Welcome to Host Koala. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://hostkoala.com) and use our services. This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you agree to the collection and use of information in accordance with this policy.
- Trade Name: Host Koala
- Legal Entity: KOALA HOST WEB HOSTING SERVICES
- Registration Number: (003714309-K)
- Email: privacy@hostkoala.com
- Data Protection Officer: privacy@hostkoala.com
When you visit our website or use our services, we automatically collect certain information through our servers and analytics tools:
- Technical Information:
- IP address and domain name/hostname
- Browser type and version (e.g., Chrome, Firefox, Safari)
- Operating system and platform
- Device information (type, model, screen resolution)
- Time zone settings
- Language preferences
- Usage Information:
- Date and time of your visit (timestamp)
- Pages visited and features used
- Referring website addresses
- Click-through data and navigation patterns
- Search queries within our website
- Duration of visit and page views
- Location Data:
- Approximate geographic location based on IP address
- Country, region, and city (where available)
We collect information that you provide directly to us when you:
- Create an Account:
- Full name
- Email address
- Physical address
- Country and postal code
- Telephone number
- Company name (where applicable)
- Username and password
- TAX ID
- Make a Purchase:
- Billing information
- Payment method details (processed securely through third-party providers)
- Transaction history
- Communicate with Us:
- Support ticket contents
- Email correspondence
- Chat transcripts
- Phone call records (if applicable)
- Feedback and survey responses
- Use Our Services:
- Server configurations
- Service preferences
- Technical support requests
To ensure security and prevent fraud, we may collect additional information from:
- Fraud Prevention Services: MaxMind, FraudLab Pro, and similar services
- Payment Processors: Transaction verification data ( Paypal and Stripe )
- Public Sources: Business registries for company verification
- Security Services: Threat intelligence data
We do not intentionally collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation) unless specifically required by law or with your explicit consent.
We process your personal data based on the following legal grounds:
To provide services you've subscribed to and fulfill our contractual obligations, including:
- Service provisioning and management
- Processing payments
- Providing customer support
For our legitimate business interests, which include:
- Improving our services and user experience
- Preventing fraud and ensuring security
- Conducting business analytics
- Direct marketing communications are sent based on your consent. You can opt out at any time.
3.3 Legal Obligations
To comply with applicable laws and regulations, such as:
- Tax and accounting requirements
- Legal process and law enforcement requests
- Regulatory compliance
Host Koala acts as a Data Controller for personal data relating to customer accounts, billing, marketing, support, and website usage.
Host Koala acts as a Data Processor for personal data processed on behalf of customers through hosting services, where customers determine the purposes and means of processing.
For specific processing activities where required, including:
- Marketing communications (where consent is required)
- Optional services and features
- Cookies and similar technologies
In rare circumstances, to protect someone's life or physical safety.
We use the collected information for the following purposes:
- Providing and maintaining our hosting services
- Processing transactions and sending confirmations
- Managing your account and subscriptions
- Responding to service requests and support inquiries
- Sending service-related announcements and updates
- Responding to your inquiries and requests
- Sending technical notices and security alerts
- Providing customer support
- Sending billing and account information
- Sending newsletters and promotional materials (with your consent)
- Informing you about new services and features
- Conducting customer satisfaction surveys
- Personalizing marketing based on your preferences
- Analyzing usage patterns and trends
- Improving our website and services
- Developing new products and features
- Conducting research and analytics
- Managing our business relationships
- Detecting and preventing fraud
- Monitoring for security threats
- Enforcing our terms of service and policies
- Complying with legal obligations
- Protecting our rights and property
- Responding to legal requests and court orders
- Establishing, exercising, or defending legal claims
- Complying with audit requirements
We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes described in this Privacy Policy, and we do not process it in a manner incompatible with those purposes.
- Essential Cookies
- Required for website functionality
- Enable core features like secure login and account access
- Cannot be disabled without losing functionality
- Analytics and Performance Cookies
- Performance monitoring tools
- Help us improve website speed and functionality
- Functional Cookies
- Remember your preferences and settings
- Enable personalized features
- Improve your user experience
- Marketing Cookies (with consent)
- Used for remarketing campaigns
- Track advertising effectiveness
- Deliver relevant advertisements
Some of our partners may set cookies on our website:
- Payment processors
- Security services
- Customer support tools
You can control cookies through:
- Browser settings (see your browser's help section)
- Our cookie consent banner
- Third-party opt-out tools
Note: Disabling certain cookies may impact website functionality and your ability to use some features of our services.
