1. Scope

This Privacy Policy explains how KmerHosting collects, uses, stores, shares, and deletes personal data when you use our website, client area, hosting services, support channels, billing tools, and AI features. It applies to kmerhosting.com and to related services that reference this policy.

We wrote this document to be practical. It tells you what data we need to run the service, what data is optional, and what rights you can exercise if you want access, correction, deletion, or a clearer explanation.

2. Data we collect

The exact information we process depends on the product you use, but it generally falls into the categories below.

Account details: name, email address, phone number, company name, billing country, login credentials, and account preferences.
Order and billing records: purchased services, invoices, credits, payment confirmations, transaction references, and fraud review notes.
Support history: tickets, chat messages, email exchanges, logs you send us, and internal notes created while resolving an issue.
Technical telemetry: IP address, browser information, operating system, device type, timestamps, and service performance or error logs.
Verification information: KYC submissions, student verification files, or identity data required to validate eligibility for a specific offer.
AI interaction data: prompts, outputs, usage counts, and configuration choices made in our AI products or AI-assisted workflows.

3. Why we process personal data

We only process data when there is a legitimate operational or legal reason to do so.

Service delivery: to provision hosting, activate domains, manage DNS, renew subscriptions, and keep your account usable.
Security: to detect fraud, abuse, brute-force attempts, suspicious payments, or activity that could harm other customers.
Support: to troubleshoot incidents, answer billing questions, guide migrations, and document a case while it is open.
Compliance: to meet tax, accounting, anti-fraud, or lawful disclosure obligations that apply to our business.
Product improvement: to understand reliability issues, improve onboarding, refine documentation, and prioritize roadmap work.
Communication: to send transactional notices such as invoices, renewal reminders, security alerts, maintenance notices, and service updates.

4. Legal bases

Contract performance: when the data is required to provide the service you requested.
Legitimate interests: when the processing is reasonably necessary for security, service quality, abuse prevention, or internal operations.
Consent: when you opt in to marketing messages, non-essential cookies, or a feature that clearly requests permission.
Legal obligation: when we must retain or disclose information to comply with applicable law or an enforceable request.

5. Sharing with third parties

We do not sell personal data. We may share limited information with service providers that help us operate the platform.

Payment providers: to collect payments, validate transactions, and help us prevent fraud.
Email and notification providers: to deliver invoices, support replies, verification emails, and service alerts.
Infrastructure and security partners: to host services, protect traffic, monitor uptime, and investigate abuse.
AI model providers: when you use AI features that rely on third-party inference services.
Professional advisers or authorities: when required for legal claims, audits, regulatory review, or lawful disclosure.

6. Retention periods

Active account records are retained for as long as the account exists.
Invoices, payments, and tax records may be retained for up to 7 years.
Support conversations and diagnostic logs are typically retained for up to 12 months unless a longer period is needed for an ongoing case.
KYC and eligibility files are removed after verification is completed and the retention period required for fraud control has expired.
Closed or inactive accounts may be deleted or anonymized once contractual and legal retention periods end.

7. Security controls

Traffic is protected with TLS in transit.
Passwords are hashed and never stored in plaintext.
Administrative access is restricted to authorized personnel.
Operational logs, auditing, and monitoring are used to investigate abnormal events.
We apply updates, patches, and access reviews as part of routine maintenance.

8. Cookies and analytics

We use cookies and similar technologies for authentication, session continuity, interface preferences, performance measurement, and security. For more detail, read our Cookie Policy.

9. Your rights

Access the information we hold about you.
Correct incomplete or outdated account information.
Request deletion where retention is no longer required.
Object to direct marketing or specific forms of processing.
Ask for a copy of data you provided in a structured format where applicable.

10. International processing

Our operations may involve service providers located in multiple jurisdictions. When data is processed outside the country where it was originally collected, we use reasonable contractual, organizational, and security safeguards appropriate to the transfer.

11. Updates to this policy

We may revise this Privacy Policy when our services, legal obligations, or security practices change. When we make material changes, we will update the date on this page and may also notify you in-product or by email where appropriate.

12. Contact

Email: [email protected]
WhatsApp: +237 694 193 493
Location: Yaounde, Cameroon

1. Scope

2. Data we collect

The exact information we process depends on the product you use, but it generally falls into the categories below.

Account details: name, email address, phone number, company name, billing country, login credentials, and account preferences.

Order and billing records: purchased services, invoices, credits, payment confirmations, transaction references, and fraud review notes.

Support history: tickets, chat messages, email exchanges, logs you send us, and internal notes created while resolving an issue.

Technical telemetry: IP address, browser information, operating system, device type, timestamps, and service performance or error logs.

Verification information: KYC submissions, student verification files, or identity data required to validate eligibility for a specific offer.

AI interaction data: prompts, outputs, usage counts, and configuration choices made in our AI products or AI-assisted workflows.

3. Why we process personal data

We only process data when there is a legitimate operational or legal reason to do so.

Service delivery: to provision hosting, activate domains, manage DNS, renew subscriptions, and keep your account usable.

Security: to detect fraud, abuse, brute-force attempts, suspicious payments, or activity that could harm other customers.

Support: to troubleshoot incidents, answer billing questions, guide migrations, and document a case while it is open.

Compliance: to meet tax, accounting, anti-fraud, or lawful disclosure obligations that apply to our business.

Product improvement: to understand reliability issues, improve onboarding, refine documentation, and prioritize roadmap work.

Communication: to send transactional notices such as invoices, renewal reminders, security alerts, maintenance notices, and service updates.

4. Legal bases

Contract performance: when the data is required to provide the service you requested.

Legitimate interests: when the processing is reasonably necessary for security, service quality, abuse prevention, or internal operations.

Consent: when you opt in to marketing messages, non-essential cookies, or a feature that clearly requests permission.

Legal obligation: when we must retain or disclose information to comply with applicable law or an enforceable request.

5. Sharing with third parties

We do not sell personal data. We may share limited information with service providers that help us operate the platform.

Payment providers: to collect payments, validate transactions, and help us prevent fraud.

Email and notification providers: to deliver invoices, support replies, verification emails, and service alerts.

Infrastructure and security partners: to host services, protect traffic, monitor uptime, and investigate abuse.

AI model providers: when you use AI features that rely on third-party inference services.

Professional advisers or authorities: when required for legal claims, audits, regulatory review, or lawful disclosure.

6. Retention periods

Active account records are retained for as long as the account exists.

Invoices, payments, and tax records may be retained for up to 7 years.

Support conversations and diagnostic logs are typically retained for up to 12 months unless a longer period is needed for an ongoing case.

KYC and eligibility files are removed after verification is completed and the retention period required for fraud control has expired.

Closed or inactive accounts may be deleted or anonymized once contractual and legal retention periods end.

7. Security controls

Traffic is protected with TLS in transit.

Passwords are hashed and never stored in plaintext.

Administrative access is restricted to authorized personnel.

Operational logs, auditing, and monitoring are used to investigate abnormal events.

We apply updates, patches, and access reviews as part of routine maintenance.