ServerDeck

Privacy Policy

Last updated: April 2026

1. Introduction

ServerDeck ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our VPS management platform at serverdeck.io and its associated application. By using the Service, you agree to the collection and use of information as described in this policy.

2. Information We Collect

We collect the following categories of information:

  • Account data: username, email address, and hashed password (bcrypt).
  • Server data: IP addresses, hostnames, SSH credentials (AES-256 encrypted), and collected system information (OS, RAM, disk, CPU, domains, installed software).
  • Usage data: login timestamps, actions performed within the platform (stored as audit logs).
  • Billing data: subscription plan and billing status. Payment card details are processed and stored exclusively by Paddle — we do not store payment card information.
  • Technical data: IP addresses used to access the Service, request logs, and browser session tokens.
  • Communications: any emails or messages you send to our support team.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Authenticate users and secure accounts (including 2FA).
  • Send transactional emails: verification codes, password reset links, billing receipts.
  • Send alert notifications about your servers (only if enabled by you).
  • Maintain audit trails for security and accountability.
  • Diagnose technical problems, prevent abuse, and enforce our Terms of Service.
  • Process subscription payments via our payment processor, Paddle.

4. Data Storage and Security

All sensitive data is protected using industry-standard practices:

  • Passwords are hashed using bcrypt and never stored in plaintext.
  • SSH credentials (passwords and private keys) are encrypted at rest using AES-256 (Fernet) symmetric encryption.
  • All data is stored in a PostgreSQL database with access restricted to application services only.
  • All transport is secured via HTTPS/TLS.
  • Authentication tokens (JWT) are stored in browser local storage and cleared on logout.

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We share information only with:

  • Paddle: our payment processor, which handles billing and subscription management under their own Privacy Policy.
  • SMTP provider: used solely to deliver transactional emails you have requested.
  • Sentry (optional): for error monitoring, if configured. Error reports may include anonymized technical data.
  • Law enforcement: when required by law, court order, or to protect the rights and safety of ServerDeck, our users, or the public.

6. Cookies and Local Storage

ServerDeck uses browser local storage to store JWT authentication tokens. We do not use third-party tracking cookies, advertising cookies, or cross-site tracking technologies. We use HCaptcha on login and registration forms to prevent automated abuse; HCaptcha processes data under its own Privacy Policy.

7. Data Retention

We retain your account data for as long as your account is active. Audit logs, notifications, and server metrics are retained for operational purposes (up to 12 months for metrics history). You may request deletion of your account and all associated data by contacting us at [email protected]. We will process deletion requests within 30 days.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion ("right to be forgotten") of your account and data.
  • Object to or restrict certain data processing activities.
  • Receive a portable copy of your data (data portability).
  • Withdraw consent for data processing where consent is the legal basis.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

ServerDeck may process and store data on servers located outside your country of residence. By using the Service, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place for any cross-border transfers.

10. Children's Privacy

The Service is not directed at or intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting a notice on the Service or by email at least 14 days before changes take effect. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].

Terms of ServiceRefund PolicyHome