We do not use any unneccesary cookies like google analytics/marketing cookies anywhere on our website.
We currently do not respond to Do Not Track (DNT) browser signals, as there is no industry standard for DNT compliance. However, you can use our cookie preferences to control tracking.
We may share your personal data with the following categories of recipients:
We may share your information with our subsidiary companies and affiliates for:
- Providing integrated services
- Business operations support
- Compliance with group policies
- Consolidated reporting and management
We share data with external third parties who help deliver our services:
- Payment Service Providers: Stripe, PayPal,
- Infrastructure Providers: Data center operators
- Communication Tools: Email and support ticket systems
- Analytics Services: Google Analytics
- Security Services: MaxMind, Fraud Labs Pro
We share data with external third parties who help us run our business:
- Professional Services: Accountants, lawyers, and business consultants
- External Auditors: For audit of our accounts and compliance verification
- Banking Partners: For financial operations and transactions
We may disclose your information to:
- Law Enforcement Agencies: When required by law or to assist in investigations
- Taxation Authorities: To comply with tax reporting obligations
- Regulatory Bodies: To comply with regulatory requirements and audits
- Courts and Legal Authorities: In response to valid legal process (subpoenas, court orders)
We may share data with external third parties in connection with:
- Potential buyers if we choose to sell or transfer parts of our business
- Acquiring entities in case of merger or acquisition
- Professional advisors conducting due diligence
- Asset transfers or corporate restructuring
In such cases:
- Your information may be transferred to the acquiring entity
- We will notify you before your information becomes subject to a different privacy policy
- You will have the option to close your account if you disagree with the transfer
We may share information to:
- Protect the safety of our users and the public
- Prevent illegal activities or violations of our terms
- Protect our property and legal rights
- Investigate suspected fraud or security threats
We may share your information for other purposes with your explicit consent.
For all data sharing:
- Recipients are bound by confidentiality obligations
- Data processing agreements are in place where required
- We ensure appropriate security measures are implemented
- We limit sharing to what's necessary for the specified purpose
- Sell your personal data to third parties
- Share your data for third-party marketing without consent
- Transfer data without appropriate safeguards
As we operate globally, your data may be transferred to countries outside your jurisdiction. We ensure appropriate safeguards through:
- Standard Contractual Clauses (SCCs) approved by the European Commission and the UK International Data Transfer Addendum (IDTA)
- Adequacy decisions where applicable
- Your explicit consent for specific transfers
Your data may be processed in:
- Malaysia (primary location)
- Data center locations where services are provisioned
- Countries where our service providers operate
For all international transfers, we ensure:
- Appropriate legal mechanisms are in place
- Receiving parties provide adequate data protection
- Your rights are protected regardless of location
We implement industry-standard security measures:
- Encryption of data in transit (TLS/SSL)
- Encryption of sensitive data at rest
- Firewalls and intrusion detection systems
- Access controls and authentication systems
- Staff training on data protection
- Confidentiality agreements with employees
- Limited access on a need-to-know basis
- Regular review of security policies
- Incident response procedures
To help protect your data:
- Use strong, unique passwords
- Enable two-factor authentication where available
- Keep your contact information updated
- Report suspicious activities immediately
- Maintain security of your own systems
In the event of a data breach that poses risk to your rights:
- We will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach, where required by law. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay.
- We will inform relevant supervisory authorities
- We will provide information about the breach and mitigation steps
We retain personal data for as long as necessary:
- Active Accounts: For the duration of your account plus any applicable legal retention period
- Billing Records: 7 years for tax and accounting purposes
- Support Communications: 2 years after resolution
- Marketing Data: Until you opt-out or 18 months of inactivity
- Security Logs: 90 days for operational logs, longer for security incidents
- Legal Holds: As required by legal process
When retention periods expire:
- Data is securely deleted or anonymized
- Backups are purged according to backup retention schedules
- Third parties are instructed to delete data they hold
Upon account closure:
- Services are terminated according to our Terms of Service
- Personal data is retained for 30 days for recovery purposes
- After 30 days, data is permanently deleted unless legal retention applies
As a data subject, you have the following rights:
You can request:
- Confirmation of whether we process your data
- A copy of your personal data
- Information about how we use your data
You can:
- Correct inaccurate personal data
- Complete incomplete personal data
- Update outdated information
You can request deletion of your data when:
- It's no longer necessary for original purposes
- You withdraw consent (where consent was the legal basis)
- You object to processing and there's no overriding legitimate interest
- Data was unlawfully processed
You can limit how we use your data while we:
- Verify accuracy of contested data
- Determine legitimate grounds for processing
- Preserve data for legal claims
You can:
- Receive your data in a structured, machine-readable format
- Transfer data to another service provider
- Request direct transfer where technically feasible
You can object to:
- Processing based on legitimate interests
- Direct marketing (including profiling)
- Processing for research or statistical purposes
You have the right:
- Not to be subject to purely automated decisions with legal effects
- To request human review of automated decisions
- To express your point of view and contest decisions
- We do not carry out fully automated decision-making that produces legal or similarly significant effects. Fraud detection systems may use automated analysis; however, decisions with significant impact are subject to human review.
