Privacy & Cookie Policy

Welcome to SudoHost. This Privacy & Cookie Policy explains what personal information we collect when you visit our website at sudohost.co.za or use our hosting services, how we use that information, who we share it with, and the rights you have under South African law.

We take your privacy seriously and process all personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”).

This policy applies to visitors to our website, SudoHost hosting clients, affiliates participating in the SudoHost Affiliate Programme, and anyone who contacts us via email, support tickets, or other means.

If you do not agree with this policy, please do not use our website or services.

Who We Are
- SudoHost is a hosting brand operated by Pillinger and Digital (PTY) Ltd (“we”, “us”, “our”), a South African private company.
- Legal entity: Pillinger and Digital (PTY) Ltd Registration number (CIPC): 2018/240515/07
- Trading as: SudoHost.
- Principal place of business: Workshop17, Ballito Junction Regional Mall, Leonora Dr, Ballito, KwaZulu-Natal.
- Information Officer: Andrew Pillinger.
- Contact for privacy queries: support@sudohost.co.za
- We are the “Responsible Party” under POPIA for the personal information we collect.

What Personal Information We Collect
- We collect the following categories of personal information.
  - When you create a SudoHost hosting client account:
    - Name and surname
    - Email address
    - Phone number
    - Physical and postal address
    - Company name (optional, for business clients)
    - VAT number (optional)
- When you place an order or make a payment:
  - Billing address
  - Service selections
  - Payment confirmation data (we use PayFast as our payment processor; we do not store payment card numbers)
- When you use our hosting services:
  - Account login credentials (passwords are hashed; we cannot read them)
  - Service usage data (disk space, bandwidth, file activity for technical operations)
  - IP addresses (for security, fraud prevention, and access logging)
  - Email correspondence sent through our infrastructure
- When you contact us:
  - Communication records (support tickets, email, WhatsApp messages)
  - Any information you choose to provide in your messages
- When you visit our website:
  - Anonymised analytics data (browser type, device, pages visited, time on site, referrer URL)
  - We do not use cookies to identify individual visitors on our website
  - When you participate in the SudoHost Affiliate Programme:
    - Affiliate account information
    - Referral activity and earnings
    - Banking details when you request a payout

How We Collect Personal Information
- We collect personal information:
  - Directly from you (when you register, order, or contact us)
  - Automatically (via server logs and self-hosted analytics)
  - From third parties (for example, PayFast confirming payments, or your domain registrar confirming domain ownership)
Why We Use Personal Information
- We process personal information for the following purposes
  - Service delivery. To provide hosting, domain registration, email, and related services, you have signed up for.
  - Billing and payment. To invoice you, process payments, and manage your account.
  - Communication. To send service notifications, support responses, invoices, account updates, and important policy changes.
  - Security and fraud prevention. To detect, prevent, and respond to unauthorised access, fraud, abuse, and security threats.
  - Legal and regulatory compliance. To comply with our obligations under South African law, including tax, accounting, and POPIA.
  - Service improvement. To understand how our website and services are used, and to improve them.
  - Affiliate Programme administration. To manage referrals, calculate affiliate fees, and process payouts under our Affiliate Programme Terms.

Legal Basis for Processing
- Under POPIA, we process your personal information based on:
  - Contractual necessity. To provide the services you have signed up for. Legal obligation. To comply with South African law (tax, accounting, regulatory). Legitimate interest. For security, fraud prevention, and operating our business. Consent. For any marketing communications, which you may withdraw at any time.

Who We Share Personal Information With
- We share personal information with the following third-party service providers (“Operators” under POPIA) only where necessary to provide our services. Each provider is bound by contract or terms of service to process your data only for the purposes for which we share it.
  - PayFast (Pty) Ltd. Payment processor. We send order amount and transaction details; PayFast processes the payment. We never see or store payment card numbers.
  - Domains.co.za. Domain registrar. We share the registrant details required to register and manage domains on your behalf.
  - InterServer Inc. (MailBaby SmartHost). Outbound email relay. Email sent from your hosting account passes through this service for delivery.
  - Wasabi Technologies Inc. Encrypted backup storage in the UK region. Your account data, files, and databases are backed up on a rolling basis.
  - Absolute Hosting (Pty) Ltd. VPS infrastructure provider hosting the SudoHost server.
  - Google reCAPTCHA. Bot protection on our signup, login, and contact forms. Google processes minimal data (IP address, browser characteristics) to distinguish humans from bots.
  - SARS, regulators, courts, and law enforcement. Only when we are legally required to disclose information.
- We do not sell, rent, or trade your personal information to third parties for marketing purposes.

