required and are kept only if you provide them.

3.2 At payment

For cryptocurrency payments, we record the transaction hash and the cryptocurrency network so we can reconcile the payment with your invoice. We do not associate your wallet address with your Account beyond the duration of invoice settlement; once an invoice is settled, the receiving address is rotated and not stored against the customer record.

For card payments where available (currently limited to non-offshore SKUs), we receive only the last four digits of the card and a tokenised reference from the payment processor. We do not store full card numbers. The full payment-method coverage and processor relationships are documented at /payment-methods.

3.3 Operational data

We retain the IP address from which the customer panel is most recently accessed for ninety (90) days, after which it is erased. We retain a hash of the time-based one-time-password (TOTP) seed if you have enabled two-factor authentication. We retain successful and failed login timestamps for ninety (90) days for fraud-detection purposes.

3.4 Support and ticket content

When you open a support ticket, the content of your ticket — including any attachments you share — is stored on our infrastructure for the duration set out in Section 8. Ticket content is treated as confidential and accessed only by support and engineering staff acting on the ticket.

3.5 Server-resident data

The data you store inside your virtual private server, dedicated server, mailbox, or other Service is operationally invisible to us. We do not inspect, log, scan, or copy the contents of customer-controlled infrastructure as a routine matter. Where we are required to act on data — for example to comply with a properly served local court order — we do so under the procedure in Section 7 and only to the extent legally compelled.

4. What We Do Not Collect

We do not collect, request, or retain:

  • Full legal name, except as voluntarily entered for invoicing
  • Postal address, except as voluntarily entered for invoicing
  • Telephone number
  • Government-issued identification documents
  • Behavioural-tracking data about your browsing on the website beyond the privacy-respecting analytics summarised in Section 5
  • Third-party advertising identifiers (no Google Ads, Meta Pixel, Twitter pixel, or comparable trackers are present on our marketing site)
  • Cross-site identifiers shared with data brokers

5. Cookies and Similar Technologies

5.1 Essential session cookies

Logging in to the customer panel requires a session cookie. The session cookie is essential for the operation of the Service and is exempt from EU ePrivacy consent under Article 5(3) Recital 25 of Directive 2002/58/EC. The cookie is HttpOnly, Secure, SameSite=Lax, and expires when you log out or after fourteen (14) days of inactivity, whichever is earlier.

5.2 Analytics

We use Plausible Analytics on a self-hosted instance under our control. Plausible does not set cookies on your browser, does not collect personal identifiers, and does not track users across visits or domains. The aggregated metrics it produces — page views, referrer, country at the level of country code, and visit duration — are used to evaluate marketing-site performance and are not associated with your Account.

5.3 No third-party trackers

The marketing site does not include Google Analytics, Meta Pixel, Hotjar, Mixpanel, Segment, or any comparable third-party tracking technology. The customer panel runs on its own subdomain and contains no analytics at all.

6. How We Use Information

We use the information described in Section 3 only for the following purposes:

  • Service delivery: provisioning, operating, maintaining, and supporting the Services
  • Billing: generating, delivering, and reconciling invoices
  • Abuse handling: investigating reports, communicating with affected customers, and complying with legal obligations
  • Service notices: communicating about service status, planned maintenance, security updates, and material changes to the Terms or this Policy
  • Marketing communications, only with explicit opt-in: we send marketing emails only to customers who have explicitly opted in. The default Account state is opt-out.

7. Sharing and Disclosure

7.1 Court orders

We disclose data to law-enforcement or judicial authorities only on receipt of a properly served order from a court of competent jurisdiction in one of the countries in which we operate. We do not voluntarily disclose customer data to authorities outside our operating jurisdictions. Foreign court orders are not auto-honoured; they are reviewed under local-counsel advisory and disclosed only to the extent legally compelled.

7.2 Mutual Legal Assistance Treaty (MLAT) requests

MLAT requests are processed on a case-by-case basis. Where a request is properly served and supported by a substantive showing under the relevant treaty, we cooperate to the extent legally required and no further. Where a request is not properly served or fails the relevant substantive standard, we decline.

7.3 Third-party processors

We rely on a limited set of third-party processors necessary to operate the platform:

  • Mailgun (or equivalent) for transactional email delivery, including invoice delivery, password resets, and abuse correspondence. The processor receives only the email address and the message content.
  • BTCPay Server, self-hosted on infrastructure we control, for cryptocurrency payment processing. No third-party crypto-payment processor (such as BitPay or Coinbase Commerce) is used for offshore Services.
  • PostgreSQL, hosted on infrastructure we control, for the customer database.
  • UptimeRobot or equivalent uptime monitoring, which receives only the public hostname and HTTP response status.

7.4 No marketing or advertising

We do not share, sell, license, or otherwise transfer customer data to advertising networks, data brokers, or marketing partners. We do not run advertising on the Services and do not monetise customer data.

8. Data Retention

8.1 Active Account

Personal data associated with an active Account is retained for the duration of the Account.

8.2 Cancelled Account

After cancellation, personal data is retained for ninety (90) days to permit recovery in case of accidental cancellation, then erased.

