Privacy Policy

Effective Date: June 2, 2026  ·  Last Updated: June 2, 2026

PolicyHosting ("we", "us", "our") operates the website policyhosting.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information We Collect

Account information

When you create an account, we collect:

  • Email address — used for login, password reset, and important service notifications
  • Password — stored only as a one-way cryptographic hash; we cannot see or recover your actual password
  • Username — chosen by you, displayed in your dashboard

Content you create

The privacy policies you generate and publish on our Service, including any details you enter (app name, contact email, data-collection disclosures, etc.). Published policies are publicly accessible at their URL by design.

Payment information

If you subscribe to a paid plan, payment is processed by a PCI-DSS compliant third-party payment processor. We never see or store your full credit card number — our processor sends us only a customer reference, your subscription status, and the last 4 digits of your card.

Technical information (logs)

IP address, browser type, timestamp, and URLs requested. Used only for security (rate limiting, brute-force detection) and debugging. Server logs are retained for up to 30 days.

What we do NOT collect

  • No analytics tracking (no Google Analytics, no third-party trackers)
  • No advertising cookies
  • No cross-site behavioral data
  • No tracking cookies beyond what's strictly necessary for login/session and CSRF protection

2. How We Use Information

We use the information we collect only to:

  • Provide and maintain the Service (host your policies, authenticate your account)
  • Process subscription payments
  • Send transactional emails (password reset, account notifications, subscription receipts)
  • Detect and prevent abuse (brute-force login attempts, spam)
  • Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing.

3. Service Providers

We engage a small number of reputable third-party service providers to operate the Service. They process your data only on our behalf and only to the extent necessary to provide their services. The categories of providers we use include:

  • Cloud infrastructure — web and database hosting in the United States
  • Payment processing — to handle subscription billing securely (we never store full card numbers)
  • Transactional email delivery — to send account-related emails such as password resets and receipts
  • DNS — to route traffic to our domain

All providers are bound by written agreements that restrict their use of your data to providing services to us. We do not share your data with advertisers, data brokers, or analytics networks.

If you require the specific identities of our service providers for compliance or audit purposes, contact us at contactus@policyhosting.com.

4. Cookies

We set only the cookies necessary for the Service to function:

  • Session cookie — keeps you logged in
  • CSRF cookie — protects against cross-site request forgery

We do not set tracking, analytics, or advertising cookies.

5. Do Not Track

We honor the "Do Not Track" browser signal. Since we do not perform any cross-site or behavioral tracking, our behavior is the same regardless of this signal.

6. Data Retention

  • Account data: retained as long as your account is active.
  • Published policies: retained as long as you have an active subscription (where applicable) or have not deleted them.
  • Deleted accounts and policies: removed from our active systems immediately; residual copies in encrypted backups are purged within 30 days.
  • Logs: retained up to 30 days, then permanently deleted.
  • Payment records: retained as required by tax and accounting laws (typically 7 years).

7. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your account and personal information
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, email us at contactus@policyhosting.com. We will respond within 30 days.

8. Children

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Security

We protect your data with industry-standard measures: HTTPS for all traffic, password hashing, brute-force lockout, rate limiting, secure cookie flags, and HSTS. No system is perfectly secure; please use a strong, unique password and notify us immediately if you suspect unauthorized access to your account.

10. International Users

Our servers are located in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the new policy at this URL and update the "Last Updated" date above. For material changes, we will notify active account holders by email.

12. Governing Law

This Privacy Policy is governed by the laws of the State of Washington, United States, without regard to its conflict-of-law provisions.

13. Contact Us

If you have any questions about this Privacy Policy or our practices, contact us at:
contactus@policyhosting.com