BitQate is a next-generation infrastructure platform offering dynamic pricing, scalable hosting, and advanced security for applications, websites, and services.

How does BitQate pricing work?

BitQate uses dynamic pricing that scales with your actual resource usage, so you only pay for what you use.

What can I host on BitQate?

You can host web applications, APIs, containerized services, microservices, and more on BitQate.

Last updated May 31, 2026

Privacy & Cookie Policy

This policy explains what personal data BitQate collects, why, and the rights you have over it under the UK/EU General Data Protection Regulation (GDPR).

1. Data Controller

BitQate (“we”, “us”, “our”) is the data controller responsible for your personal data. You can reach us for all privacy-related matters at:

—Email: [email protected]
—Support portal: portal.bitqate.com/tickets

We have not appointed a Data Protection Officer as we are not required to do so under applicable law. Enquiries can be sent to the contact above.

2. Data We Collect

We collect the following categories of personal data depending on how you interact with us:

Account data: Email address, hashed password, display name, and account preferences when you register.
Billing data: Credit balance, transaction history, invoices, and payment method metadata (e.g. card last 4 digits) returned by our payment processor. We do not store raw card numbers.
Service data: Virtual machine configurations, server logs, resource usage metrics, and IP addresses allocated to your services.
Technical data: Your IP address, browser type and version, operating system, referring URL, and pages visited. Collected automatically when you access our website or portal.
Security data: Authentication logs, two-factor authentication setup, passkey (WebAuthn) credentials, and session identifiers.
Communications: Support tickets and any messages you send to us.

3. Legal Basis for Processing

Under the UK/EU GDPR, we rely on the following legal bases:

Purpose	Legal basis
Providing hosting and portal services	Contract performance (Art. 6(1)(b))
Account registration and authentication	Contract performance (Art. 6(1)(b))
Processing payments and issuing invoices	Contract performance (Art. 6(1)(b))
Sending transactional emails (security alerts, billing notices)	Contract performance (Art. 6(1)(b))
Detecting and preventing fraud, abuse, and security threats	Legitimate interests (Art. 6(1)(f))
Improving our services using aggregated usage data	Legitimate interests (Art. 6(1)(f))
Website analytics (Umami, opt-in only)	Consent (Art. 6(1)(a))
Complying with legal and tax obligations	Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, you have the right to object. We have balanced our interests against yours and consider the processing necessary and proportionate. See Section 8 for how to object.

4. Cookies

We offer two consent levels via the cookie banner:

—Essential only — cookies required for the site to function (session management, cookie preference storage).
—Accept all — enables Umami analytics to collect anonymous usage data.

Cookies we set:

cookieConsent: Stores your chosen consent level ("essential" or "all"). Expires after 1 year.
cookiesAccepted: Records that you have responded to the cookie banner. Expires after 1 year.
analyticsEnabled: Enables Umami tracking when you choose "Accept all". Expires after 1 year.

You can withdraw analytics consent at any time by clicking “Cookie settings” in the site footer or by clearing your browser cookies. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. Data Processors & Third Parties

We engage the following third-party processors who handle personal data on our behalf under data processing agreements:

Vercel: Hosts our website and portal. May process technical data (IP address, request metadata). Privacy policy: vercel.com/legal/privacy-policy.
Umami Analytics: Privacy-first analytics when you consent. Collects anonymous usage data — no personal identifiers are stored. Privacy policy: umami.is/privacy.
Payment processor: Handles payment card data on our behalf. We receive only tokenised metadata (card brand, last 4 digits, expiry). We never store raw card numbers.

We do not sell your personal data to third parties. We do not share your data with advertisers or data brokers.

6. International Transfers

Our infrastructure and processors may be located outside the European Economic Area (EEA) or UK. Where we transfer personal data internationally, we ensure adequate protections are in place through one or more of:

—An adequacy decision by the UK Secretary of State or European Commission.
—Standard Contractual Clauses (SCCs) approved by the relevant authority.
—Another appropriate safeguard under applicable data protection law.

You may request a copy of the relevant safeguard by contacting [email protected].

7. Data Retention

We retain personal data only as long as necessary for the purpose it was collected or as required by law:

Account data: Retained while your account is active and for 30 days after deletion to allow recovery. Permanently deleted after 30 days.
Billing records: Retained for 7 years to comply with tax and accounting obligations.
Server and access logs: Retained for 90 days for security and abuse investigations.
Cookie preferences: Stored for 1 year or until you clear your browser cookies.
Support communications: Retained for 3 years to maintain service continuity and legal records.
Analytics data: Anonymous aggregate data retained for 2 years.

8. Your Rights

Under the UK/EU GDPR you have the following rights. We will respond to verified requests within 30 days (extendable by a further 2 months in complex cases with notice).

Access (Art. 15): Request a copy of the personal data we hold about you.
Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Erasure (Art. 17): Request deletion of your personal data where no overriding legal ground applies.
Restriction (Art. 18): Request we restrict processing while a dispute is resolved.
Portability (Art. 20): Receive your data in a structured, machine-readable format and have it transferred to another controller.
Objection (Art. 21): Object to processing based on legitimate interests. We will cease unless we demonstrate compelling legitimate grounds.
Withdraw consent (Art. 7(3)): Where processing is based on consent (e.g. analytics cookies), withdraw consent at any time without affecting prior lawful processing.
Lodge a complaint (Art. 77): You have the right to lodge a complaint with your national data protection authority. In the UK this is the Information Commissioner's Office (ico.org.uk). In Ireland: dataprotection.ie. In Germany: the relevant Landesbeauftragter für den Datenschutz.

To exercise any right, email [email protected] with your account email and the right you wish to exercise. We may ask for verification before processing your request.

9. Automated Decision-Making

We do not use fully automated decision-making (including profiling) that produces legal or similarly significant effects on you within the meaning of Article 22 GDPR. Abuse detection heuristics may flag accounts for human review but no automated action is taken without manual oversight.

10. Security

We implement technical and organisational measures to protect your personal data, including:

—Passwords stored using a one-way cryptographic hash.
—Transport Layer Security (TLS/HTTPS) for all data in transit.
—Access controls limiting which team members can access user data.
—Audit logging for administrative actions.

No method of transmission over the internet or electronic storage is completely secure. In the event of a personal data breach likely to result in a high risk to your rights, we will notify you without undue delay as required by Art. 34 GDPR.

11. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. Where the changes are material, we will notify registered users by email at least 14 days before the new policy takes effect. The “Last updated” date at the top of this page always reflects the most recent revision.

12. Contact

For any questions about this policy or to exercise your rights:

—Email: [email protected]
—Support tickets: portal.bitqate.com/tickets
—X (Twitter): @bitqate
—GitHub: github.com/BitQate

Last updated May 31, 2026— BitQate