← Back to SparrowHost

Privacy Policy

Effective: 1 January 2025Last updated: 6 May 2026

1. Overview

SparrowHost Technologies Private Limited ("SparrowHost", "we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use our website at sparrowhost.net and our cloud infrastructure services.

We comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the IT Act, 2000, and where applicable, the principles of the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act, 2023 (DPDPA).

2. Data We Collect

We collect the following categories of personal data:

2.1 Account & Identity Data

  • Full name, email address, phone number
  • Company name and GST/PAN number (for business accounts)
  • KYC documents (Aadhaar, PAN, passport, or equivalent) where required
  • Billing address and postal code

2.2 Payment Data

  • Payment method details (card last 4 digits, expiry — we do not store full card numbers)
  • Transaction history and invoice records
  • UPI IDs or net banking references

Full payment card details are handled by our PCI-DSS compliant payment processors (Razorpay, Cashfree). We do not store raw card numbers on our servers.

2.3 Usage & Technical Data

  • IP addresses, browser type, and operating system
  • Pages visited, time spent, referral URLs
  • API call logs and server resource usage metrics
  • Support ticket contents and chat logs

2.4 Communications Data

  • Emails and messages exchanged with our support team
  • Survey responses and feedback submissions
  • Marketing preferences

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery: Provisioning, managing, and maintaining your cloud services
  • Billing: Processing payments, issuing invoices, and managing subscriptions
  • Identity verification: Complying with KYC and anti-money laundering (AML) obligations
  • Security: Detecting fraud, abuse, and unauthorized access; protecting our infrastructure
  • Support: Responding to your queries and resolving technical issues
  • Communication: Sending service notifications, maintenance alerts, and billing reminders
  • Marketing: Sending product updates and promotional offers (only with your consent; unsubscribe at any time)
  • Legal compliance: Meeting regulatory requirements and responding to lawful requests from authorities
  • Product improvement: Analyzing aggregated usage data to improve our services

4. Data Sharing

We do not sell your personal data. We share your data only in the following circumstances:

  • Payment processors: Razorpay, Cashfree, or similar PCI-DSS certified processors to handle transactions
  • Data center partners: Our colocation and infrastructure partners for service delivery; these partners are bound by data processing agreements
  • Legal authorities: When required by law, court order, or government regulation
  • Service providers: Email delivery, monitoring, and analytics tools that process data on our behalf under strict confidentiality obligations
  • Business transfers: In the event of a merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity

All third-party service providers are required to maintain appropriate security measures and may only process your data for specified purposes.

5. Cookies & Tracking

We use cookies and similar tracking technologies on our website. These include:

  • Essential cookies: Required for login sessions and core functionality. Cannot be disabled.
  • Analytics cookies: Help us understand how visitors interact with our site (e.g., page views, session duration). We use aggregated, anonymized data only.
  • Preference cookies: Remember your settings such as language and region.
  • Marketing cookies: Used to show relevant advertisements. Set only with your explicit consent.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our services.

6. Data Security

We implement industry-standard security measures to protect your personal data, including:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Multi-factor authentication (MFA) for account access
  • Regular security audits and penetration testing
  • Role-based access controls limiting internal data access
  • 24/7 intrusion detection and monitoring

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware, in accordance with applicable law.

7. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account data: Retained for the duration of your account plus 3 years after closure for legal compliance
  • Billing records: Retained for 7 years in accordance with Indian financial regulations
  • KYC documents: Retained for 5 years after account closure as required by AML regulations
  • Server logs: Retained for 90 days, then purged
  • Support tickets: Retained for 2 years from last activity

Once the retention period expires, data is securely deleted or anonymized.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent for processing at any time, without affecting prior processing

To exercise any of these rights, email us at privacy@sparrowhost.net. We will respond within 30 days. We may need to verify your identity before processing requests.

9. International Data Transfers

SparrowHost operates data centers primarily in India. If your data is transferred to or processed in jurisdictions outside India, we ensure appropriate safeguards are in place, including standard contractual clauses or adequacy decisions, to provide a level of protection equivalent to Indian and applicable international standards.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will promptly delete it. If you believe a child has provided us with personal data, contact us at privacy@sparrowhost.net.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by posting a notice on our website at least 14 days before the changes take effect. We encourage you to review this policy periodically.

12. Contact & Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or your personal data:

We will acknowledge your request within 48 hours and aim to resolve it within 30 days.

© SparrowHost Technologies Private Limited 2026. All rights reserved.
TermsPrivacyKYCRefund