Privacy Policy

Last Updated: 14 March 2026

Business Name: Oxaver (operated under Oxacor)

This Privacy Policy explains how Oxaver collects, uses, stores, and protects your personal information when you visit our website and use our services. We have written this policy in plain language so you can understand exactly what happens with your data. Please read it carefully before submitting any information or purchasing a service.

By using our website or engaging with our services, you agree to the practices described in this document. If you do not agree, you should not use our website or services. If you have any questions about this policy at any time, you can reach us through the Contact page on our website.

1. Who We Are

Oxaver is a managed web hosting service operating under the parent business Oxacor. We provide Managed VPS Hosting and Managed WordPress Hosting to clients worldwide. Our services are configured and delivered manually, which means we collect and handle personal information as part of a genuine working relationship with each client rather than through automated pipelines.

For the purposes of applicable data protection law, Oxaver acts as the data controller in relation to the personal information we collect through our website and services. This means we are responsible for deciding how and why your personal data is processed.

2. What Information We Collect

We only collect information that is relevant to providing our services or understanding how our website is used. We do not collect data for advertising purposes and we do not build profiles to sell to third parties.

2.1 Information You Provide Directly

When you fill out a form on our website, submit a support request, or contact us directly, you may provide us with personal information. The types of information we may collect include your full name, your email address, your company or website name, the domain name and technical details of your project, your configuration preferences for server setup, and any other details you choose to share in form fields or written messages. We ask only for what is necessary to understand and deliver your requirements.

2.2 Information Collected Automatically

When you visit our website, certain technical information is collected automatically through cookies and similar technologies. This includes your IP address, your browser type and version, the operating system you are using, the website that referred you to ours, the pages you visited on our site and how long you spent on each one, and the date and time of your visit. This information helps us understand how our website is used and identify any technical issues. It is not used to personally identify you unless combined with other information you have provided. For full details on cookies, please refer to our Cookie Policy.

2.3 Information Related to Your Hosting Services

In the course of providing managed hosting services, we may process additional technical information connected to your project. This can include server access credentials you provide for migration or setup purposes, technical details about your server configuration and software stack, backup data and associated file metadata, and domain and DNS configuration details. This category of information is used exclusively to set up, maintain, and support your hosting environment. It is never used for any other purpose.

3. How We Use Your Information

We use your information only for the purposes described below. We do not use it for marketing to third parties, we do not sell it, and we do not use it in ways that are incompatible with why it was originally collected.

3.1 Delivering Our Services

The primary reason we collect your information is to provide you with the hosting services you have requested. This includes setting up and configuring your server environment based on your specifications, processing your configuration requests and service orders, preparing and sending invoices, providing ongoing server management, monitoring, and maintenance, and handling backup, migration, and restore requests when needed.

3.2 Communicating With You

We use your contact information to respond to your support requests and general enquiries, to send you service-related notifications such as invoice reminders, resource threshold alerts, and renewal notices, and to notify you of any relevant changes to your server environment, billing, or our terms of service. We do not send marketing emails unless you have explicitly asked to hear from us.

3.3 Improving Our Services

We use aggregated, anonymised information about how our website is used to understand which pages are most useful, identify technical issues, and improve our content and service offerings. This analysis does not involve identifying individual users and is carried out at an aggregate level only.

3.4 Legal and Compliance Obligations

In some cases, we may need to process your information to comply with applicable laws and regulations, to respond to lawful requests from public authorities, or to establish, exercise, or defend our legal rights and interests.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area or the United Kingdom, data protection law requires us to have a legal basis for processing your personal data. We rely on the following bases depending on the context.

We process your data on the basis of contract performance when we are delivering the services you have requested, including setting up your server, managing it, and sending invoices. We process your data on the basis of legitimate interests when we analyse website traffic to improve our service, communicate with you about your account, and protect the security of our systems, provided those interests are not overridden by your rights. We process your data on the basis of legal obligation when we are required to comply with applicable laws or regulations. Where we rely on consent, such as for optional cookies, you may withdraw that consent at any time without affecting the lawfulness of processing that took place before withdrawal.

5. How We Share Your Information

We take the sharing of your personal information seriously. We do not sell, rent, or trade your data to third parties for any purpose, including marketing. We only share your information in the limited circumstances described below.

5.1 Service Providers

To operate our business and deliver services to you, we work with carefully selected third-party providers. These providers access your data only to the extent necessary to perform specific functions on our behalf and are bound by data processing agreements that require them to protect your information.

We use server infrastructure providers who host the physical and virtual servers on which your hosting environment runs. These providers receive technical configuration details and may process data in connection with the servers they operate on your behalf. A server management platform is used to provision, configure, and monitor your server environment, processing technical server data and configuration information as part of delivering your service. Transactional email delivery is handled through one or more third-party email delivery services depending on your plan. These providers process the email content and recipient addresses necessary to send system-generated emails on behalf of your website. A premium CDN and DNS service powers the content delivery network and DNS infrastructure included in WordPress hosting plans, processing domain and traffic data to serve your website content efficiently to visitors worldwide. Where a domain registration service is involved, the relevant registrar receives the domain name and contact details necessary to complete and maintain the registration.

