Privacy Policy

Ahead Host LLC — Privacy Policy

Effective date: October 17, 2025
Entity: Ahead Host LLC (a Connecticut limited liability company)
Governing law & venue for this notice: State of Connecticut, USA (we also explain rights for other regions below).

This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our websites, client portal, and hosting/services listed on: /shared/, /reseller/, /nl-web-hosting/, /vps/ (Canada/US/France/Netherlands/Australia — Linux & Windows), /dedicated/, /ssl-certificates/, /domain-registration/, and /fix-hacked-website/.

Controller vs. Processor:
We are a controller for data about visitors, prospects, billing contacts, abuse reporters, and portal users.
You are the controller for any customer content you host with us (website files, databases, email content, logs inside your VM, etc.). In that case, we act as your processor/service provider and process that content only under your instructions and the applicable agreement (including any DPA).

1) Information We Collect

1.1 Account & Billing

  • Identity & contact: name, company, email, phone, postal address.

  • Account settings, communication preferences, support history.

  • Billing details: invoices, payment status, partial card details or tokens from our payment processor (we do not store full card numbers).

1.2 Technical & Service Data

  • Server/network logs: IP address, timestamps, request/response headers, user agent, resource paths, DNS queries/answers, error codes, crash reports.

  • Security/abuse signals: firewall/WAF events, authentication attempts, spam/RBL lookups, rate‑limits, malware scan results.

  • Device & usage: browser type, OS, language, time zone, pages viewed, referrer/UTM data.

1.3 Customer Content (Hosting)

  • Files, databases, emails, and configurations you deploy to shared/reseller, VPS, or dedicated services. We process this only to provide/secure the service and as instructed by you.

1.4 Product‑Specific

  • Domain registration/transfer/WHOIS: registrant/administrative/technical contacts, DNS servers, and related data required by registrars/registries/ICANN per applicable policy.

  • SSL certificates: contact and (for OV/EV) organization identity documentation submitted to the Certificate Authority (CA) for validation.

  • Malware cleanup: website code, database entries, server logs, and admin credentials necessary to complete the cleanup and hardening you request.

1.5 Cookies & Similar Technologies

  • We use necessary cookies for authentication, session management, fraud prevention, and security.

  • With consent where required, we may use analytics/performance cookies and limited marketing or A/B testing cookies. See §10 Cookies for details.

1.6 Sources

  • You (forms, portal, email, support tickets, order flows).

  • Your devices and our systems (logs, telemetry).

  • Payment processors, identity/fraud‑screening services, domain registrars/registries, certificate authorities, address‑validation services, and public databases (e.g., IP geolocation, RBLs) where relevant.

2) How We Use Information

  • Provide services & customer support: set up accounts, provision infrastructure, process payments, respond to tickets, and fulfill migrations.

  • Security & abuse prevention: detect, investigate, and mitigate spam, malware, DDoS, brute‑force, account takeovers, and other AUP violations.

  • Service operations: monitoring, capacity planning, troubleshooting, incident response, and service improvement.

  • Compliance & legal: ICANN/registry/CA obligations, tax/audit, law‑enforcement requests (when legally required), lawful discovery.

  • Communications: transactional notices (maintenance, incidents, billing), and—where permitted—product announcements. You can opt out of non‑essential marketing.

2.1 Lawful Bases (EEA/UK only)

  • Contract performance (providing the services you ordered).

  • Legitimate interests (security, fraud prevention, service improvement) where these do not override your rights.

  • Legal obligations (tax, ICANN/registry/CA compliance, court orders).

  • Consent (analytics/marketing cookies in regions where consent is required; certain optional features).

3) Sharing & Disclosures

We do not sell personal information. We share data only as needed to operate the services or when legally required:

  • Service providers/sub‑processors: data center & network operators, hardware vendors (RMA), DDoS/anti‑abuse services, payment processors, billing & ticket systems, registrar/registry partners, certificate authorities, email delivery, analytics, and customer communications.

  • Domain & SSL: registrant data to registrars/registries/ICANN; certificate data to CAs for DV/OV/EV issuance.

  • Legal: law enforcement, regulators, courts, and parties to legal process when we have a legal obligation or a good‑faith belief disclosure is necessary.

  • Business transfers: merger, acquisition, financing, or sale of assets (your data may transfer subject to this Policy and applicable law).

We can provide a current list of sub‑processor categories on request. For processor services, our DPA governs sub‑processor onboarding and notifications.

4) International Transfers

We operate globally with infrastructure and partners in multiple countries. Where applicable law requires a transfer mechanism (e.g., UK/EU SCCs), we implement appropriate safeguards. By using our services, you understand data may be processed in the United States and other jurisdictions with different data protection laws.

