Legal

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer", "you") and RANDHOST OÜ, a company registered in the Republic of Estonia (registry code pending), with its registered address at Pärnu mnt 105, Kesklinna linnaosa, Tallinn, Harju maakond, 11312, Estonia ("RANDHOST", "we", "us").

By creating an account, placing an order, or using any RANDHOST service, you agree to be bound by these Terms, our Privacy Policy, our Acceptable Use Policy, and our Service Level Agreement. If you do not agree, you must not use our services.

1. Definitions

• "Services" means cloud compute instances, bare-metal dedicated servers, block storage, networking, and any related infrastructure services provided by RANDHOST.
• "Account" means the customer account created through cloud.randhost.com to manage Services.
• "Customer Data" means any data, content, or material uploaded, stored, or processed by you on or through the Services.
• "Dashboard" means the RANDHOST customer management portal at cloud.randhost.com.

2. Services

RANDHOST provides cloud compute instances, bare-metal dedicated servers, block storage volumes, and related infrastructure services. Service specifications, availability, and features are as described on our website and in the Dashboard. We may update, modify, or discontinue features with reasonable notice.

Services are provided on an "as available" basis, subject to the uptime commitments in our Service Level Agreement.

3. Account Registration

To use the Services, you must create an Account. You represent and warrant that:

• You are at least 18 years of age;
• All registration information you provide is accurate, current, and complete;
• You will maintain the accuracy of such information;
• You have the legal capacity and authority to enter into these Terms.

You are solely responsible for maintaining the confidentiality of your Account credentials and for all activity that occurs under your Account. You must notify us immediately via our contact page of any unauthorised use.

4. Payment & Billing

All Services are billed in advance on a recurring basis according to the billing cycle you select (monthly, quarterly, semi-annually, annually, biennially, or triennially). Prices are displayed in euros (EUR) and are exclusive of applicable taxes unless stated otherwise.

We accept payment via credit/debit card (Stripe), PayPal, and cryptocurrency. By providing payment details, you authorise us to charge the applicable fees. Failed payments may result in service suspension after a 72-hour grace period.

We reserve the right to change pricing with 30 days' prior notice. Price changes apply at the start of the next billing cycle and do not affect the current prepaid period.

5. Refund Policy

All Services are non-refundable once provisioned. No partial or pro-rata refunds are issued for early cancellation, unused time, or service downgrades. Service credits issued under the SLA are the sole remedy for service disruptions.

6. Acceptable Use

Your use of the Services is subject to our Acceptable Use Policy, which is incorporated into these Terms by reference. Violation of the AUP may result in warning, suspension, or termination of your Account.

7. Customer Data & Content

You retain all ownership rights in your Customer Data. By using the Services, you grant RANDHOST a limited licence to host, store, and transmit your Customer Data solely for the purpose of providing the Services.

You are solely responsible for the legality, reliability, and appropriateness of your Customer Data. We do not monitor Customer Data except as required by law or as described in our AUP.

8. Intellectual Property

RANDHOST and its licensors retain all rights, title, and interest in the Services, the Dashboard, the API, and all related software, documentation, trademarks, and content. Nothing in these Terms transfers any intellectual property rights to you beyond the limited right to use the Services as described herein.

9. Suspension & Termination

We follow a graduated enforcement process:

• Warning: For minor or first-time violations, we will notify you and provide a reasonable timeframe to remedy the issue.
• Suspension: If the issue is not resolved, or for serious violations (including non-payment beyond 72 hours), we may suspend your Services. You will be notified by email. For non-payment, suspension occurs after a 72-hour grace period. For AUP violations posing immediate risk, suspension may be immediate.
• Termination: If the issue remains unresolved after 14 days of suspension, or for repeated or egregious violations, we may terminate your Account.

Appeals: You may appeal any enforcement action by visiting our contact page within 14 days. We will review your appeal and respond within 5 business days.

Effect of Termination: Upon termination, your right to use the Services ceases immediately. Customer Data on terminated servers is retained for 14 days, after which it is permanently deleted. Billing records are retained for 6 years in accordance with Estonian tax law.

Voluntary cancellation: You may cancel your Account at any time through the Dashboard. Cancellation takes effect at the end of the current billing period. No refunds are issued for the remaining prepaid period.

