Skip to content
TitanRack
Deploy Infrastructure →
Home About Console
Log In Deploy →

Privacy Policy

Last updated: February 2026

intro

TitanRack ("we", "us", "our") operates titanrack.cloud and provides enterprise infrastructure and cloud hosting services. This policy describes how we collect, process, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

This policy applies to account holders, authorized users, and website visitors. We act as data controller for data collected directly from you and as data processor for any personal data stored within your hosted services.

Where we act as data processor, our Data Processing Agreement governs how we handle that data on your behalf.

data.collected

account: name, email address, billing address, company name, phone number, payment details required for service delivery and invoicing. collected during registration and account management.

technical: IP addresses, browser type and version, operating system, device identifiers, referring URLs, server access logs, API request metadata. collected automatically for diagnostics and security monitoring.

usage: resource consumption (CPU, memory, bandwidth, storage), login timestamps, session durations, feature utilization, infrastructure configurations. used for maintenance, capacity planning, and performance optimization.

communications: support tickets, emails, feedback, and any other correspondence with our team for issue tracking, quality assurance, and service improvement.

data.purpose

  • → delivering and maintaining enterprise infrastructure services
  • → processing billing, payments, and generating invoices
  • → providing technical support and resolving issues
  • → monitoring infrastructure security and detecting threats
  • → DDoS mitigation and abuse prevention
  • → enforcing terms of service and acceptable use policies
  • → communicating service updates and maintenance windows
  • → capacity planning and performance optimization
  • → preventing fraud and unauthorized access
  • → meeting legal and regulatory obligations

no automated decision-making, profiling, or advertising. your data is never sold to marketers.

data.legal_basis

contract (Art. 6(1)(b)): processing required to deliver purchased services — account provisioning, server deployment, billing, support.

legitimate_interest (Art. 6(1)(f)): security monitoring, fraud prevention, DDoS mitigation, service improvement, capacity planning. your fundamental rights are never overridden.

legal_obligation (Art. 6(1)(c)): tax record-keeping, financial reporting, responding to lawful requests from public authorities.

consent (Art. 6(1)(a)): where applicable, withdrawable at any time without affecting prior processing.

data.storage

location: European Union data centers exclusively. AES-256 encryption at rest. TLS 1.3 in transit. tenant isolation enforced at network and storage layers. redundant power, environmental controls, physical access restrictions.

security stack: role-based access controls, mandatory MFA for administrative access, network segmentation, multi-layer firewall protection, DDoS mitigation with multi-Tbps capacity, automated vulnerability scanning and patch management, 24/7 intrusion detection.

physical: biometric access controls, CCTV surveillance, full audit logging on all administrative access.

breach protocol: notification to affected users and supervisory authority within 72 hours per GDPR Article 33. documented incident response procedures for containment, investigation, and remediation.

data.retention

account_data: active account + 30 days post-closure to handle outstanding matters.

billing_records: 7 years (tax/financial regulation compliance within the EU).

server_logs: 14 days for security monitoring and troubleshooting.

access_logs: 90 days for security monitoring and abuse prevention.

support_tickets: duration of active account + 30 days for quality assurance.

post-retention: cryptographic erasure for encrypted data, multi-pass overwrite for unencrypted data. earlier deletion available on request, subject to legal retention obligations.

data.rights

  • access — obtain a copy of your data and processing details (Art. 15)
  • rectification — correct inaccurate or incomplete data without undue delay (Art. 16)
  • erasure — request deletion when no longer necessary, subject to legal retention (Art. 17)
  • portability — receive data in machine-readable format (JSON/CSV) and transmit to another controller (Art. 20)
  • restriction — limit processing in specific circumstances, e.g. contested accuracy (Art. 18)
  • objection — object to processing based on legitimate interests or direct marketing (Art. 21)
  • withdraw_consent — revoke consent at any time without affecting prior processing (Art. 7)
  • complaint — lodge a complaint with your local supervisory authority

all requests acknowledged within 5 business days, processed within 30 days. extensions up to 60 additional days for complex requests, with notification. contact: privacy{{ $theme['domain'] ?? 'titanrack.cloud' }}.

data.cookies

essential only. no tracking. no analytics. no advertising.

session: maintains login state and prevents unauthorized access. csrf: prevents cross-site request forgery and ensures form integrity.

load_balancer: distributes requests across infrastructure. preferences: stores language and timezone settings for consistent experience.

no pixel trackers, web beacons, or fingerprinting technologies. cookies cannot be disabled without impairing functionality. legal basis: legitimate interest (platform operation).

data.sharing

payment_processor: PCI DSS-compliant. card data never stored on our servers. minimum data shared for transaction processing. we only receive transaction confirmations.

email_provider: transactional emails only — invoices, service notifications, password resets. no marketing via third-party platforms.

all providers bound by GDPR-compliant data processing agreements. regular compliance reviews conducted. we never sell, rent, or trade personal data. disclosure only if required by law — you'll be notified where legally permitted.

data.transfers

primary processing: EEA only. no routine transfers outside EEA.

where a third-party provider operates outside the EEA, safeguards are enforced: EU adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules, or supplementary technical measures.

you may request copies of transfer safeguards at any time by contacting our privacy team.

data.children

services not directed at individuals under 16. no data knowingly collected from minors.

if you believe a child has provided us with personal data, contact privacy{{ $theme['domain'] ?? 'titanrack.cloud' }} for prompt deletion. if we become aware of collection without parental consent, data will be deleted within a reasonable timeframe.

data.updates

posted here with revised date. material changes affecting data collection, use, or sharing notified via email at least 14 days before taking effect.

continued use after changes constitutes acknowledgment. previous versions available upon request.

data.contact

privacy{{ $theme['domain'] ?? 'titanrack.cloud' }}

we aim to resolve all privacy inquiries promptly and transparently. if unsatisfied with our response, you may lodge a complaint with your local data protection supervisory authority within the European Economic Area.