KitCloud

Legal

Privacy Policy

How KitCloud handles customer account, billing, hosting, domain, email, support, security, analytics and newsletter data.

Last updated: 15 May 2026.

This Privacy Policy explains how KitCloud collects, uses, stores and protects personal data when you visit kitcloud.io, create a billing account, place an order, use our hosting, domain, DNS, business email or support services, contact us, or subscribe to KitCloud updates.

1. Who We Are

KitCloud is operated by Kendall Group Ltd, company number 15554380. For the personal data we use to run KitCloud accounts, billing, support, marketing, website analytics and business administration, Kendall Group Ltd is the data controller.

You can contact us about privacy at [email protected]. You can also contact support at [email protected] for service-related requests.

2. When We Are A Controller Or Processor

For customer account records, billing details, support tickets, website enquiries, newsletter subscriptions, analytics, security logs and service administration records, we usually act as the data controller.

For personal data that you or your users place inside hosted websites, databases, applications, email mailboxes or files, you will usually be the data controller and KitCloud will usually act as a processor providing hosting infrastructure and related services. You are responsible for the privacy notices, lawful bases, permissions and security decisions that apply to the personal data you choose to host with us.

3. Personal Data We Collect

Depending on how you use KitCloud, we may collect and use:

  • identity and contact details, such as your name, business name, email address, telephone number, billing address and account login details;
  • billing and transaction records, such as orders, invoices, payment status, renewals, cancellations, account balance and support notes linked to billing;
  • service records, such as domain names, DNS records, hosting packages, mailbox details, DirectAdmin usernames, service status, provisioning records and configuration choices;
  • support and communication records, such as tickets, emails, replies, attachments, notes and service history;
  • technical and security data, such as IP addresses, browser and device details, server logs, authentication logs, fraud prevention signals, abuse reports and security event records;
  • website and analytics data, such as pages visited, approximate location, referrer, browser data and analytics identifiers;
  • newsletter data, such as your email address, subscription request, unsubscribe status, IP address, user agent and page where the signup was submitted.

We do not intentionally ask customers to provide special category data, such as health, religion or political opinions. If you place that type of data inside hosted content, you are responsible for making sure you have the right to do so.

4. How We Use Personal Data

We use personal data to create and manage accounts, process orders, provide hosting, WordPress hosting, domain, DNS and email services, provision DirectAdmin accounts, manage invoices and payments, send service messages, respond to support requests, maintain security, prevent abuse, monitor service health, handle cancellations and comply with legal, tax and accounting duties.

We also use limited website and analytics data to understand how visitors use kitcloud.io and improve the site. If you subscribe to updates, we use your email address to send KitCloud offers, marketing and newsletter messages. You can unsubscribe from marketing at any time.

5. Lawful Bases

Under UK data protection law, we must have a lawful basis for using personal data. The main lawful bases we rely on are:

  • contract, where processing is needed to create an account, take an order, provide a service, manage billing, provide support or take steps before entering into a contract;
  • legal obligation, where we need to keep tax, accounting, company, fraud prevention, law enforcement or regulatory records;
  • legitimate interests, where we use data to secure the platform, prevent abuse, investigate faults, improve services, manage customer relationships, recover debts, defend legal claims or understand website performance in a proportionate way;
  • consent, where you subscribe to optional marketing or where cookie rules require consent for non-essential storage or tracking.

Where we rely on legitimate interests, our interests include operating a secure hosting platform, protecting customers and the public internet from abuse, keeping services reliable, improving customer experience and running KitCloud as a business. You can object to processing based on legitimate interests, but we may continue where we have a compelling reason or legal need.

6. Payments And Stripe

Payments are handled through Stripe. KitCloud receives payment status, billing and transaction information needed to manage invoices and services. We do not store your full card number on our own systems. Stripe handles card and payment details according to its own security and privacy controls.

7. Domains, DNS And Registries

When you register, transfer, renew or manage a domain, we may need to share domain contact and technical information with domain registrars, registries, DNS providers and related suppliers. This may include your name, organisation, address, email address, telephone number, domain name, nameserver details and domain configuration.