5.2 Legal Requirements

We may disclose your personal information if we are required to do so by law, court order, or in response to a lawful request from a government authority or regulatory body. We will notify you of any such request unless we are legally prohibited from doing so.

5.3 Business Transfers

In the event that Oxaver or Oxacor is involved in a merger, acquisition, restructuring, or sale of all or part of its assets, your personal information may be transferred as part of that transaction. If this happens, we will notify you in advance and ensure that the receiving party commits to protecting your information in a manner consistent with this policy.

6. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purpose for which it was collected, or to comply with our legal and financial obligations.

Account and service data, including configuration details, server records, and client correspondence, is retained for the duration of your active service and for up to seven years after termination. This extended retention period exists to meet financial and legal record-keeping requirements. Support request data is retained for up to three years from the date of each request, allowing us to reference previous interactions when helping you. Website analytics data, which is collected in aggregated and anonymised form, is retained for up to twenty-six months before being cleared or archived. Invoice and billing records are kept for a minimum of seven years in accordance with standard financial record-keeping requirements under applicable law.

When your data is no longer required for any of these purposes, it is securely deleted or anonymised so that it can no longer be linked back to you.

7. Data Security

The security of your personal information matters to us. We take reasonable and appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, destruction, alteration, or disclosure.

Our security measures include encrypted communication over HTTPS for all data transmitted between your browser and our website, strict access controls that limit who within our operation can view or process your information, secure handling and storage of any credentials or sensitive configuration data you provide, and periodic reviews of our security practices to identify and address potential vulnerabilities.

It is important to acknowledge that no method of transmission over the internet is completely secure and no system can guarantee absolute protection. While we work hard to protect your information, we cannot provide an unconditional guarantee against all possible security risks. If you believe your information has been compromised in any way, please contact us immediately through the Support page.

8. Cookies

We use cookies and similar tracking technologies on our website to ensure it functions correctly, remember your preferences, and understand how visitors use our site. Cookies are small text files stored on your device by your browser when you visit a website.

We use strictly necessary cookies that are essential for the website to operate, functional cookies that remember your settings and preferences, and analytics cookies that help us understand page performance and visitor behaviour in an anonymised way. We do not use advertising cookies or cookies that track you across other websites.

For a complete breakdown of every cookie we use, its purpose, how long it lasts, and how to control or remove it, please refer to our Cookie Policy.

9. Your Rights

Depending on where you are located, you have a number of rights in relation to your personal information. We take these rights seriously and will respond to any valid request within 30 days. To exercise any of the rights described below, please contact us through the Contact page on our website.

The right of access means you can request a copy of the personal information we hold about you. We will provide this in a clear and readable format.

The right to rectification means you can ask us to correct any personal information that is inaccurate or to complete any information that is incomplete. If you notice an error in how we have recorded your details, we want to know.

The right to erasure means you can ask us to delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose it was originally collected, or when you withdraw your consent and there is no other legal basis for processing.

The right to restrict processing means you can ask us to pause the processing of your personal information in specific situations, for example while you are contesting the accuracy of data we hold or waiting for us to respond to an objection you have raised.

The right to data portability means you can ask us to provide your personal information in a structured, commonly used, and machine-readable format so that you can transfer it to another service provider if you choose.

The right to object means you can object to our processing of your personal information where we rely on legitimate interests as the legal basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

The right to withdraw consent means that where we process your data based on your consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of any processing that took place before you withdrew.

10. International Data Transfers

Oxaver serves clients worldwide and our infrastructure providers operate data centres in multiple countries, including the United States and countries within the European Economic Area. When your data is transferred outside your home country, we take steps to ensure that appropriate safeguards are in place. For transfers from the EEA or UK to countries that are not considered to have an adequate level of data protection, we rely on appropriate legal mechanisms such as standard contractual clauses or equivalent arrangements.

11. Third-Party Links

Our website may contain links to third-party websites, tools, or services that we reference or recommend. These external websites operate under their own privacy policies and we have no control over how they collect or use your personal information. We are not responsible for the privacy practices of any third-party site and we encourage you to review their privacy policies independently before providing any personal information.

12. Children's Privacy

Our services are intended for adults and are not directed at or designed for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from someone under 18, we will take prompt steps to delete that information from our records. If you believe a child has submitted personal information to us, please contact us so we can investigate and act accordingly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, or business practices. When we make material changes, we will update the effective date shown at the top of this page. For significant changes that substantially affect how we use your personal information, we will make reasonable efforts to notify active clients directly, such as by email.

We encourage you to review this policy periodically to stay informed about how we handle your personal information. Your continued use of our website or services after any update constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us through the Contact page on our website. We treat all privacy enquiries seriously and aim to respond within 30 days.