Privacy Policy - Skylantix

Introduction

At Skylantix, privacy isn’t just a policy—it’s why we exist. We’re a privacy-first cloud hosting service. This policy explains exactly what data we collect, why, and what we do (and don’t do) with it.

Short version: We collect the absolute minimum needed to run the service, we never sell your information to anyone, and your data stays in California on hardware we own.

Data Controller

The data controller responsible for your personal data is:

Raphael Bitton
10861 Cherry St, Ste 211
Los Alamitos, CA 90720
United States of America

Email: [email protected]

For general inquiries, you can also reach us at [email protected].

What We Collect

Account & Billing Information

  • Email address - To communicate with you about your service
  • Name - For billing and support
  • Billing information - Processed through secure payment providers (we don’t store credit card numbers)

Technical Information

  • IP addresses - For security and abuse prevention
  • Application logs - Some services (Nextcloud, GitLab, etc.) maintain logs of login/logout activity and errors for troubleshooting and security
  • Usage metrics - Disk space, bandwidth, resource usage (to ensure we’re meeting your needs)

What We DON’T Collect

  • No analytics tracking on our website
  • No cookies except essential session cookies
  • No advertising IDs or tracking pixels
  • No data mining or behavioral profiling
  • We don’t read your hosted data (it’s yours, not ours)

How We Use Your Information

We use your information ONLY for:

  • Service Delivery - Running and maintaining your hosting
  • Billing - Processing payments and sending invoices
  • Support - Responding to your questions and issues
  • Security - Preventing abuse and securing infrastructure
  • Legal Compliance - Meeting legal obligations (only when required by law)

We do NOT:

  • Sell your data to anyone, ever
  • Use your data for advertising
  • Share your information with third parties (except payment processors and only for billing)
  • Train AI models on your data
  • Mine your data for any purpose

We process your personal data on the following legal bases:

  • Contract Performance - We need your account information, billing data, and technical details to provide the hosting services you’ve subscribed to. Without this data, we cannot deliver the services you’ve paid for.
  • Legal Obligation - We retain billing and financial records to comply with tax laws and accounting requirements.
  • Legitimate Interest - Cloudflare processes IP addresses for DDoS protection and security. This is necessary to protect our infrastructure and all members from attacks and abuse, balanced against your privacy rights.

Data Storage & Security

  • Location: All data is stored in California, USA on hardware we own (not AWS, Google, or other cloud providers)
  • Encryption at Rest: All data is encrypted using AES-256 encryption
  • User File Encryption: Your uploaded files in Nextcloud are master-key encrypted, meaning administrators cannot access the contents of your files, only file names and metadata
  • Encryption in Transit: All data uses SSL/TLS encryption
  • Backups: Automated encrypted backups following 3-2-1 rule (RAID Z3 redundancy)
  • Limited Access: Only the infrastructure administrator has access to infrastructure, and only when necessary for support or maintenance. Due to master-key encryption, file contents remain private even from administrators

Data Retention Periods

We retain different types of data for specific periods:

  • Account Information - Duration of membership + at least 30 days after cancellation or termination (to allow for data export)
  • Hosted User Data (files, emails, photos, etc.) - Duration of membership + at least 30 days after cancellation or termination (manual deletion process)
  • Billing Records - 7 years after transaction (required for tax compliance)
  • Application Logs - Automatically rotated and deleted by each service; typically retained for a limited time for troubleshooting and security purposes
  • Support Communications - May be retained indefinitely to improve service quality, maintain support continuity, and reference past issues (you can request deletion at any time)
  • Student Verification Documents - Deleted immediately after verification (not retained)

After these periods, data is securely and permanently deleted. The 30-day grace period for user data allows you time to export your information before permanent deletion.

International Data Transfers

All data is stored and processed in California, USA. If you’re accessing Skylantix from outside the United States (including from the EU, UK, or other countries), your data will be transferred to and stored in the United States.

By creating an account and using our services, you consent to the transfer and storage of your data in California, USA. We implement appropriate safeguards including encryption, access controls, and security measures described in this policy to protect your data regardless of where you’re located.

Cookies

Our Website (skylantix.com): Our marketing website is a static Hugo site and uses no cookies at all. No analytics, no tracking, no advertising cookies. You can verify this yourself by viewing the source code.

Hosted Services: The services we provide (Nextcloud, GitLab, Bitwarden, etc.) use essential cookies necessary for functionality:

  • Session Cookies - Keep you logged in to your services
  • CSRF Tokens - Prevent cross-site request forgery attacks
  • Preference Cookies - Remember your settings within each service

These are “strictly necessary” cookies required for the services to function. Under GDPR and most privacy laws, these don’t require consent because they’re essential for providing the service you requested.

Third-Party Cookies: Cloudflare may set cookies for DDoS protection and security. See Cloudflare’s privacy policy at https://www.cloudflare.com/privacypolicy/

What We Don’t Use:

  • No analytics or tracking cookies
  • No advertising cookies
  • No social media cookies
  • No behavioral profiling cookies

Third-Party Services

We work with minimal third parties:

  • Payment Processors - For billing (they have their own privacy policies)
  • Cloudflare - For DDoS protection and SSL (they see your IP when you access your hosted services)

That’s it. We don’t use analytics services, advertising networks, or data brokers.

Your Rights

You have complete control over your data:

  • Access - Request a copy of all data we have about you
  • Rectification - Fix any inaccurate information
  • Erasure - Request deletion of your data (we’ll delete within 30 days)
  • Restrict Processing - Request we limit how we use your data in certain circumstances
  • Object - Object to processing based on legitimate interest (such as security logs)
  • Data Portability - Download all your hosted data anytime in portable formats through each service (Nextcloud, email export, GitLab, Bitwarden, etc.)

To exercise these rights: Email [email protected] or [email protected]

Automated Decision-Making: We do not use automated decision-making, profiling, or AI/machine learning on your personal data. All support and administrative decisions are made by humans.

Right to Complain: If you’re in the EU or UK and are unsatisfied with how we handle your data, you have the right to lodge a complaint with your local data protection authority. For US residents, you can contact your state attorney general’s office or file a complaint with the Federal Trade Commission (FTC) at ftc.gov/complaint.

Children’s Privacy

Skylantix services are intended for adults. Our Terms of Service require users to be at least 18 years old (or the age of majority in your jurisdiction) or have parental consent.

We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe we’ve collected data from a child without proper consent, contact us immediately at [email protected] or [email protected] and we will delete it promptly.

Student Data

If you’re using our student discount, we collect your .edu email address and proof of enrollment (Student ID, unofficial transcript, or National Student Clearinghouse certificate) to verify eligibility. Email [email protected] from your .edu email to apply. This proof is deleted immediately after verification. You receive the discount for 3 years with no ongoing verification required.

Changes to This Policy

If we change this policy, we’ll:

  • Email you directly about significant changes
  • Post the updated policy here with a new “Last Updated” date
  • Give you 30 days notice before changes take effect

We won’t make changes that reduce your privacy protections without your explicit consent.

Contact Us

Questions about privacy? We’re happy to explain anything. You can reach me directly via email.

  • Email: [email protected]
  • Support: Via email after joining
  • Location: Orange County, California

Last Updated: December 8, 2025

🚀 Skylantix is launching on February 1st, 2026 — Everything here is subject to change