Privacy policy

Mazehost is operated by Chai Ventures LLC, a limited liability company registered in the State of Wyoming, United States. Our registered address is 312 W. 2nd St #1882, Casper, WY 82601, USA. For the personal data we collect through our website, control panel, and support channels, Chai Ventures LLC is the data controller. If you are located in the European Economic Area or the United Kingdom, we act as the data controller under the EU and UK General Data Protection Regulations (GDPR).

Privacy questions, data-subject requests, and breach reports: privacy@mazehost.com.

When you sign up and use Mazehost, we collect the following categories of personal data:

• Account information: your name, email address, a hashed password, and an optional phone number.
• Billing information: billing address, VAT number where applicable, and payment-card metadata. We never see your full card number — it goes directly to our payment processor.
• Service data: the domain names, website files, databases, and email you host with us. We do not read this content in the ordinary course of business; we access it only when you ask us to, or when a legal obligation requires us to.
• Technical logs: IP addresses, timestamps, request URLs, and user-agent strings for traffic to our site and control panel. These are used to investigate abuse and security incidents.
• Support correspondence: the content of tickets, emails, and chats with support, together with our replies.

• To provide the hosting service you have contracted with us — account creation, provisioning, billing, renewal, and day-to-day operation. Lawful basis: performance of a contract (GDPR Art. 6(1)(b)).
• To keep the platform secure and prevent abuse — log retention, fraud detection, and automated abuse flagging. Lawful basis: legitimate interest (Art. 6(1)(f)).
• To meet tax, accounting, and legal obligations — invoice retention, VAT reporting, and responding to lawful requests from authorities. Lawful basis: legal obligation (Art. 6(1)(c)).
• To send operational email related to your service — incident notices, maintenance windows, and policy changes. Optional marketing email is only sent if you opt in, and you can withdraw consent at any time (Art. 6(1)(a)).

• Account information: for as long as your account is active, plus up to 30 days after termination for administrative wind-down.
• Billing and invoice records: seven years after the invoice date, in line with US federal and state tax recordkeeping rules.
• Daily backups of your hosted content: rolling 7-day retention. After termination, your data remains retrievable through a support ticket for 14 days, then it is deleted.
• Server access logs: 30 days rolling, longer only where needed for an active abuse or security investigation.
• Support correspondence: three years from the date of the ticket, for reference and quality.

Your data stays with Chai Ventures LLC and a small set of vetted processors, each under written data-processing terms. Current categories:

• Payment processing — Stripe, for card and SEPA payments.
• Domain registration — Namesilo, when you register or transfer a domain through us.
• Infrastructure providers in the EU and UK that host the physical servers running Mazehost.
• AI-assisted support — Anthropic (United States), which processes the content of support tickets so our Ariadne system can prepare reply drafts. Our team reviews each draft before any reply is sent to you.

We do not sell personal data. We do not share it with advertisers or third-party analytics brokers. Where a processor sits outside the European Economic Area, the transfer is covered by the European Commission's Standard Contractual Clauses.

If GDPR applies to you, you have the right to:

• Access the personal data we hold about you.
• Correct data that is inaccurate or incomplete.
• Request deletion of your data, subject to legal retention obligations.
• Export your data in a common, machine-readable format.
• Restrict or object to certain processing.
• Withdraw consent for anything you previously consented to.

To exercise any of these rights, email privacy@mazehost.com. We reply within 30 days. If you are located in the EEA or UK and are unhappy with our response, you have the right to complain to the data protection supervisory authority in your country of residence. If you are located in the United States, you may also contact your state Attorney General or the Federal Trade Commission.

Our marketing site and control panel set only the cookies strictly necessary to keep you signed in and to remember your language. We do not use advertising cookies, third-party trackers, or session-replay tools on mazehost.com. If this changes, we will update this policy and, where required, ask for your consent through a cookie banner.

We encrypt data in transit with TLS, store passwords only as hashes, isolate hosted workloads in per-site containers, and take daily backups. No system is perfectly secure. If we become aware of a personal-data breach that is likely to put your rights at risk, we notify affected users and the supervisory authority within 72 hours.

We may update this policy. Material changes are announced by email to the primary contact on the account at least 14 days before they take effect. The current version and its last-updated date are always on this page.