Privacy Policy

Last Updated: April 22, 2026

This Privacy Policy explains how OKLAKO S.R.L., operating services under the HYTHOST brand, processes personal data in connection with our website, client area, support, billing, hosting services, game server services, VPS services, dedicated services, domain-related services, security operations, and abuse handling.

HYTHOST acts as a data controller for personal data we process for our own account management, billing, support, security, fraud prevention, abuse handling, legal compliance, and service operation purposes. For content, files, databases, and other data uploaded by clients to their own hosting services, the client normally controls the purposes and means of that processing, and HYTHOST acts as a service provider or processor to the extent applicable.

1. Controller and Contact Details

The controller is OKLAKO S.R.L., operating the HYTHOST services. You can contact us through the HYTHOST client-area support ticket system, by email at [email protected], by telephone at +373 798 83 890, or by using the company postal contact: Chisinau municipality, Buiucani sector, Sucevita 36/1, apartment/office 155, Republic of Moldova.

2. Personal Data We Process

Depending on how you interact with us, we may process the following categories of personal data:

• account data, such as name, company name, email address, phone number, address, country, login details, account identifiers, and account status;
• billing and order data, such as invoices, payment status, payment method references, products ordered, renewals, cancellations, tax-related data, and transaction history;
• support data, such as ticket messages, replies, attachments, screenshots, diagnostics, service identifiers, chat messages, and communication history;
• technical and usage data, such as IP addresses, timestamps, browser and device information, referral URLs, access logs, authentication logs, control panel logs, API usage, service activity, traffic metadata, and security events;
• service data, such as domain names, hostnames, DNS records, assigned IP addresses, server identifiers, configuration data, resource usage, backups metadata, and operational logs;
• abuse and security data, such as blacklist or RBL listings, abuse reports, malware reports, phishing reports, spam evidence, DDoS or intrusion indicators, upstream notices, law enforcement notices, investigation notes, and suspension history;
• verification and fraud-prevention data where reasonably required, such as account verification details, risk signals, and information needed to verify payment or account legitimacy.

3. How We Collect Personal Data

We collect personal data directly from you when you register, order, pay, open a ticket, contact support, configure services, or otherwise use our website or client area. We also collect data automatically through logs, cookies or similar technologies, fraud prevention systems, service monitoring, security tools, abuse monitoring, and infrastructure systems.

We may receive personal data from third parties where necessary to provide or protect services, including payment processors such as Skrill, Paynet, and PayPal; registrars; registries; datacenters; upstream network providers; anti-DDoS providers; blacklist or reputation sources; abuse reporters; law enforcement bodies; and security researchers.

4. Purposes and Legal Bases

We process personal data for the following purposes and legal bases:

• to create and administer accounts, process orders, provide services, manage renewals, and handle support, based on contract performance or steps taken before entering into a contract;
• to issue invoices, keep accounting records, process payments, handle tax obligations, and respond to lawful requests, based on legal obligations;
• to secure accounts, prevent fraud, detect abuse, monitor IP reputation, investigate incidents, enforce Terms of Service, protect infrastructure, and protect third parties, based on legitimate interests and, where applicable, legal obligations;
• to communicate service notices, maintenance notices, abuse tickets, suspension notices, billing notices, and operational updates, based on contract performance and legitimate interests;
• to improve our website, services, support, security controls, and internal administration, based on legitimate interests;
• to send optional marketing communications where you have consented or where applicable law allows, with the option to withdraw consent or opt out where required.

5. Abuse Monitoring, Blacklists, and Automated Decisions

HYTHOST may use automated and manual tools to detect fraud, compromised services, spam, SMTP abuse, malware, phishing, botnets, DDoS participation, intrusion attempts, public blacklist or RBL listings, reputation incidents, and other violations of our Terms of Service.

If an individual IP address assigned to your service is confirmed as listed on a public blacklist or if an abuse report is credible, we may open a support ticket that includes the affected IP address, listing or report source, lookup link, related service, evidence available to us, and the response deadline. For ordinary blacklist listings, the Terms of Service normally provide 12 hours to respond and remediate. If no client reply is detected after the deadline and the IP address remains listed, automated systems may suspend the related service through our billing or service management system. Severe, repeated, ongoing, legal-risk, upstream-requested, or infrastructure-risk cases may lead to immediate suspension, quarantine, filtering, or restriction.

Some abuse and fraud actions may be triggered or prioritized by automated monitoring. You can reply to the support ticket or contact support to provide context, evidence, or a remediation plan and to request human review of the decision where appropriate.

