We respect your privacy

At Hostis – Radivoje Đokić s.p., we take your privacy seriously. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have.

This Policy applies when you use the Hostis platform, including the web dashboard, deployment system, gaming panel, APIs, and related services (the “Services”).

1. Who we are

Hostis is a self-hosted-oriented PaaS and gaming platform operated by:

Hostis – Radivoje Đokić s.p.
Crnjelovo Gornje
76300 Bijeljina
Bosnia and Herzegovina

We primarily follow the principles of the EU General Data Protection Regulation (GDPR) and aim to respect other applicable data protection laws (such as CCPA-type rights, where relevant to you).

2. What data we collect

• Account data: email address, hashed password (if you use password login), optional name, and authentication identifiers (e.g. if we later support OAuth providers like GitHub or Google).
• Usage data: created projects, deployments, game servers, resource usage (CPU, RAM, storage, bandwidth) to operate the Services, prevent abuse, and for billing and capacity planning.
• Technical data: IP address, browser type, operating system, approximate region (based on IP), timestamps, and standard server logs. This helps us secure the platform and debug issues.
• Support communication: emails or messages you send to us (for example, to info@hostis.cloud) and any information you voluntarily provide when asking for help.
• Payment-related data: if you purchase paid plans, our payment processor will handle your card or payment details. We do not store full card numbers on our own servers.
• Analytics: we may use a privacy-focused, cookie-free analytics provider (listed in our subprocessors list) to understand anonymous traffic patterns (e.g. page views, referrers, device types) without building individual user profiles.

3. Why we collect data and legal bases

We use your data for the following purposes and legal bases:

• • To provide the Services (deploy your apps, run game servers, manage databases, etc.) – contractual necessity (Art. 6(1)(b) GDPR).
• • To operate, maintain, and improve Hostis – our legitimate interest in running a stable and secure platform (Art. 6(1)(f) GDPR).
• • To communicate with you (billing, service-related emails, important changes) – contractual necessity and legal obligations.
• • To prevent abuse and secure the platform (fraud detection, abuse monitoring, security logging) – legitimate interest.
• • To comply with legal obligations (accounting, tax, law enforcement requests where required by law).

4. Who we share data with

We do not sell your personal data. We only share it with:

• • Infrastructure and service providers that help us run Hostis (for example hosting providers, DNS/DDoS protection, email delivery, payment processing, analytics).
• • Authorities if we are legally required to do so (e.g. court orders, law enforcement, serious abuse reports).

We maintain an up-to-date list of our main subprocessors here: hostis.cloud/legal/subprocessors.

5. International data transfers

Our primary infrastructure is located in Europe (for example, within the EU/EEA region) or nearby jurisdictions such as Bosnia and Herzegovina. If personal data is transferred outside the EU/EEA to a country without an adequacy decision, we aim to rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms provided by the European Commission.

6. Security and data retention

We apply technical and organizational measures such as encryption in transit (TLS), restricted access, and network isolation to help protect your data. No system can be perfectly secure, but we take reasonable steps to reduce risk.

We keep your data for as long as your account is active or as necessary to provide the Services and meet legal obligations (for example, tax and accounting rules). After account deletion, active data related to your account is removed or anonymized within a reasonable period; some data may remain in encrypted backups for a limited time before being overwritten.

7. Cookies and tracking

Hostis uses only essential cookies for login and security (for example, session cookies) and may use cookie-free, privacy-focused analytics. We do not use third-party advertising cookies or build cross-site tracking profiles.

For more details, see our Cookie Policy.

8. Your rights

Depending on your location (for example under GDPR and similar laws), you may have the right to:

• • Access the personal data we hold about you
• • Request correction of inaccurate or incomplete data
• • Request deletion of your data (“right to be forgotten”)
• • Request a copy of your data in a portable format
• • Object to certain types of processing
• • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@hostis.info. We may need to verify your identity before responding.

9. Children’s privacy

Hostis is intended for use by adults and businesses. We do not knowingly collect personal data from children under the minimum age required by law in their country. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the dashboard or email. The latest version will always be available at hostis.cloud/legal/privacy.