International Data Transfers
- Some of our service providers operate outside South Africa. These transfers are conducted in compliance with POPIA Section 72.
  - Wasabi Technologies (United Kingdom). Backup storage, UK region. InterServer / MailBaby (United States). Outbound email infrastructure. Google reCAPTCHA (global infrastructure). Bot protection.
- These jurisdictions provide adequate data protection (the UK under UK GDPR; the US under sector-specific protections), and our service providers are contractually bound to protect your information.

How Long We Keep Personal Information
- We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements.
- Active client accounts. For as long as the account remains active. Closed or cancelled client accounts. 5 years from the closure date, to comply with South African tax and accounting law (Tax Administration Act and Companies Act). Billing, invoice, and financial records. 5 years from the date of the record. Server access and security logs. 90 days. Backups (Wasabi). Up to 30 days on a rolling basis, after which they are permanently deleted. Affiliate Programme records. In line with our Affiliate Programme Terms, and for 5 years after affiliate account closure. Marketing consent records. Until you withdraw consent, plus a reasonable period to evidence the withdrawal.
- After these periods, personal information is securely deleted or anonymised.

Your Rights Under POPIA
- As a data subject under POPIA, you have the following rights.
- Right of access. Request a copy of the personal information we hold about you.
- Right to correction. Request correction of inaccurate, incomplete, or outdated information.
- Right to deletion. Request deletion of your personal information where we have no continuing legal right to process it.
- Right to object. Object to certain types of processing, particularly direct marketing.
- Right to withdraw consent. Withdraw any consent you previously gave for marketing or other purposes based on consent.
- Right to complain. Lodge a complaint with the Information Regulator if you believe we have mishandled your personal information.
- To exercise any of these rights, email us at support@sudohost.co.za. We will respond within 30 days as required by POPIA.
- If you are not satisfied with our response, you may complain to:
  - Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 Telephone: 010 023 5200 Email: complaints.IR@justice.gov.za Website: inforegulator.org.za

How We Protect Personal Information
- We implement reasonable technical and organisational measures to protect personal information from unauthorised access, loss, alteration, or disclosure:
  - TLS/SSL encryption on all website and email connections
  - Encrypted backups stored off-site (Wasabi UK)
  - Strong access controls; only authorised SudoHost personnel can access client systems
  - CloudLinux LVE isolation between hosting accounts on shared infrastructure
  - Imunify360 malware detection, brute-force protection, and web application firewall
  - Google reCAPTCHA v3 on signup, login, and contact forms
  - Regular security patches to operating system, control panel, and software
  - Disposable email domain blocklist on registration forms
- No system is completely secure. If we become aware of a security breach that affects your personal information, we will notify you and the Information Regulator as required by POPIA Section 22.

Cookies and Tracking Technologies
- Cookies are small text files placed on your device by websites you visit. We use cookies on client.sudohost.co.za to keep our service functioning. We do NOT use cookies for visitor identification on sudohost.co.za.
  - Strictly necessary cookies (cannot be disabled):
    - WHMCS session cookies. Keep you logged into your client area.
    - CSRF protection tokens. Prevent cross-site request forgery attacks.
    - Affiliate tracking cookie (AffiliateID). Set when someone clicks an affiliate referral link; required for the SudoHost Affiliate Programme to function.
    - Functional cookies (optional, set by WHMCS only after login):
      - User interface preferences such as language and display settings.
  - Analytics. We use Independent Analytics, a privacy-focused, self-hosted WordPress analytics plugin, on sudohost.co.za. This plugin:
    - Does not use cookies to identify individual visitors
    - Does not share data with any third party
    - Stores all analytics data on our own server
    - Anonymises IP addresses and visitor fingerprints
  - We do NOT use:
    - Google Analytics, Google Ads tracking, or other Google marketing services
    - Facebook Pixel, Meta tracking, or any social media tracking
    - Third-party marketing or advertising cookies of any kind
- Disabling cookies. You can disable cookies via your browser settings. Disabling strictly necessary cookies will prevent the client area and affiliate functionality from working correctly.

Children’s Privacy
- Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children without verified parental consent. If we become aware that we have collected personal information from a child without such consent, we will delete that information.

Changes to This Policy
- We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, legal requirements, or services. Material changes will be communicated by:
  - Email to active SudoHost clients
  - A notice in your client area
  - Updating the “Effective date” at the top of this policy
- Continued use of our services after a change indicates your acceptance of the updated policy.

Contact Us
- For questions about this policy, your personal information, or to exercise any of your POPIA rights:
  - Information Officer: Andrew Pillinger
  - General support: support@sudohost.co.za
  - Postal address: Workshop17, Ballito Junction Regional Mall, Leonora Dr, Ballito, KwaZulu-Natal.

Privacy & Cookie Policy

Domains

Hosting

VPS

Resellers

Support

Company