Privacy Policy

Last updated: May 1, 2026

1. Scope

This Privacy Policy explains what information VPSCtrl collects when you use our website and control panel, how we use it, and the choices you have. It applies to your VPSCtrl account; your VPS instances themselves are managed by you and may collect or process additional data outside the scope of this policy.

2. Information we collect

We collect only what we need to operate the service:

• Account data — name, email address, hashed password, account creation timestamp.
• Verification data — the one-time codes we email at signup, password reset, or for sensitive actions; these are deleted after use or after 10 minutes.
• Service data — the VPS packages you order, hostnames, server status, renewal dates, invoices, and credit balance.
• Payment data — we do not store full card numbers. Payment processors handle card details and return only a transaction reference, last four digits, and status.
• Operational logs — IP address, user agent, and timestamps for security events (login, password reset, server actions). These help us detect abuse and debug issues.

3. How we use your information

• To create and authenticate your account.
• To provision, suspend, renew, and bill for the services you order.
• To send transactional email — verification codes, invoices, password changes, payment receipts, renewal notices, and security alerts.
• To detect, investigate, and respond to abuse, fraud, or violations of our Terms.
• To comply with legal obligations.

We do not sell your personal data, and we do not use it for advertising.

4. Sharing with third parties

We share information only with vendors who help us run the service, and only to the extent necessary:

• Email delivery — our outbound mail provider (e.g. Resend / SMTP relay) processes the recipient address and message body to deliver transactional email.
• Hosting partners — the underlying VPS infrastructure is operated on hardware managed via the VirtFusion API. Account name, email, and server configuration are passed through so your servers can be created and controlled.
• Payment processors — we share the amount and a reference; they handle the card data directly under their own privacy policies.
• Legal disclosure — if required by law, court order, or to protect rights and safety.

5. Retention

We keep account data while the account is active. After cancellation, we may keep invoices and minimal records as required by tax and accounting law (typically 6–7 years). One-time codes and short-lived security cookies are deleted as soon as they are used or expire. Operational logs older than 12 months are aggregated or removed.

6. Security

We hash passwords, sign session and short-lived security cookies with a server-side secret, deliver the panel over HTTPS, and isolate access to internal systems. No system is perfectly secure — please use a unique password and tell us immediately if you suspect your account has been compromised.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete personal data we hold about you, and to object to certain processing. You can:

• Update your name and email from your account settings.
• Reset your password from /forgot.
• Request export or deletion by emailing support@vpsctrl.in. We may need to verify your identity first.

8. Cookies

We use a small number of first-party cookies, all signed with our server secret:

• Session cookie — keeps you logged in.
• Security OTP cookie — short-lived (10 minutes) to confirm sensitive actions like opening the web console or cancelling a server.

We do not use third-party advertising or tracking cookies.

9. Changes

If this policy changes materially, we will email registered users and update the "Last updated" date above. Continued use of the service after the change means you accept the new policy.

10. Contact

Questions or requests? Email support@vpsctrl.in.

© VPSCtrl. All rights reserved.