10. Limitation of Liability

To the maximum extent permitted by applicable law:

• RANDHOST's total aggregate liability for any claims arising from or related to these Terms or the Services shall not exceed the total fees paid by you in the 12 months preceding the claim.
• RANDHOST shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, business opportunities, or goodwill, regardless of the theory of liability.
• RANDHOST shall not be liable for any failure or delay caused by circumstances beyond our reasonable control, including but not limited to force majeure events, internet outages, or third-party infrastructure failures.

11. Indemnification

You agree to indemnify, defend, and hold harmless RANDHOST, its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising from: (a) your use of the Services; (b) your Customer Data; (c) your violation of these Terms or applicable law; or (d) your infringement of any third-party rights.

12. Disclaimer of Warranties

The Services are provided "as is" and "as available" without warranties of any kind, whether express, implied, or statutory, including but not limited to warranties of merchantability, fitness for a particular purpose, title, and non-infringement. RANDHOST does not warrant that the Services will be uninterrupted, error-free, or secure.

13. Governing Law & Dispute Resolution

These Terms are governed by and construed in accordance with the laws of the Republic of Estonia, without regard to its conflict of laws principles.

Mandatory Arbitration: Any dispute, controversy, or claim arising out of or in connection with these Terms, or the breach, termination, or invalidity thereof, shall first be submitted to binding arbitration under the rules of the Estonian Chamber of Commerce and Industry Arbitration Court. The place of arbitration shall be Tallinn, Estonia. The language of the arbitration shall be English. The decision of the arbitrator shall be final and binding.

Notwithstanding the above, either party may seek injunctive relief in the courts of Harju County, Estonia, to protect its intellectual property rights or confidential information.

14. Modifications to Terms

We may update these Terms from time to time. Material changes will be communicated via email or a prominent notice on our website at least 30 days before they take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Terms. If you do not agree with the changes, you must discontinue use of the Services before the effective date.

15. Severability

If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.

16. Contact

For questions about these Terms, contact us.

RANDHOST OÜ
Pärnu mnt 105, Kesklinna linnaosa
Tallinn, Harju maakond, 11312, Estonia

This Privacy Policy describes how RANDHOST OÜ ("RANDHOST", "we", "us") collects, uses, stores, and protects your personal data when you visit our website (randhost.com) or use our Services.

1. Data Controller

The data controller for your personal data is:

RANDHOST OÜ
Pärnu mnt 105, Kesklinna linnaosa
Tallinn, Harju maakond, 11312, Estonia
Contact us

2. Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide

• Account data: first name, last name, email address, password (hashed), country.
• Billing data: payment method details (processed by Stripe, PayPal, or our cryptocurrency payment processor — we do not store full card numbers), billing cycle, plan selection.
• Service configuration: hostname, selected operating system/template, server location.
• Communications: name, email, subject, and message content when you contact us via the contact form.

2.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, referral URL.
• Usage data: pages visited, time on page, click behaviour (collected via Google Analytics 4, anonymised).
• Geolocation data: approximate country-level location derived from your IP address via MaxMind GeoLite2 (used for localised content delivery).

2.3 Cookies

• Essential cookies: currency preference (rh_currency), session management. These are strictly necessary for the website to function.
• Analytics cookies: Google Analytics 4 (_ga, _ga_*) for anonymised usage statistics. These do not identify you personally.

We do not use third-party advertising or tracking cookies.

3. How We Use Your Data

• Service delivery: to provision, manage, and support your servers and infrastructure.
• Payment processing: to charge fees and manage billing cycles.
• Communication: to respond to enquiries, send service notifications, and provide support.
• Security: to detect, prevent, and respond to fraud, abuse, and security incidents.
• Improvement: to analyse anonymised usage patterns and improve our website and Services.
• Legal compliance: to comply with applicable laws, regulations, and legal obligations.

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the Services you have ordered.
• Legitimate interests (Art. 6(1)(f) GDPR): security monitoring, fraud prevention, service improvement, anonymised analytics.
• Legal obligation (Art. 6(1)(c) GDPR): tax record retention, law enforcement cooperation.
• Consent (Art. 6(1)(a) GDPR): where required for analytics cookies. You may withdraw consent at any time.

