Tremhost Privacy Policy
Effective date: [15 June 2026] Last updated: [15 June 2026]
This Privacy Policy explains how Tremhost (“Tremhost”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our website and services. It should be read together with our [Terms and Conditions], [Acceptable Use Policy], and [Refund Policy].
We process personal data in accordance with Zimbabwe’s Cyber and Data Protection Act [Chapter 12:07] and its regulations, and, where applicable to you, other data-protection laws that apply to the markets we serve.
1. Who We Are
Tremhost is a web hosting provider based in Harare, Zimbabwe, offering shared hosting, reseller hosting, VPS, dedicated servers, email hosting, domain registration, and software licenses to customers in Africa and internationally.
For questions about this policy or your personal data, contact our Data Protection Officer using the details in Section 14.
2. Our Role: Controller and Processor
- As a data controller, we determine how and why we process the personal data of our own customers and website visitors (for example, account, billing, and support data). This policy covers that processing.
- As a data processor, we host and store content and data that our customers (and their own end users) place on our servers. For that content, our customer is the controller and is responsible for its lawful processing and for its own privacy notices. We process it only as needed to provide the service and as instructed by the customer.
3. Personal Data We Collect
Information you provide:
- Identity and contact details: name, business name, email address, phone number, postal/physical address
- Account credentials and security information
- Billing information: invoices, transaction records, and limited payment details (see Section 8 on payment processors)
- Domain registration details (see Section 6)
- Support communications, including tickets, emails, and chat
Information collected automatically:
- Technical data: IP address, browser type, device and operating system information
- Usage and server data: access logs, error logs, resource usage, and security/abuse logs
- Cookies and similar technologies (see Section 7)
We do not intentionally collect special categories of personal data (such as health, biometric, or genetic data) for our own purposes. Do not store such data with us unless your plan and a separate agreement permit it.
4. How We Collect Personal Data
- Directly from you when you register, order, pay, or contact support
- Automatically through your use of our website, client area, and servers
- From third parties such as domain registries, payment processors, and security/anti-abuse providers
5. Why We Process Personal Data and Our Lawful Basis
We process personal data to:
- Create and manage your account — to perform our contract with you
- Provide, maintain, and support the Services — contract / our legitimate interests
- Process payments, billing, and renewals — contract / legal obligation
- Register and manage domains on your behalf — contract
- Secure our network and prevent fraud and abuse — legitimate interests / legal obligation
- Communicate service notices and respond to enquiries — contract / legitimate interests
- Send marketing where you have not opted out or where permitted by law — consent / legitimate interests
- Comply with legal and regulatory obligations — legal obligation
Where we rely on consent (for example, certain marketing or cookies), you may withdraw it at any time.
6. Domain Registration Data and WHOIS
When you register or manage a domain, we share the registration details you provide with the relevant domain registry and registrar, as required to register the domain. Depending on the domain extension and applicable registry/ICANN rules, some of this information may be published in public WHOIS or registry records. Privacy/WHOIS-protection options may be available for certain domains — contact us to ask. Domain registration is also subject to the policies of the relevant registry and ICANN (or the applicable country-code authority).
7. Cookies and Similar Technologies
We use cookies and similar technologies to operate our website and client area, keep you signed in, remember preferences, and understand site usage.
You can control cookies through your browser settings. Disabling some cookies may affect site functionality.
8. How We Share Personal Data
We do not sell your personal data. We share it only as needed to operate our business and provide the Services, including with:
- Payment processors who handle your payments. Card and payment-account details are processed by these providers; we do not store full card numbers on our systems. [List your payment processors, e.g. the providers you use to collect customer payments.]
- Domain registries and registrars, as described in Section 6
- Infrastructure and security providers that help us deliver and protect the Services, such as our network/CDN and security provider (for example, Cloudflare) and server/data-centre providers, which may process technical data such as IP addresses.
- Professional advisers (legal, accounting) under confidentiality
- Authorities and third parties where required by law, regulation, court order, or to protect our rights, our customers, or the public
Where we engage processors, we require them to protect personal data and to process it only on our instructions.
9. International Transfers
Tremhost serves customers internationally, and some of our providers operate outside Zimbabwe. As a result, your personal data may be transferred to and processed in other countries. Where we transfer personal data across borders, we take steps to ensure it is protected in line with applicable law, including the Cyber and Data Protection Act’s requirements on transfers outside Zimbabwe.
10. Data Retention
We keep personal data only for as long as needed for the purposes set out in this policy, including:
- Account and service data: for the life of your account and a reasonable period afterward
- Billing and transaction records: as required by tax and accounting law
- Logs and security data: for a limited period suitable for security and troubleshooting
When data is no longer needed, we delete or anonymise it.
11. How We Protect Personal Data
We use technical and organisational measures appropriate to the risk, including access controls, encryption in transit, network and server security tooling, monitoring, and abuse prevention. No system is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your own credentials and content secure (see the [Terms and Conditions]).
If a data breach affecting your personal data occurs, we will respond as required by applicable law, including any notification obligations.
12. Your Rights
Subject to applicable law, including the Cyber and Data Protection Act [Chapter 12:07], you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion of your data, where applicable
- Object to or restrict certain processing
- Withdraw consent where we rely on it
- Request a copy of certain data in a portable format
- Lodge a complaint with the relevant data-protection authority
To exercise any of these rights, contact us using the details in Section 14. We may need to verify your identity before responding. You also have the right to complain to Zimbabwe’s data-protection authority, the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ). [Add the regulator(s) relevant to your other markets if applicable.]
13. Children’s Privacy
Our Services are intended for businesses and adults. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will take appropriate steps.
14. Contact and Data Protection Officer
For privacy questions or to exercise your rights, contact:
Data Protection Officer —Tremhost
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version with a revised “Last updated” date and, for material changes, provide reasonable notice. Please review it periodically.