Domain registries and registrars may process this information under their own rules. Some domain information may be made available through WHOIS, RDAP, registry, registrar, dispute, compliance or law enforcement systems where required by domain rules or law.

8. Hosting, Email And Backups

Hosted websites, databases, files, applications and mailboxes may contain personal data controlled by you. KitCloud processes that hosted content to provide the service, maintain backups, support restores, troubleshoot faults, protect security and comply with lawful requirements.

Hosting backups are short-term active-service restore points, not long-term archives. Where stated for a hosting package, hourly website backup restore points are retained for 3 days. If a service is cancelled, terminated, expired, migrated away or left unpaid, hosted content and related backups may be deleted immediately or during normal deletion cycles, as explained in our Terms & Conditions.

9. Newsletter And Marketing

If you use the newsletter form, we use your email address to receive and manage your request for KitCloud offers, marketing and newsletters. The form records practical security and submission details such as IP address, user agent, submission time and page referrer.

Newsletter forms use Cloudflare Turnstile to reduce spam and automated submissions. You can unsubscribe or ask us to remove your marketing email address at any time.

10. Cookies, Analytics And Security Tools

The KitCloud website uses essential technologies for security, forms and normal site operation. It also uses Google Analytics to understand website usage, and Cloudflare Turnstile to help check that forms are submitted by real visitors rather than automated bots.

The billing area uses cookies and similar technologies for login, session management, language preferences, checkout, security and account operation. More detail is provided in our Cookie Policy.

11. Who We Share Personal Data With

We only share personal data where needed to provide services, run KitCloud, meet legal duties or protect the platform. Recipients may include hosting and infrastructure providers, DirectAdmin or control panel services, domain registries and registrars, Cloudflare, Stripe, email providers, analytics providers, professional advisers, debt recovery providers, fraud prevention services, regulators, law enforcement bodies and other suppliers who help us operate KitCloud.

We do not sell customer personal data.

12. International Transfers

Some suppliers may process personal data outside the United Kingdom. Where that happens, we use appropriate safeguards where required, such as UK adequacy regulations, approved contractual terms, supplier transfer safeguards or other lawful transfer mechanisms.

13. How Long We Keep Personal Data

We keep personal data only for as long as needed for the purpose it was collected, including service delivery, security, billing, accounting, legal, tax, dispute and operational reasons.

  • account, order, invoice and payment records are normally kept for up to 6 years where needed for tax, accounting, legal or dispute purposes;
  • support tickets and service records are kept while your account is active and then for as long as needed for service history, disputes, security, legal or accounting purposes;
  • security logs and technical logs are kept for a limited period unless needed for investigation, abuse prevention, fraud prevention, legal claims or platform security;
  • newsletter records are kept until you unsubscribe, ask us to remove them, or we review and clean inactive marketing records;
  • hosted content and hosting backups are kept according to the active service, backup rotation and termination terms described above and in our Terms & Conditions.

We do not keep terminated hosted content indefinitely just in case a former customer later asks for it. This is part of good data protection practice because personal data should not be kept longer than necessary.

14. Your Rights

Depending on the situation, you may have rights to access your personal data, correct it, erase it, restrict how it is used, object to certain processing, receive a portable copy, withdraw consent and complain to a regulator.

If your request relates to personal data inside a website, mailbox, database or application hosted by one of our customers, please contact that customer first because they will usually be the controller. We may need to refer those requests to the relevant customer unless we are the controller for the data concerned.

15. Security

We use technical and organisational measures designed to protect personal data, including access controls, authentication, monitoring, backups, infrastructure security and service management processes. No internet service is completely risk-free, so customers must also use strong passwords, protect account access, keep website software updated and avoid storing unnecessary personal data.

16. Complaints

Please contact us first if you have a privacy concern so we can try to put it right. You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator, at ico.org.uk/make-a-complaint.

17. Changes To This Policy

We may update this Privacy Policy from time to time as KitCloud services, suppliers or legal requirements change. The latest version will be published on this page.

Contact

For privacy questions, contact [email protected].