01 Who We Are
Digital Darkside ("we", "us", "our") is a web hosting company based in Trinidad and Tobago, operating under the domain digitaldarkside.net. We are the data controller for all personal information collected through our website and services.
We provide shared hosting, VPS, dedicated server, email hosting, and related infrastructure services. All client billing and account management is handled through WHMCS. Hosting accounts are managed via Hestia Control Panel.
For privacy enquiries, contact us at: privacy@digitaldarkside.net
02 Scope of this Policy
This Privacy Policy applies to:
- Visitors to the digitaldarkside.net website
- Registered clients using our WHMCS client portal
- Users of Hestia Control Panel on our servers
- Recipients of our support, billing, and marketing communications
- Anyone who contacts us via email, web form, WhatsApp, or other channel
This policy does not cover the privacy practices of websites you host on our servers, or third-party services you connect to through your hosting account. You are responsible for your own customers' data and must maintain your own privacy policy for any websites you operate.
03 Data We Collect
3.1 Account & Registration Data
| Data Type | What We Collect | Required? |
|---|---|---|
| Identity | Full name, username, account ID | Yes |
| Contact | Email address, phone number (optional) | Email: Yes · Phone: No |
| Address | Country, city — for billing records | Yes |
| Company | Company name, VAT/Business registration number | No (optional) |
| Security | Hashed password, login history, 2FA tokens | Yes |
3.2 Billing & Payment Data
| Data Type | What We Collect | Notes |
|---|---|---|
| Invoice data | Service ordered, amount, currency (USD or TTD), invoice dates | Stored in WHMCS |
| Payment tokens | Payment gateway reference numbers | We do not store full card numbers |
| TTD transactions | Transaction reference from local payment gateway | Stored by payment provider |
3.3 Technical & Usage Data
- Server logs — IP addresses, access timestamps, HTTP requests, response codes
- WHMCS portal logs — login times, actions taken, IP addresses
- Hestia CP logs — domain additions, email creation, database operations
- Support ticket content — all messages exchanged with our support team
- Email metadata — from/to addresses, timestamps on support emails
- Browser data — browser type, OS, referring URL (via standard web server logs)
3.4 Communications Data
- Content of support tickets submitted through WHMCS or our web form
- Emails sent to and from our support, sales, and billing addresses
- WhatsApp messages if you contact us via WhatsApp
- Content of contact form submissions on our website
04 How We Collect Data
- Directly from you — when you register an account, place an order, submit a ticket, or contact us
- Automatically — via server logs, WHMCS activity logs, and Hestia CP when you use our services
- Via cookies — session cookies and optional analytics cookies on our website (see Section 7)
- From payment processors — transaction confirmation and reference data upon successful payment
- From third-party services — if you use third-party integrations connected to your hosting account
05 Why We Use Your Data
| Purpose | Data Used | Basis |
|---|---|---|
| Provision of services | Account, identity, service selection | Contract performance |
| Billing & invoicing | Name, address, payment reference | Contract + legal obligation |
| TTD payment processing | Name, transaction data | Contract performance |
| Technical support | Account details, server logs, ticket content | Contract performance |
| Security & fraud prevention | IP addresses, login logs, activity records | Legitimate interest |
| Service notifications | Email address, service details | Contract + legitimate interest |
| Marketing emails | Email address, service history | Consent (opt-in only) |
| Legal compliance | Account records, logs | Legal obligation |
| Service improvement | Anonymised usage analytics | Legitimate interest |
06 Legal Basis for Processing
Under applicable data protection principles, we process your personal data on the following legal bases:
- Contract performance — processing necessary to provide the hosting services you have ordered
- Legitimate interests — security monitoring, fraud prevention, service improvement, and internal analytics, where our legitimate interests are not overridden by your rights
- Legal obligation — retaining financial records as required by TT law; complying with lawful law enforcement requests
- Consent — marketing communications and optional analytics cookies, where you have given explicit consent. You may withdraw consent at any time.
07 Cookies & Tracking
Our website uses cookies — small text files stored in your browser — for the following purposes:
08 Third-Party Services & Sharing
We share limited personal data with the following categories of third parties, strictly to operate our services:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Payment Processors | Process card and TTD debit card payments | Name, billing address, transaction amount |
| WHMCS (platform) | Billing and client management platform | Account and billing data stored in WHMCS |
| Hestia CP (platform) | Open-source hosting control panel | Hosting account credentials and configurations |
| Data Centre Operators | Physical hosting infrastructure in TT and Miami | No direct personal data — physical hardware only |
| Email Providers | Transactional and support email delivery | Recipient email address and email content |
| Law Enforcement | Responding to lawful legal requests under TT law | Only as required by applicable law |
09 Data Storage & Location
9.1 Primary Storage — Trinidad & Tobago
The majority of your personal data — including your account records, billing history, hosting configurations, and server content — is stored on servers physically located in Trinidad & Tobago, within a TIA-942 Rated-3 certified data centre.