5) Retention

We retain data only as long as necessary for the purposes in this Policy or to meet legal/business requirements. Typical periods (subject to change):

Data Type Typical Retention
Account profile & contracts While account is active + 7 years (tax/audit)
Invoices & payment records 7 years
Support tickets & abuse reports 3 years after closure (longer if required for legal/security)
Server/network logs 30–180 days depending on system and security needs
Backups (courtesy) See Master Terms (typical: 7 days daily + 4 weeks weekly when capacity allows)
Domain/SSL records As required by registrar/registry/CA policy and legal obligations

When retention ends, we delete or de‑identify the data unless we must keep it longer (e.g., dispute, audit, legal hold).

6) Your Privacy Rights

Your rights depend on where you live. We will honor valid rights requests under applicable law.

6.1 Connecticut (CTDPA)

Connecticut residents can request: access, correction, deletion, and data portability; and opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. We also provide an appeals process if we deny a request.

6.2 California (CPRA/“CCPA” as amended)

California residents can request: access, correction, deletion, and portability; to know categories/sources/purposes; to opt out of sale/share for cross‑context behavioral advertising; and to limit use of sensitive personal information. We do not sell personal information as that term is commonly defined. We do not share for cross‑context behavioral advertising unless explicitly stated and consented.

6.3 EEA/UK (GDPR/UK GDPR)

You may request access, rectification, erasure, restriction, portability, and to object to processing based on legitimate interests. You may withdraw consent at any time (this does not affect prior processing). You also have the right to complain to a supervisory authority.

6.4 Exercising Your Rights

  • Submit a request: Open a ticket in the client portal or email privacy@aheadhostllc.com with subject “Privacy Request.”

  • Verification: We may ask for information to verify your identity (and authority of an agent, if applicable).

  • Timelines: We aim to respond within 45 days (extensions permitted by law).

  • Appeals (CT/VA/CO and similar): If we deny your request, you may appeal by replying to our decision. We will inform you of the outcome and how to contact your state attorney general if you remain unsatisfied.

We will not discriminate against you for exercising privacy rights.

7) Security

We use administrative, technical, and physical safeguards designed to protect data, including: access controls and MFA for staff accounts; encrypted transport (TLS) for portal and APIs; network segmentation; vulnerability management; logging/monitoring; and staff training. No method is 100% secure. Promptly notify us if you suspect an account compromise or unauthorized access.

8) Children’s Privacy

Our services are for businesses and adults. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us and we will take appropriate steps.

9) Third‑Party Links & Services

Our sites or portals may link to third‑party websites or integrate with third‑party services. We are not responsible for their privacy practices. Review their policies before providing personal information.

10) Cookies & Tracking

  • Strictly necessary: required for login, session management, CSRF, fraud prevention, and security. These cannot be switched off.

  • Analytics/performance: helps us understand usage and improve services (enabled with consent where required).

  • Marketing/functional: limited use for communications preferences and feature experiments (consent where required).

Controls: You can manage cookies in your browser settings. In regions where consent is required, our banner or preferences center lets you opt in/out of non‑essential cookies. Some features may not function without certain cookies.

Do Not Track/GPC: We honor browser Global Privacy Control (GPC) and similar signals in states/regions where required by law. Where not required, we still aim to respect your choices when technically feasible.

11) Processor Services & DPA

For hosting and related services where we act as your processor/service provider, we will:

  • process customer content only on your documented instructions;

  • implement appropriate security measures;

  • ensure staff confidentiality;

  • assist with data subject requests that relate to content we process for you (where feasible);

  • support security incident notifications consistent with our agreements;

  • flow down obligations to sub‑processors; and

  • upon termination, delete or return customer content consistent with the agreement.

Data Processing Addendum (DPA): A standard DPA is available on request. Open a ticket or email privacy@aheadhostllc.com.

12) Changes to this Policy

We may update this Policy from time to time. The “Effective date” above shows when the latest version took effect. Material changes will be highlighted on our site or via email/portal notice.

13) Contact Us

Ahead Host LLC (Connecticut, USA)
Email: privacy@aheadhostllc.com
Support: client portal (preferred for account‑specific requests)
Postal/Mailing Address: See our website Contact page for the current Connecticut mailing address or include on your invoice/contract.

If you have unresolved concerns, you may also contact your regional data protection authority or state attorney general.

aheadhost-white2black-cropped-1500w

Hosting, domains, VPS, and dedicated servers that scale as you grow—secure with SSL, clear pricing, easy upgrades, and responsive support.

Facebook-f
oVERVIEW
OUR PRODUCTS
Contact us
Message on WhatsApp Message on Telegram
Ahead Host LLC – Web Hosting & VPS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.