WHITEWHALEWHITEWHALE
PlansLocationsKnowledge basePolicies
Language
Order VPS

Privacy Policy

This policy explains how WHITEWHALE processes personal data in connection with our cloud services and GDPR obligations.

Updated: January 27, 2026

1. Scope and role

This policy applies to our websites, client area, support channels, and cloud services. ETERNITY CLOUD GEORGIA, Individual Entrepreneur (Georgia) ("WHITEWHALE") acts as the data controller for account and billing data. ETERNITY CLOUD LIMITED, UK (Company No. 16810688) provides infrastructure services and acts as a subprocessor for hosting and network operations.

2. Categories of data

We may process the following categories:

  • Account data (name, email, company name, contact details, account identifiers).
  • Billing data (payment method metadata, invoices, tax identifiers if provided).
  • Service data (instance IDs, resource usage metrics, provisioning details, configuration metadata).
  • Security and abuse data (IP addresses, access logs, security events, abuse reports).
  • Support communications (tickets, emails, and operational chat records).

3. Sources of data

Data is collected directly from customers, generated by service operation, or received from payment processors and abuse reporting channels. We do not require passport scans or mandatory identity verification to place an order.

4. Purposes of processing

We process data for the following purposes:

  • Provisioning and operating cloud services.
  • Billing, invoicing, and payment reconciliation.
  • Security monitoring, abuse prevention, and incident response.
  • Customer support and service communications.
  • Compliance with legal obligations and lawful requests.

5. Legal bases

We process personal data based on contract performance, legitimate interests (service security and abuse prevention), legal obligations, and consent where required (e.g., optional communications).

6. Cookies and similar technologies

We use essential cookies for authentication, session integrity, and abuse protection. Optional analytics cookies, if used, are limited and do not include sensitive identifiers.

7. Data retention

We retain data only as long as necessary to provide services, meet legal obligations, resolve disputes, and maintain security. Security logs are retained for operational needs and then deleted or anonymized.

8. Sharing and subprocessors

We share data with trusted providers for payment processing, infrastructure, and support tooling. Subprocessor details are available on request and are bound by data protection terms.

9. International transfers

We operate on European locations. When data is transferred outside the EEA, we use appropriate safeguards such as standard contractual clauses.

10. Security measures

We apply technical and organizational safeguards:

  • Access control, least privilege, and audit logging.
  • Network segmentation and DDoS mitigation.
  • Encryption in transit where applicable.
  • Monitoring and incident response procedures.

11. GDPR rights

You may request access, correction, deletion, restriction, objection, or data portability. We respond within GDPR timelines.

12. Children’s data

Our services are intended for business and professional use. We do not knowingly collect personal data from children.

13. Changes

We may update this policy to reflect operational, legal, or regulatory changes. Material updates are published on this page.

14. Contact

[email protected]