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only with the following categories of recipients, solely for the purposes described:

• Payment processors: Stripe, PayPal, and our cryptocurrency payment processor — to process payments.
• Analytics: Google Analytics 4 — anonymised usage data.
• Geolocation: MaxMind GeoLite2 — IP-to-country lookup (processed server-side, no data sent to MaxMind in real-time).
• Data centre partners: co-location providers in our data centre locations, as necessary for hardware provisioning.
• Legal authorities: when required by applicable law, court order, or valid legal process.

6. International Data Transfers

Your data may be processed in the following jurisdictions where our data centres operate: Portugal (EU), Estonia (EU), South Africa, Brazil, and Nigeria. For transfers outside the EEA, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Adequacy decisions where available; or
• Your explicit consent where no other mechanism applies.

7. Data Retention

• Server data: Customer Data on servers is retained for 14 days after account termination or server cancellation, then permanently deleted.
• Account and billing records: retained for 6 years after account closure, as required by Estonian tax and accounting regulations (Accounting Act § 12).
• Analytics data: Google Analytics data retention is set to 14 months.
• Contact form submissions: retained for 12 months, then deleted.

8. Your Rights

Under GDPR (and POPIA for South African residents), you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Restriction: request that we restrict processing of your data in certain circumstances.
• Portability: request your data in a structured, commonly used, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

How to exercise your rights: You can manage your data directly through your Dashboard at cloud.randhost.com, or via our contact page. We will respond within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or, if applicable, the relevant supervisory authority in your jurisdiction.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 30 days before they take effect.

11. Contact

For privacy-related enquiries, contact us.

RANDHOST OÜ
Pärnu mnt 105, Kesklinna linnaosa
Tallinn, Harju maakond, 11312, Estonia

This Acceptable Use Policy ("AUP") governs the use of all services provided by RANDHOST. This AUP is incorporated into and forms part of our Terms of Service. All customers, users, and visitors must comply with this policy.

1. Prohibited Content

You may not use the Services to store, distribute, or transmit:

• Content that is illegal under the laws of Estonia, the European Union, or the jurisdiction in which the content is accessed;
• Child sexual abuse material (CSAM) or any content that sexually exploits minors;
• Content that promotes or facilitates terrorism or violent extremism;
• Malware, viruses, trojans, ransomware, or other malicious software;
• Phishing pages, credential harvesting sites, or social engineering attack infrastructure;
• Adult or pornographic content;
• Gambling platforms or services (unless fully licensed in the applicable jurisdiction);
• Anonymising or proxy services designed to circumvent law enforcement or facilitate illegal activity (including open proxies, VPN services marketed for illegal purposes, and Tor exit nodes);
• Pirated software, media, or other copyrighted material distributed without authorisation;
• Content that infringes upon the intellectual property rights of any third party.

2. Prohibited Activities

You may not use the Services to:

• Send spam: unsolicited bulk email, SMS, or messages of any kind;
• Launch attacks: DDoS attacks, port scanning, brute-force attacks, or any activity intended to disrupt or compromise systems you do not own;
• Mine cryptocurrency: run cryptocurrency miners that cause excessive resource consumption or violate fair-use expectations for your plan tier;
• Operate botnets: command-and-control infrastructure for botnets or compromised device networks;
• Harvest data: scrape, crawl, or harvest personal data from third-party services without authorisation;
• Forge headers: forge TCP/IP packet headers, email headers, or any part of a message to disguise its origin;
• Circumvent security: attempt to bypass, disable, or circumvent any security feature of the Services or any third-party system.

3. Network Abuse

Activities that degrade network performance for other customers are prohibited, including but not limited to: sustained bandwidth saturation beyond plan limits, IP spoofing, ARP spoofing, and routing manipulation.

4. Resource Abuse

Services must be used within the resource limits of the selected plan. Sustained CPU, memory, or I/O usage that materially impacts other customers on shared infrastructure may result in throttling, migration, or suspension.

5. Enforcement

We enforce this AUP through a graduated process as described in Section 9 of our Terms of Service:

1. Warning: notification with a reasonable timeframe to remedy the violation.
2. Suspension: temporary suspension of affected Services if the violation is not remedied or poses immediate risk.
3. Termination: permanent termination for unresolved, repeated, or egregious violations.