8.3 Billing records

Billing records — invoice number, amount, currency, jurisdiction of incorporation if provided, and tax identifier if provided — are retained for seven (7) years to comply with tax-record retention obligations in our operating jurisdictions.

8.4 Support tickets

Support ticket content is retained for twelve (12) months from ticket closure, then erased.

8.5 Operational logs

We do not retain server-side logs of customer activity. Specifically: we do not write to persistent storage any of the following — per-customer access logs, IP timestamps for inbound traffic, command-history logs, console session recordings, cron-job exit codes tagged to customer identity, DNS query logs.

Aggregate edge traffic flow records (NetFlow / IPFIX) are kept in volatile memory at the edge for at most one (1) hour for active DDoS-mitigation decision-making, never written to persistent storage, and never customer-correlated.

Customer-panel login attempts are tracked in volatile memory only, for the sole purpose of credential-stuffing rate-limiting. Successful sessions are not logged to disk.

The result is reflected in our public Transparency Report (https://silenthosts.io/transparency): when judicial requests for customer activity records arrive, the records produced is structurally zero because such records are not collected.

9. International Transfers

Personal data is stored on infrastructure in the jurisdiction in which the customer's Service is deployed. The customer panel itself runs on infrastructure in the Netherlands, with database replication to a single offsite location in Iceland for disaster-recovery purposes.

For EU-resident customers, this means the customer-panel data crosses an internal boundary between the Netherlands (within the EEA) and Iceland (outside the EEA but within the European Economic Area for data-protection purposes). Iceland is recognised by the European Commission as providing an adequate level of data protection.

10. Your Rights

Where you are an individual within the scope of EU GDPR, UK GDPR, California Consumer Privacy Act (CCPA), or comparable privacy frameworks, you have the rights set out in the applicable regulation. The most commonly exercised rights are:

10.1 Right of access

You may request a copy of the personal data we hold about you. We respond within thirty (30) days.

10.2 Right to rectification

You may correct inaccurate personal data we hold about you. Most fields can be edited directly in the customer panel; for fields that cannot, contact privacy@silenthosts.io.

10.3 Right to erasure ("right to be forgotten")

You may request erasure of personal data we hold about you. We will erase it unless we have a legal obligation to retain it (notably the seven-year billing-record retention in Section 8.3, in which case the personal data outside that scope is erased and the billing record is anonymised to the extent possible).

10.4 Right to data portability

You may request a machine-readable export of personal data we hold about you. The export is delivered as JSON, encrypted with a passphrase you provide.

10.5 Right to restriction and objection

You may request that we restrict processing of your personal data while a complaint or correction request is being investigated, and you may object to processing based on legitimate-interest grounds. Marketing-communications opt-out is honoured immediately on request.

11. How to Exercise Your Rights

To exercise any right described in Section 10, send an email to privacy@silenthosts.io. We respond within thirty (30) days. If we anticipate needing additional time (notably for complex erasure requests where we must verify legal-retention scope), we will notify you within the initial thirty (30) days and complete the response within a maximum of sixty (60) further days.

We do not charge a fee for routine requests. Where requests are manifestly unfounded, excessive, or repeated, we may charge a reasonable fee or refuse to act, as permitted by GDPR Article 12(5).

12. Security Measures

12.1 Encryption at rest

Customer panel data, including invoice records and support ticket content, is stored with disk-level encryption using LUKS/dm-crypt with AES-XTS-256.

12.2 Encryption in transit

All connections between the customer's browser, the customer panel, and our internal services use TLS 1.3 or, where TLS 1.3 is not available on the client, TLS 1.2 with strong cipher suites and forward secrecy. We do not support TLS 1.0 or TLS 1.1.

12.3 Access controls

Internal access to customer data is limited to support and engineering staff acting on a specific ticket or incident. Two-factor authentication is mandatory for all staff accessing the customer panel administrator interface.

12.4 Audit logging

Internal access to customer data is logged with sufficient detail to reconstruct who accessed what and when. Audit logs are retained for ninety (90) days.

13. Children's Privacy

Our Services are not intended for individuals under the age of sixteen (16). We do not knowingly collect personal data from minors below this threshold. If we discover that we have collected personal data from a minor below the threshold, we erase it promptly and refund any payment received. Parents or guardians who believe their minor child has provided personal data to us should contact privacy@silenthosts.io.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes — those that affect the categories of data we collect, the purposes for which we use data, or the third parties with which we share data — are notified via the billing email and announced via a banner on the customer panel for thirty (30) days before they take effect. Non-material changes (clarifications, formatting, broken-link fixes) may be made without prior notice; the "Last updated" date at the top of this document reflects the most recent change.

15. Contact

For privacy-related questions, requests, or complaints:

If you believe we have failed to comply with applicable privacy law, you have the right to lodge a complaint with the supervisory authority in your jurisdiction. For EU residents, this is the data-protection authority of your Member State; for UK residents, the Information Commissioner's Office; for California residents, the California Privacy Protection Agency.