Privacy Policy

Last updated: June 2026. This policy replaces all previous versions. Questions? Email [email protected]

1 Who We Are

WLServices LLC ("WLServices", "we", "us", "our") is a web hosting and internet services company incorporated in the State of Wyoming, USA. We operate the website wlservices.org and provide web hosting, radio streaming, VPS, and domain services (collectively, the "Services").

WLServices LLC is the data controller of personal data collected through our Services. Contact: [email protected]

Although incorporated in the USA, WLServices LLC is subject to the EU General Data Protection Regulation (GDPR) (EU) 2016/679 because we offer services to individuals in the EU/EEA (GDPR Article 3(2)).


2 Information We Collect

A. Information you provide directly:

  • Account registration: name, company name, address, email address, telephone number.
  • Payment information: directed to our third-party payment processor (PayPal / Stripe). We do not store card or bank details on our systems; we retain only transaction references and subscription identifiers.
  • Communications: when you contact us via ticket or email, we collect your name, email, and the content of your messages.
  • Referrals: if you refer someone, we may collect their email address solely to send them a referral invitation.

B. Information collected automatically:

  • Log data: IP address, browser type, ISP, referring/exit pages, operating system, date/time stamp. This is collected for security and service operation purposes only.
  • Cookies: see Section 9 for full details.
  • Service usage: resource usage metrics (CPU, RAM, storage, bandwidth) to operate, maintain, and bill for our services. This data is not linked to your browsing behaviour on third-party websites.

C. Information from third parties:

  • Payment processors: subscriber and transaction status information from PayPal or Stripe.
  • Analytics: aggregate, anonymised usage data from Google Analytics 4 (see Section 9).

3 How We Use Information

We use personal data only for the following purposes:

  • To provide, operate, and maintain our Services
  • To process orders, billing, and payments
  • To manage your account and respond to support requests
  • To send transactional emails (invoices, service notices, password resets)
  • To send marketing communications, only where you have opted in or where permitted by law — you can opt out at any time
  • To detect and prevent fraud, spam, and security threats
  • To improve our Services through anonymised analytics
  • To comply with legal obligations (tax, accounting, law enforcement requests)

We do not use your data for behavioural advertising, sell your data to third parties, or track your activity across unaffiliated websites.


4 Legal Basis for Processing (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): processing necessary to provide the service you ordered — account management, billing, service delivery.
  • Legal obligation (Art. 6(1)(c)): tax records, accounting requirements, compliance with court orders or law enforcement requests.
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, network security, abuse detection, and internal service improvement through anonymised analytics.
  • Consent (Art. 6(1)(a)): marketing emails and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5 How We Share Information

  • Infrastructure subprocessors: we use third-party server and infrastructure providers located within the European Union to host customer data. These providers act as data processors under GDPR Art. 28 and are bound by appropriate data processing agreements.
  • Payment processors: PayPal and/or Stripe receive payment details necessary to process transactions.
  • Analytics: Google Analytics 4, configured with IP anonymisation, receives anonymised usage data.
  • Legal requirements: we may disclose data to comply with applicable law, regulation, legal process, or a lawful government request. We will cooperate fully with law enforcement agencies upon lawful request.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, personal data may be transferred as a business asset, subject to continued data protection obligations.
  • With your consent: for any other purpose with your prior explicit consent.

We do not sell, rent, or trade personal data with third-party marketers or advertisers.


6 Data Location & International Transfers

All customer hosting data and service infrastructure are hosted on servers located within the European Union. Your data does not leave the EU for routine service delivery.

WLServices LLC is incorporated in Wyoming, USA. Certain operational data (e.g. support communications, billing records) may be accessed by our staff from outside the EU. Where such access occurs, it is governed by appropriate safeguards consistent with GDPR Chapter V, including standard contractual clauses (SCCs) where applicable.

Our payment processors (PayPal, Stripe) are certified under the EU–US Data Privacy Framework and operate their own GDPR-compliant data transfer mechanisms.


7 Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

  • Account data: for the duration of your account plus 3 years after closure, to handle any post-termination disputes or legal claims.
  • Billing and invoicing records: 7 years, as required by tax and accounting law in most jurisdictions.
  • Support tickets and communications: 3 years from the date of last interaction.
  • Server log files: up to 90 days, for security and abuse monitoring purposes.
  • Analytics data: anonymised — no personal retention period applies.

When retention periods expire, data is securely deleted or anonymised. Backup copies are isolated from active processing and deleted on the next scheduled backup cycle.


8 Security

We implement technical and organisational measures appropriate to the risk of processing your personal data, including encrypted connections (HTTPS/TLS), access controls, and regular security reviews. However, no internet transmission can be guaranteed 100% secure. In the event of a breach, see Section 13.


9 Cookies

We use cookies and similar technologies on our website. Under the EU ePrivacy Directive and GDPR, non-essential cookies require your prior consent.

  • Strictly necessary cookies: required for the website and client portal to function (session management, security tokens). These do not require consent.
  • Analytics cookies (Google Analytics 4): used to understand how visitors use our website. IP addresses are anonymised. These require your consent.

You may withdraw or change your cookie consent at any time via your browser settings or by contacting us. Disabling non-essential cookies does not affect your ability to use our Services.

We do not use cookies for advertising, profiling, or cross-site tracking.


10 Your Rights (EEA / UK Residents)

If you are resident in the EU, EEA, or UK, you have the following rights under GDPR:

  • Right of access: obtain a copy of your personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your data, subject to legal retention requirements.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to restrict processing: ask us to pause processing in certain circumstances.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: for any processing based on consent, at any time.
  • Right to lodge a complaint: with the data protection supervisory authority in your country of residence. Find your authority at edpb.europa.eu.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.


11 Children's Privacy

Our Services are not directed at children. We do not knowingly collect personal data from children under the age of 16 (or the applicable minimum age in their EU member state of residence, which may be as low as 13 in some countries). In the USA, we comply with COPPA and do not knowingly collect data from children under 13.

If you believe a child has provided us with personal data, please contact us at [email protected] and we will delete it promptly.


12 Third-Party Services

Our website may contain links to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their policies. This Privacy Policy applies solely to data collected by WLServices LLC.


13 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals without undue delay, in accordance with GDPR Article 34.


14 Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated to registered users by email at least 30 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our Services after any update constitutes acceptance of the revised policy.


15 Contact Us

For any privacy-related questions, data subject requests, or concerns:

We aim to respond to all privacy requests within 30 calendar days.