Privacy Policy

Disclaimer

0.1.1 MAXShard provides hosting services (“Services”). By using these Services, you agree to our data collection practices as described in this Privacy Policy. This policy explains what data we collect, how we use it, and how you can correct inaccuracies. If you disagree with this policy, please do not use our Services.

0.1.2 Customer data is stored on servers in EU (specifically, Germany, Canada, France, Singapore, and Australia) and the United States, hosted by OVHCloud and Verpex.

0.1.3 Our GDPR compliance is primarily governed by EU law, as MAXShard is established in the Netherlands. We also acknowledge and comply with relevant US data protection laws where applicable.

0.1.4 All MAXShard staff involved in development and infrastructure are trained on GDPR and EU data protection regulations. Code is reviewed by our Data Protection Officer (DPO) before deployment, ensuring security and best practices in accordance with EU law.

User Information

1.1.1 – 1.1.3 (Information Collection)

We collect personal information from you to provide our Services. This includes information collected through website forms and automated means like cookies.

Personal Information: This may include your name, address, phone number, email, IP address, service dates, payment history, and payment details. We use financial information solely for billing.

Cookies: We use cookies to store preferences, login details, and for website functionality. We also use them for analytics to improve our Services. You can disable cookies in your browser, but this may affect website functionality.

1.1.4 – 1.1.9 (Data Types and Responsibilities)

We store data for two user types: customers (those managing services) and their end-users.

Customer Data: We collect names, emails, addresses, phone numbers, and payment details (invoices; payment information is processed by PayPal/Stripe).
End-User Data: We collect usernames, messages, IP addresses, and activity timestamps.
System Logs: We log IP addresses, user agents, and connection times for security and debugging, retained for 6 months, subject to legal requests.
End-User Responsibility: Customers are responsible for managing their end-user data. We secure access to this data.
Privacy Information: Customers are responsible for their end-users’ privacy terms.

2.1.1 – 2.1.3 (Data Usage)

Personal Data: We use data for billing, service provision, and support. We may analyze data to improve our Services. We take security measures to prevent unauthorized access.
Log Files: We use IP addresses for trend analysis, site administration, and security.
Data Sharing: We do not share or sell customer or server data for advertising or analytics. Our business model is based on paid subscriptions.

3.1.1 – 3.1.2 (Data Sharing)

Service Providers: We share data with third-party service providers (payment processors, etc.) to provide our Services.
Law Enforcement: We disclose data to law enforcement when legally required.

Individuals Rights

4.1.1 (GDPR Rights)

MAXShard customers have the following rights under the GDPR:

Right to be informed: We provide clear information about data usage in this policy.
Right of access: Customers can access their data via the MAXShard website.
Right to rectification: Contact us for data correction via support channels.
Right to erasure: Contact us for data deletion via support channels.
Right to restrict processing: We primarily process data to provide services.
Right to data portability: Contact us for data export via support channels.
Right to object: Contact us with objections via support channels.
Rights related to automated decisions/profiling: We do not use automated decision-making or profiling.

5.1.1 (Data Correction)

Customers can update their personal information through their MAXShard account settings.

6.1.1 (Access Requests)

We respond to data access requests within one month, free of charge.

7.1.1 – 7.1.2 (Lawful Basis)

We process personal data based on:

Consent (e.g., marketing opt-ins).
Contractual necessity (providing the Services).

8.1.1 – 8.1.3 (Children’s Privacy)

We do not knowingly collect personal data from children under 13 (US) or 16 (EU).
If we discover such data, we will delete it.
Customers are responsible for ensuring their end-users comply with child privacy laws.

Data Information

9.1.1 – 9.1.3 (Data Security)

We actively monitor for unauthorized system access and implement security measures to minimize vulnerabilities.

Security measures include:

• Firewalls and network isolation.
• Internal system access via VPN only.
• SSH on all servers and for websites we use our trusted partner Verpex.
• Encrypted two-factor authentication for sensitive accounts.
• Encrypted backups, retained for a maximum of 3 months.
• We will notify users of any data breach within 24 hours of discovery and resolution. Customers are then responsible for notifying their end-users.

10.1.1 (Security Focus)

Security is a fundamental consideration in all new system development at MAXShard, with a focus on data protection.

11.1.1 (Data Protection Officer)

Name: Damian van Noort
Role: Founder & Managing Director
Email: damian.vannoort@maxshard.com
Phone: +31 6 38917774

International

12.1.1 – 12.1.2 (EU Data Processing)

MAXShard may process data from individuals located in EU member states.
MAXShard’s main establishment is in the Netherlands, therefore its supervisory authority is primarily based within the European Union.

12.1.3 (Company Information)

MAXShard is owned and operated by Damian van Noort, a sole proprietor based in the Netherlands.
Email: support@maxshard.com
Phone: +31 6 38917774

Policies

13.1.1 (Policy Changes)

We may modify this Privacy Policy at any time. If we make significant changes to how we use previously collected personal information, we will provide you with advance notice and an opportunity to opt-out. We encourage you to review this policy periodically for the latest information on our privacy practices.