The short version
We're a crypto-paid, No-KYC hosting provider. We keep the minimum operational records needed to run the service and bill you, and nothing more. In particular:
- We do not log the traffic that flows through your servers.
- We do not mirror your disks for inspection, backup, or analysis.
- We do not share your account data with anyone absent a Saint Kitts court order.
- We do not sell advertising or train machine-learning models on anything.
The sections below explain the specifics. If you prefer the signed, weekly update: see the warrant canary.
Enregistrements opérationnels
Données au niveau du compte
- Adresse e-mail — requise pour les factures, la réinitialisation du mot de passe et les avis opérationnels urgents. Les adresses jetables ou de redirection sont acceptées.
- Mot de passe hashé — Argon2id, jamais stocké en clair.
- Seed 2FA (optionnel) — TOTP / WebAuthn, stocké chiffré au repos.
- Clé publique PGP (optionnelle) — stockée dans votre profil pour le support signé.
Données de facturation
- Factures — montant, valeur USD, crypto, TXID de règlement, horodatage. Conservées 7 ans selon les obligations comptables.
- Adresses crypto utilisées pour payer — associées à la facture pour rapprochement.
Données opérationnelles
- Logs d’action du panel — qui a provisionné/redémarré/détruit quel serveur et quand. Conservés 90 jours.
- IP de session du panel — journalisées 24 heures contre la force brute, puis purgées.
Ce que nous ne collectons explicitement PAS
- Trafic passant par votre VPS ou serveur dédié (pas de netflow, PCAP ou mirroring).
- Tables MAC/ARP au-delà de 24 heures.
- Contenu fichier de vos disques.
- Documents d’identité, numéros de téléphone, vrais noms ou justificatifs de domicile.
Legal basis for processing
Under the Data Protection (Privacy of Personal Information) Act 2018 of Saint Kitts and Nevis and, where relevant, the EU GDPR for customers based in the EU, we process personal data on the following bases:
- Contract performance — the data we need to provide the Services you have ordered.
- Legitimate interest — fraud prevention, abuse handling, network-integrity protection.
- Legal obligation — narrow, and only under Saint Kitts law (e.g. seven-year retention of invoices).
- Consent — for optional profile data (PGP key, display name).
Data sharing and disclosure
Nous ne partageons rien volontairement
Nous ne vendons pas les enregistrements, ne les louons pas, ne les partageons pas pour la publicité et ne participons pas à des échanges de brokers. Aucune intégration Google Analytics, Facebook Pixel ou tracker tiers.
Quand nous divulguons
Uniquement en réponse à une décision légale d’un tribunal compétent selon la loi de Saint-Kitts-et-Nevis. Nous ne répondons pas aux subpoenas ou NSL américains, demandes MLAT sans examen local, demandes administratives UE/UK sans ordonnance SKN, ni avis DMCA (voir notre position DMCA).
Toutes les ordonnances traitées sont comptées dans notre rapport de transparence semestriel. Notre warrant canary est resigné chaque lundi.
Retention periods
| Data category | Retention | Basis |
|---|
| Account email and hashed password | Duration of account + 30 days | Contract |
| Invoices and payment records | 7 years | Corporate records law (SKN) |
| Panel action logs | 90 days | Abuse / security investigation |
| Panel session IPs | 24 hours | Brute-force protection |
| Support ticket correspondence | 2 years | Service continuity |
| VPS / dedicated disk contents on termination | 7 days (voluntary), 0 (AUP) | Recovery / security |
| Warrant-canary archives | Indefinite (signed and public) | Transparency |
Your rights
You have the following rights over your personal data, regardless of which jurisdiction you are in:
- Access — a full export of the account data we hold, in JSON format, delivered via signed email within 30 days of request.
- Rectification — update your email, password or PGP key from the panel at any time.
- Erasure — close your account and trigger the 30-day purge cycle (invoices retained for 7 years per law).
- Portability — your Content is always portable by definition (it's your server, take it with you).
- Objection — you may object to any processing we do for legitimate-interest purposes; we will either cease or justify the processing in writing.
To exercise any right, submit a PGP-signed request using our public key.
Cookies and tracking
Notre site utilise un (1) cookie : bv_session, HttpOnly, Secure, SameSite=Strict. Pas d’analytics tiers, pas de pixels de tracking, pas de cookies publicitaires. Un beacon anonyme même origine envoie des signaux agrégés page/source au hub réseau SimNoKYC et respecte Do Not Track.
International transfers
Our infrastructure runs in Iceland, the Netherlands, Romania and Switzerland; our corporate office is in Saint Kitts and Nevis. Your data therefore moves between these jurisdictions as needed for service delivery. All inter-PoP traffic is encrypted with TLS 1.3 and WireGuard; backend credentials are stored in HashiCorp Vault.
For customers subject to the EU GDPR: transfers to Saint Kitts are based on Standard Contractual Clauses (SCC, 2021 module) contained in our Data Processing Addendum, available on request.
Children
Our Services are not directed at individuals under the age of 18. We do not knowingly process data of minors. If you believe we are processing data of a minor, flag the account via your panel and we will erase it promptly.
Changes to this Policy
Material changes are announced thirty (30) days ahead, to your account email and on this page (with a bumped version number and updated date). Non-material corrections take effect immediately. Archived versions are available on request.