6. Cookies and Website Logs

Our website and client area may use cookies, session identifiers, security tokens, and similar technologies to keep users logged in, protect forms, remember preferences, detect abuse, improve performance, and understand website usage. This includes technologies used by WHMCS, Cloudflare Turnstile, and Tawk.to live chat where those features are enabled. Server logs may record IP address, browser information, requested URL, referrer, date and time, and security-related events.

We do not intentionally use analytics or marketing cookies unless they are separately enabled and disclosed. If optional analytics or marketing tools are added later, we will update this Policy and, where required, request consent or provide an opt-out mechanism.

You can control cookies through your browser settings, but disabling required cookies may prevent the client area, checkout, login, or support features from working correctly.

7. Recipients and Processors

We may share personal data only where necessary for the purposes described in this Policy, including with:

• payment processors, banks, fraud prevention providers, and accounting providers, including Skrill, Paynet, and PayPal where you choose or use those payment methods;
• datacenters, upstream network providers, anti-DDoS providers, IP reputation providers, and infrastructure providers;
• domain registrars, registries, SSL certificate authorities, software vendors, license providers, and control panel providers;
• support, email, ticketing, live chat, notification, monitoring, backup, and security service providers, including Tawk.to live chat, Discord where you contact us through Discord, and Cloudflare Turnstile for bot and abuse protection;
• professional advisers, auditors, insurers, and legal representatives;
• public authorities, courts, regulators, law enforcement, or other parties where required by law or where necessary to protect rights, safety, security, infrastructure, or third parties.

We require service providers that process personal data on our behalf to use appropriate security and confidentiality measures and to process data only for authorized purposes.

8. International Transfers

Services may involve providers, infrastructure, registries, software vendors, payment processors, support tools, live chat providers, community platforms, anti-abuse tools, or clients located in Moldova, the European Economic Area, the United States, or other countries. Where personal data is transferred internationally, we use the transfer mechanism or safeguard required by applicable law where such safeguard is required.

Domain registrations, SSL certificates, abuse handling, payments, security investigations, and infrastructure operations may require data to be shared with providers or authorities outside your country, depending on the service and the incident.

9. Retention

We keep personal data for as long as necessary for the purposes described in this Policy, including providing services, maintaining accounts, resolving disputes, enforcing Terms of Service, securing infrastructure, handling abuse, preventing fraud, meeting accounting and tax requirements, and complying with legal obligations.

Account, billing, contract, and accounting records may be retained for the period required by applicable law. Support tickets, abuse reports, security logs, suspension history, and investigation records may be retained where needed to protect our services, document decisions, prevent repeated abuse, or defend legal claims. Operational logs are generally retained for shorter periods unless needed for security, fraud, abuse, billing, or legal reasons.

Client service content may be deleted after cancellation, termination, suspension, non-payment, expiration, or after the end of any retention period available for the affected service.

10. Security

We use technical and organizational measures intended to protect personal data against unauthorized access, alteration, disclosure, loss, misuse, and other unlawful processing. These measures may include access controls, authentication controls, logging, monitoring, network protection, staff confidentiality, backups, and security review processes.

No online service can be guaranteed completely secure. You are responsible for securing your own services, applications, accounts, passwords, keys, scripts, plugins, servers, and backups.

11. Your Rights

Subject to applicable law and any legal limitations, you may have the right to request access to your personal data, correction of inaccurate data, deletion of data, restriction of processing, objection to processing, data portability, withdrawal of consent where processing is based on consent, and information about processing activities.

You can exercise account access and correction rights through the client area where available. For other requests, contact us through the client-area support ticket system or by email at [email protected]. We may need to verify your identity before responding.

Some requests may be limited or refused where we must retain data for billing, tax, accounting, legal, security, abuse prevention, dispute resolution, service operation, or legitimate-interest reasons.

12. Complaints

If you believe your personal data has been processed unlawfully, you can contact us first so we can review the issue. You may also have the right to lodge a complaint with the National Center for Personal Data Protection of the Republic of Moldova or another competent supervisory authority under applicable law.

13. Children's Data

HYTHOST services are not intended for children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact support so we can review and take appropriate action.

14. Third-Party Websites and Services

Our website or services may link to third-party websites, control panels, payment pages, community platforms, registrars, software providers, or other external services. Their privacy practices are governed by their own privacy policies, not this Privacy Policy.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect service changes, legal changes, security practices, or operational changes. The latest version will be published on this page. Continued use of our website or services after an update means the updated Policy applies from the date shown above.

16. Legal Framework Note

This Policy is intended to reflect the requirements of the data protection laws applicable to HYTHOST, including the personal data protection framework of the Republic of Moldova and, where applicable, GDPR-aligned transparency principles. Law No. 195/2024 on personal data protection will enter into force on August 23, 2026, and this Policy is drafted to be compatible with that transition where applicable.