We reserve the right to take immediate action without prior warning where a violation poses an imminent threat to the security, integrity, or availability of our infrastructure or other customers' services.

6. Reporting Violations

To report a violation of this AUP, contact us with the subject line "AUP Violation Report". Include as much detail as possible, including IP addresses, timestamps, and evidence of the alleged violation.

RANDHOST respects the intellectual property rights of others and complies with both the United States Digital Millennium Copyright Act (DMCA) and the European Union Digital Services Act (DSA). We expect our customers to do the same.

1. DMCA Compliance

If you believe that content hosted on our infrastructure infringes your copyright, you may submit a DMCA takedown notice to our designated agent. Your notice must include:

1. Identification of the copyrighted work you claim is being infringed;
2. Identification of the infringing material and its location (URL or IP address);
3. Your contact information (name, address, email, phone number);
4. A statement that you have a good-faith belief that use of the material is not authorised by the copyright owner;
5. A statement, under penalty of perjury, that the information in the notice is accurate and that you are the copyright owner or authorised to act on behalf of the owner;
6. Your physical or electronic signature.

2. Designated Agent

RANDHOST OÜ — Copyright Agent
Pärnu mnt 105, Kesklinna linnaosa
Tallinn, Harju maakond, 11312, Estonia
Contact us (subject: "DMCA Notice")

3. Response Process

Upon receipt of a valid DMCA notice, we will:

1. Acknowledge receipt within 48 hours;
2. Promptly notify the customer responsible for the allegedly infringing content;
3. Remove or disable access to the material if the notice is facially valid;
4. Provide the customer with a copy of the notice and instructions for filing a counter-notice.

4. Counter-Notice

If you believe your content was removed in error, you may file a counter-notice including:

1. Identification of the material that was removed and its prior location;
2. A statement under penalty of perjury that you have a good-faith belief the material was removed by mistake;
3. Your name, address, phone number, and consent to the jurisdiction of the relevant court;
4. Your physical or electronic signature.

Upon receipt of a valid counter-notice, we will forward it to the original complainant and restore the material within 10–14 business days unless we receive notice of a court action.

5. EU Digital Services Act (DSA)

In accordance with the EU Digital Services Act (Regulation 2022/2065), RANDHOST also accepts notices of illegal content under Article 16 DSA. Notices should be submitted via our contact page with the subject "DSA Notice" and must include:

• A sufficiently substantiated explanation of the reasons why the content is alleged to be illegal;
• A clear indication of the exact electronic location of the content (URL or IP address);
• Your name and email address (except for notices relating to CSAM);
• A statement confirming the good faith of the notice.

We will process DSA notices without undue delay, taking into account the type and severity of the alleged illegality.

6. Repeat Infringer Policy

RANDHOST maintains a repeat infringer policy. Accounts that are the subject of three or more valid copyright infringement notices within a 12-month period may be terminated. We consider the circumstances of each case and apply the graduated enforcement process described in our Terms of Service.

7. Misuse of Notices

Knowingly submitting a false DMCA or DSA notice may result in liability for damages, including costs and legal fees. We reserve the right to disregard notices that are clearly abusive, incomplete, or submitted in bad faith.

This Service Level Agreement ("SLA") applies to all cloud compute and bare-metal services provided by RANDHOST. It is incorporated into and forms part of our Terms of Service.

1. Uptime Guarantee

RANDHOST guarantees 99.95% monthly uptime for all production compute services. This equates to a maximum of 21 minutes and 54 seconds of unplanned downtime per calendar month.

Uptime is defined as the percentage of time within a calendar month during which the customer's provisioned server is powered on and network-reachable. Uptime is measured by RANDHOST's internal monitoring systems.

2. Exclusions

The following are excluded from uptime calculations:

• Scheduled maintenance windows (communicated at least 48 hours in advance);
• Downtime caused by customer actions, configurations, or software;
• Force majeure events (natural disasters, war, government actions, pandemics);
• DNS issues outside RANDHOST's authoritative nameservers;
• Third-party service or internet backbone outages beyond our network edge;
• Downtime during account suspension for non-payment or AUP violations;
• Beta or preview services explicitly marked as non-production.