10.8 Right to Withdraw Consent
Where processing is based on consent:
- You can withdraw consent at any time
- Withdrawal doesn't affect prior lawful processing
- We'll make withdrawal as easy as giving consent
To exercise any of your privacy rights (including GDPR rights for all users and additional CCPA/CPRA rights for California residents):
- Contact Methods:
- Email: privacy@hostkoala.com
- Control Panel: Access and update information directly at https://hostkoala.com/clients
- Support Ticket: Submit through your account
- What to Include:
- Your full name and account information
- Specific right(s) you wish to exercise
- Any relevant details to help us process your request
- Our Response:
- We will respond within one month of receiving your request
- We will verify your identity for security purposes
- Information will be provided free of charge (except for manifestly unfounded or excessive requests)
- Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.
- In this case, we will notify you and keep you updated
- For California Residents: California residents exercising CCPA/CPRA rights can use the same contact methods above. We will not discriminate against you for exercising your privacy rights.
If you're unsatisfied with our response, you can lodge a complaint with:
- Your local data protection authority
- Malaysia Personal Data Protection Act 2010 (PDPA)
- EU residents may lodge a complaint with the supervisory authority in their EU Member State of residence, place of work, or where the alleged infringement occurred.
Host Koala will at all times comply with all applicable data protection laws (including the CCPA and CPRA) and only process Personal Data on User's behalf.
Host Koala will:
- Not collect, retain, use, or disclose Personal Data for any purpose other than for the specific purposes set out in this Privacy Policy, our Terms of Service, and/or the Data Processing Agreement between Host Koala and User
- Not sell or share Personal Data (as defined under the CCPA) for the intentions and purposes of the CCPA or CPRA
- Put in place appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing or accidental destruction, loss or damage
California residents have additional rights under CCPA/CPRA, including the right to:
- Know what personal information is collected
- Access and portability of personal information
- Deletion of personal information (subject to exceptions)
- Opt-out of sale/sharing of personal information
- Non-discrimination for exercising privacy rights
To exercise these rights, please see Section 10.9 above.
The Services are not intended for use by children under the age of 16 or anyone not of legal age to enter into binding Terms with us. Host Koala does not knowingly collect, store, share or use the personal data of children under 16 years. If you are under the age of 16, you may not use the Services or provide any personal data to us. If anyone reports to us that we received personal data concerning any children under the age of 16, we will endeavor to promptly delete all such personal data.
- We use PCI-DSS compliant payment processors
- Payment data is tokenized for recurring billing
- All payment transmissions are encrypted
We use the following payment processors:
- Stripe
- PayPal
Each processor has their own privacy policy governing payment data.
For fraud protection purposes, we may access and collect payment-related information from our payment processors, including:
- Transaction risk assessments and fraud scores
- Detection of duplicated payment methods across accounts
- Transaction history and patterns
- Billing address verification results
- Payment method verification status
- Other transaction metadata necessary for fraud prevention
This information is used solely for security purposes, fraud prevention, and to protect both Host Koala and our customers from unauthorized transactions.
Our website may contain links to third-party sites:
- We're not responsible for their privacy practices
- We encourage you to read their privacy policies
- Our policy only applies to data we collect
If you connect third-party services to your account:
- Review the permissions requested
- Understand what data will be shared
- You can revoke access through your account settings
We reserve the right to update this Privacy Policy at any time. Changes will be effective immediately upon posting to our website. It is your responsibility to review this Privacy Policy periodically for updates. The "Last Updated" date at the top indicates the latest revision.
Where changes materially affect your rights, we will notify you via email or account notification prior to the changes taking effect.
Check out our plans & pricing OR contact us for enquiries
Plans & Pricing Contact Us