9.2 Replication Node — Miami, USA
We maintain a replication node at Equinix MI1 in Miami, USA for redundancy. If you have elected to host your VPS on our US node, your server data resides in the USA and is subject to US jurisdiction. Data on the TT primary node that is replicated to Miami for infrastructure redundancy is handled under strict access controls and encryption in transit.
Clients with specific data sovereignty requirements should select the Trinidad & Tobago node when ordering VPS services and avoid the Miami option.
9.3 WHMCS Data
Your WHMCS account data (billing records, support tickets, service information) is hosted on our infrastructure in Trinidad & Tobago.
10 Data Retention
We retain your personal data for the minimum period necessary to fulfil the purposes described in this policy:
| Data Category | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of service + 90 days | Service provision |
| Billing records & invoices | 7 years from transaction date | TT financial record requirements |
| Support ticket history | 3 years from ticket closure | Service quality, dispute resolution |
| Server access logs | 90 days rolling | Security monitoring, abuse investigation |
| Cancelled account data | 14 days post-cancellation | Grace period for reactivation |
| Backup copies | Up to 30 days on shared/managed plans | Recovery purposes only |
| Marketing consent records | Until consent withdrawn + 2 years | Compliance evidence |
After the applicable retention period, data is securely deleted or anonymised. We review our retention practices annually.
11 Your Rights
You have the following rights over your personal data held by Digital Darkside:
Request a copy of all personal data we hold about you. We will respond within 30 days.
Request correction of inaccurate or incomplete personal data. You can update most data yourself via the WHMCS portal.
Request deletion of your personal data, subject to our legal obligations (e.g. we must retain billing records for 7 years).
Request that we restrict processing of your data in certain circumstances while a dispute is under review.
Request your personal data in a structured, machine-readable format (CSV or JSON) for transfer to another provider.
Object to processing based on legitimate interest, including direct marketing. We will stop processing upon a valid objection.
12 Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction:
- Encryption in transit — all data transmitted between your browser and our servers is encrypted via TLS 1.2/1.3 (HTTPS)
- Encryption at rest — sensitive data fields are encrypted in our database
- Password hashing — account passwords are hashed with bcrypt and are never stored in plain text
- Access controls — staff access to customer data is role-based and logged
- Network security — firewalls, DDoS mitigation, and intrusion detection systems protect our infrastructure
- Physical security — our data centre provides biometric access controls, 24/7 CCTV, and security personnel
- Two-factor authentication — available for all WHMCS client accounts (strongly recommended)
- Regular security reviews — we periodically audit our security practices and update them accordingly
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected customers by email within 72 hours of becoming aware of the breach. The notification will include: the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures we have taken or propose to take.
13 Children's Privacy
Our services are not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected personal data from a minor, please contact us immediately at privacy@digitaldarkside.net and we will delete the data promptly.
Account registration requires confirmation that you are at least 18 years old. If we discover that an account has been created by a minor, we will suspend and delete the account.
14 Jurisdiction & Governing Law
This Privacy Policy is governed by the laws of the Republic of Trinidad and Tobago. Digital Darkside operates under TT law and any privacy disputes shall be subject to the jurisdiction of the courts of Trinidad and Tobago.
International Customers
If you are accessing our services from outside Trinidad and Tobago, including from within the European Union or United Kingdom, please note:
- We are not formally registered as a GDPR controller in the EU/EEA, as we are a TT-based company. However, we apply data protection principles consistent with international best practices.
- EU/UK residents who choose to use our services do so acknowledging that their data is processed under TT law
- We welcome privacy requests from all customers regardless of their location
15 Changes to this Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable law. When we make material changes, we will:
- Post the updated policy on our website with a new "Last Updated" date
- Send an email notification to all registered clients at least 14 days before changes take effect
- Highlight the nature of the changes in the notification email
Your continued use of our services after the effective date of a revised policy constitutes acceptance of the updated terms. If you do not agree to changes, you may cancel your services and request deletion of your account data.
16 Contact & Complaints
For any privacy-related questions, requests, or concerns, contact our privacy team:
Complaints
If you believe we have not handled your personal data appropriately, please contact us at privacy@digitaldarkside.net in the first instance. We take all privacy complaints seriously and will investigate and respond within 30 days.
If you are unsatisfied with our response, you may lodge a complaint with the relevant data protection authority in your jurisdiction. In Trinidad & Tobago, data matters can be referred to the Office of the Information Commissioner under the Freedom of Information Act.