Privacy Policy
Last Updated: 02 January 2026
Rivet Cloud Hosting Limited (“Rivet”, “we”, “us”) is committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website or services.
1. Roles & Contact
Data Controller
For personal data relating to:
- Account registration
- Billing and payments
- Communications and support
- Marketing and service notices
Rivet Cloud Hosting Limited acts as the data controller.
Data Processor
For data that customers choose to host, store, or transmit using our services (including VPS, hosting, and reseller services):
- The customer acts as data controller
- Rivet acts as a data processor or sub-processor only
Contact
For all data protection enquiries:
Email: gdpr@rivetcloudhosting.co.uk
2. Personal Data We Process
We may process the following categories of personal data:
Account & Identity Data
- Name
- Email address
- Postal address
- Telephone number (optional)
Billing & Payment Data
- Invoice details
- Payment status
- Transaction references
Payment card details are processed by third-party payment providers. Rivet does not store full card details.
Technical & Usage Data
- IP addresses
- Login records
- Device and browser information
- Security and abuse logs
- Resource usage metrics (where required for service operation)
Communications
- Support tickets
- Emails and portal messages
- Service-related correspondence
Wi-Fi Access Data
- Email address submitted on Wi-Fi portals
- Device identifiers (MAC address or session ID)
- Access timestamps and verification status
3. Purposes & Legal Bases
We process personal data for the following purposes and legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing services and account management | Contract |
| Billing and payment processing | Contract |
| Security, abuse prevention, and system integrity | Legitimate interests |
| Service improvement and monitoring | Legitimate interests |
| Legal, accounting, and tax compliance | Legal obligation |
| Service notifications | Legitimate interests |
Wi-Fi Access & Email Verification
Where Rivet Cloud Hosting provides guest Wi-Fi services to venues, we process email addresses submitted by end users on a Wi-Fi access portal for the purpose of:
- Verifying the email address provided
- Preventing abuse and automated access
- Enforcing venue Wi-Fi usage terms
- Providing the user with temporary or continued internet access
Email addresses are only collected when the user voluntarily enters their email address on the Wi-Fi portal and accepts the applicable Terms and Privacy Policy. A verification email containing a secure link is sent to confirm ownership of the email address.
These emails are strictly transactional and are not marketing messages unless the user has explicitly opted in to receive marketing communications.
The lawful basis for this processing is:
- Performance of a contract (providing Wi-Fi access)
- Legitimate interests (fraud prevention, network security, and abuse prevention)
- Consent (where marketing communications are enabled)
4. Data Sharing & International Transfers
We use carefully selected third-party processors to deliver our services, including:
- Datacentre and infrastructure providers
- Hosting control panels (e.g. DirectAdmin)
- Billing and payment gateways
- Email and support systems
- Backup and monitoring services
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:
- UK adequacy regulations
- Standard contractual clauses
- Equivalent lawful mechanisms
A list of processors may be provided on request.
5. Data Retention
We retain personal data only for as long as necessary:
- Account & billing data: duration of account + 6 years
- Support communications: up to 24 months
- Security and access logs: typically 14–30 days
- Backups: provided on a best-efforts basis; customers remain responsible for their own data backups
6. Your Rights
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure (where applicable)
- Restrict processing
- Data portability
- Object to processing based on legitimate interests
To exercise your rights, contact:
gdpr@rivetcloudhosting.co.uk
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk
7. Security Measures
We implement appropriate technical and organisational measures to protect personal data, including:
- Encryption in transit
- Restricted staff access
- Secure authentication controls
- Regular patching and system updates
- Monitoring for abuse and security events
Customers are responsible for securing operating systems, applications, and data within their own VPS or hosted environments unless a managed service is purchased.
8. VPS, Reseller Hosting & Sub-Processing
VPS & Infrastructure Services
For VPS and infrastructure services:
- Customers control the data they host or process
- Rivet does not inspect or control customer content
- Customers are responsible for ensuring lawful processing of any personal data they host
Reseller Hosting
Where you act as a Reseller:
- You are the data controller for your end-users
- Rivet acts as your processor or sub-processor
- You must provide your own privacy notice to end-users
- Data subject requests from end-users must be handled by you
Rivet has no direct relationship with Reseller end-users.
9. Cookies & Tracking
Our website uses cookies and similar technologies as described in our Cookie Policy.
Websites hosted by customers or Resellers are responsible for implementing their own cookie consent and privacy compliance.
10. Contact Details
For data protection queries:
Email: gdpr@rivetcloudhosting.co.uk
Rivet Cloud Hosting Limited
Collingwood Buildings
38 Collingwood Street
Newcastle upon Tyne
NE1 1JF
Registered in England & Wales No. 16743138