3. Service Credits

If monthly uptime falls below 99.95%, you are entitled to service credits calculated as follows:

Service credits are applied to your account balance and offset future invoices. Credits are not refundable in cash and cannot be transferred to another account. Credits are calculated per affected server, not per account.

4. Claiming Credits

To claim an SLA credit, you must:

1. Submit a request via our contact page within 30 days of the downtime incident;
2. Include the affected server identifier, dates and times of downtime, and a brief description of the impact;
3. Allow up to 10 business days for RANDHOST to verify the claim against our monitoring data.

If the claim is verified, the credit will be applied to your account within 5 business days of verification.

5. Sole Remedy

Service credits as described in this SLA are your sole and exclusive remedy for any downtime, unavailability, or failure to meet the uptime guarantee. This SLA does not create any additional warranty or liability beyond what is stated herein.

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Data Controller") and RANDHOST OÜ ("Data Processor") and applies when RANDHOST processes personal data on your behalf in connection with the Services, as required by the EU General Data Protection Regulation (GDPR) and South Africa's Protection of Personal Information Act (POPIA).

1. Definitions

"Personal Data", "Processing", "Data Subject", "Supervisory Authority", and "Data Breach" have the meanings given in the GDPR (Regulation 2016/679). "Operator" and "Responsible Party" have the meanings given in POPIA, and are equivalent to Data Processor and Data Controller respectively.

2. Scope & Roles

You are the Data Controller. You determine the purposes and means of processing personal data stored on your RANDHOST servers. RANDHOST is the Data Processor, processing personal data only on your behalf and in accordance with your documented instructions.

The subject matter of processing is the hosting of Customer Data on RANDHOST infrastructure. The duration of processing corresponds to the term of the Services. The categories of data subjects and types of personal data are determined by you.

3. Processing Instructions

RANDHOST will process personal data only in accordance with your documented instructions, unless required to do so by applicable EU or Estonian law. If such a legal requirement applies, we will inform you before processing (unless prohibited by law from doing so).

4. Security Measures

RANDHOST implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit (TLS 1.2+) and at rest where applicable;
• Network isolation and firewalling between customer environments;
• Access controls with role-based permissions for infrastructure management;
• Physical security at data centre facilities (biometric access, CCTV, 24/7 security);
• Regular security assessments and vulnerability scanning;
• Incident response procedures documented and tested.

5. Sub-processors

RANDHOST engages sub-processors to assist in providing the Services. A current list of sub-processors is available upon request via our contact page.

We will notify you of any intended changes to sub-processors at least 30 days in advance, giving you the opportunity to object. If you object on reasonable data protection grounds and we cannot accommodate your objection, you may terminate the affected Services without penalty.

6. Data Subject Rights

RANDHOST will assist you in fulfilling your obligations to respond to Data Subject requests (access, rectification, erasure, portability, etc.) through appropriate technical and organisational measures, taking into account the nature of the processing.

7. Data Breach Notification

In the event of a personal data breach affecting your Customer Data, RANDHOST will:

1. Notify you without undue delay and in any event within 48 hours of becoming aware of the breach;
2. Provide sufficient information for you to meet your own notification obligations to supervisory authorities and affected data subjects;
3. Cooperate with you and take reasonable steps to mitigate the effects of the breach;
4. Document the breach, its effects, and remedial actions taken.

8. International Transfers

Where processing involves the transfer of personal data outside the EEA, RANDHOST ensures adequate safeguards are in place as described in Section 6 of our Privacy Policy, including Standard Contractual Clauses where applicable.

9. Audit Rights

You have the right to audit RANDHOST's compliance with this DPA. Audits may be conducted by you or a qualified third-party auditor, subject to reasonable advance notice (at least 30 days), confidentiality obligations, and being conducted during business hours in a manner that does not unreasonably disrupt our operations. You shall bear the cost of any audit.

RANDHOST will make available all information necessary to demonstrate compliance and will cooperate with audits in good faith.

10. Duration & Termination

This DPA remains in effect for the duration of the Services. Upon termination of the Services:

• Customer Data on servers is retained for 14 days, then permanently deleted;
• Billing and account records are retained for 6 years as required by Estonian law;
• Upon your request, we will certify the deletion of personal data in writing.

Obligations under this DPA that by their nature should survive termination (including confidentiality, audit rights, and data breach notification) shall survive.