Privacy Policy

Your data, handled with care.

HostDaddy (“HostDaddy,” “we,” “us”) is a managed blockchain-node hosting service. This Privacy Policy explains what we collect, why we collect it, who we share it with, and your rights.

1. What we collect

Account information you give us

• Name / nickname (used as your account handle and to label your deployed nodes).
• Email address (for login verification, billing receipts, and support replies).
• Password — stored only as a one-way cryptographic hash (bcrypt/scrypt). We cannot recover your password if you forget it; we can only reset it.
• Household-member details you add on behalf of sub-accounts (name, optional email).

Project-connection credentials (used once, then discarded)

To deploy nodes on your behalf, HostDaddy performs a one-time authentication exchange with each supported project's identity provider. We pass the email and password you enter, receive a unique ID (UID) back, and then discard your password immediately. The only project-credential data we store on an ongoing basis is your unique ID — never the password.

Usage and service data

• Node inventory: how many nodes you have running on each project, their status, server assignment, and runtime logs needed for troubleshooting.
• Billing records: subscription details, invoices, payment method references (we do not store full card numbers — see “Third parties” below), crypto invoice IDs, refund history.
• Server logs: IP addresses, user-agent strings, timestamps, and request paths for the pages and API endpoints you hit on hostdaddy.io and app.hostdaddy.io. We use these for security monitoring, debugging, and rate-limiting.
• Support correspondence: any email, ticket, or chat you send us.

Cookies and similar technologies

We use a single HttpOnly session cookie named hd_session to keep you logged in. We do not use third-party advertising trackers, retargeting pixels, or analytics cookies that identify you across other websites. Our tunnel provider (Cloudflare) may set operational cookies for security (e.g. __cf_bm) that are not controlled by us.

2. Why we collect it

• Service delivery — running, monitoring, and auto-healing your nodes.
• Billing and payments — charging the card or crypto wallet you choose and sending receipts.
• Account security — verifying logins, detecting abuse, and preventing unauthorized access.
• Customer support — answering your questions and fixing problems you report.
• Product improvement — understanding which features are used so we build the right things. This is done in aggregate; we don't sell your data or share identifiable profiles.
• Legal compliance — responding to lawful requests, enforcing our Terms, and defending our rights.

3. Third parties we share data with

We share only the minimum data needed for each service to do its job, and only with vendors that have their own reasonable privacy commitments:

• Stripe, Inc. — card payments, subscriptions, and the customer billing portal. Stripe stores your card details; we receive a customer ID and event data but not the card number itself. See Stripe's privacy policy at stripe.com/privacy.
• NOWPayments OU — cryptocurrency payment processing. Receives your invoice amount, order ID, and callback URL. See nowpayments.io/privacy-policy.
• Resend Inc. — transactional email delivery (login codes, receipts, support). Receives your email address and message contents. See resend.com/legal/privacy-policy.
• Cloudflare, Inc. — DNS, CDN, and tunnel to our backend. Sees request metadata (IP, user-agent, URL) and acts as a trusted processor. See cloudflare.com/privacypolicy.
• The underlying project networks (e.g. the blockchain project whose node you're running) receive your unique ID and the activity your node generates. This is how those networks credit rewards to you.
• Infrastructure providers running the physical servers your nodes deploy on. They do not have access to our application database.

We do not sell your personal data to advertisers or data brokers. We do not share data with anyone outside the list above without your explicit consent or a valid legal order.

4. Where and how long we store it

Account data lives in an encrypted SQLite database on infrastructure we control in the United States. Payment data lives with Stripe and NOWPayments. Emails are routed through Resend and the email service you use.

We keep data only as long as it serves a purpose:

• Active accounts — retained for the life of your account.
• Closed accounts — core records retained for up to 24 months for billing, dispute, and tax purposes; anonymized or deleted after that unless a longer retention period is required by law.
• Server logs — retained up to 90 days then rotated out.
• Audit log of sensitive admin actions — retained indefinitely for security forensics.

5. Security

We take reasonable technical and organizational measures to protect your data: TLS encryption for all traffic, bcrypt/scrypt hashing for passwords, HttpOnly cookies, host-based access controls, and a tightly-scoped admin UI behind HTTP Basic Auth. No online service is 100% secure, and we can't guarantee the absolute security of any data — but we take it seriously and will notify you promptly if we ever experience a breach affecting your account.

6. Your rights

You can, at any time:

• Access — request a copy of the personal data we hold about you.
• Correct — update your name, email, or other account details yourself, or ask us to.
• Delete — close your account and have your personal data removed (subject to the retention periods above for billing/legal obligations).
• Export — receive your data in a portable, machine-readable format.
• Object or restrict — tell us to stop certain processing (e.g. marketing emails — though right now we only send transactional ones).
• Withdraw consent — where we rely on consent, revoke it anytime.

If you are in the EU/UK, California, or another jurisdiction with specific privacy laws (GDPR, UK-GDPR, CCPA/CPRA), you may have additional rights under local law — including the right to lodge a complaint with your data protection authority. We honor verified requests under those laws.

Send any request to [email protected]. We'll respond within 30 days.

7. Children

HostDaddy is not directed to children. We don't knowingly collect personal information from anyone under 16. If you believe a child has provided us data, email us and we'll delete it.

8. International transfers

Our servers and some of our third-party processors operate in the United States and elsewhere. By using HostDaddy, you consent to your data being transferred to and processed in those locations. Where required (e.g. for EU users), we use standard contractual clauses or equivalent safeguards to protect data in transit.

9. Changes to this policy

We'll update this page when our practices change. If a change is material, we'll notify you by email at the address on your account at least 14 days before it takes effect. The “Last updated” date at the top always reflects the most recent revision.