Effective Date: 1st August 2024
At NkaiHost, operated by NKAI SYSTEMS LIMITED, we understand that data protection is a core part of reliable web hosting. When customers trust us with websites, domains, email accounts, applications, databases and hosting infrastructure, they are also trusting us with the security, confidentiality and availability of their data.
Our services are designed to support individuals, businesses, developers, agencies and organisations that need dependable digital infrastructure. Whether you use our WordPress Hosting, Shared Website Hosting, Nodejs Hosting, VPS Hosting, Business Email Hosting, Domain Registration, or Drag-and-Drop Website Builder, we apply data protection principles across the way we operate, support and maintain our platform.
NkaiHost uses Plesk as the web hosting control panel for managing websites, databases, email accounts, SSL certificates, DNS, files and hosting features. We also manage customer billing, service provisioning, invoices, support tickets and the customer portal. These tools help us deliver organised, secure and accountable hosting services.
This Data Protection page explains how NkaiHost approaches data protection across the United Kingdom, the European Union, the United States and Canada.
NkaiHost is committed to protecting personal data using clear policies, appropriate security measures and responsible operational practices. We aim to process personal data lawfully, fairly and transparently, while only collecting and using data that is necessary for legitimate hosting, billing, support, security and service delivery purposes.
Under UK and EU data protection law, organisations may act as either a data controller or data processor depending on the activity. The UK Information Commissioner’s Office explains that controllers determine the purposes and means of processing personal data, while processors act on behalf of and only on the instructions of a controller. Controllers have responsibility for demonstrating compliance with data protection principles.
For NkaiHost, this means we may act as a data controller for information we collect directly from customers, such as account registration details, billing information, support tickets and portal activity. We may also act as a data processor when we host, store or transmit data that customers upload into their websites, applications, databases, email accounts or VPS environments.
This page applies to data handled through NkaiHost services, including:
WordPress websites, WooCommerce stores, blogs, membership sites, shared hosting accounts, Node.js applications, VPS environments, hosted email accounts, customer databases, domain records, DNS settings, website builder projects, support tickets, customer portal records, billing information, logs, backups and migration data.
This page should be read together with our Privacy Policy, Cookie Policy, Terms and Conditions, and any applicable Data Processing Agreement where required.
NkaiHost may process different categories of data depending on the service you use.
For customer accounts, we may process contact details, company details, billing information, service history, support communications, login data, IP addresses and portal activity. This allows us to create accounts, provision hosting services, issue invoices, process payments, respond to support requests and maintain security.
For hosted services, we may process data stored or transmitted through your hosting account. This may include website files, WordPress content, databases, uploaded media, form submissions, email messages, application logs, Node.js environment data, DNS records and backup copies.
For domain services, we may process domain registrant information, administrative contacts, technical contacts, DNS records, WHOIS-related information and registry-required data.
For security and operational purposes, we may process server logs, access logs, error logs, firewall logs, email delivery logs, abuse reports, authentication records and other diagnostic data needed to protect our network and customers.
NkaiHost acts as a data controller when we decide why and how personal data is processed for our own business purposes. This includes managing customer accounts, processing payments, issuing invoices, providing support, preventing fraud, securing our systems, complying with legal obligations and communicating important service information.
As a controller, NkaiHost is responsible for handling personal data in accordance with applicable data protection laws, including the UK GDPR and Data Protection Act 2018 where relevant.
Where we act as a controller, customers and users may have rights such as access, correction, deletion, restriction, objection, portability and withdrawal of consent, depending on the jurisdiction and legal basis involved.
NkaiHost may act as a data processor when customers use our services to store, transmit or manage personal data belonging to their own users, customers, staff, subscribers, clients or website visitors.
For example, if you use NkaiHost to host a WordPress website that collects customer enquiries, you are usually the controller of that website visitor data, while NkaiHost may act as a processor by hosting the site and storing the data on your behalf.
If you use NkaiHost Business Email Hosting, you are usually responsible for the contents of your mailboxes and communications. NkaiHost provides the infrastructure and technical hosting environment.
If you use Node.js Hosting or VPS Hosting to run an application that processes user data, you are responsible for the lawful collection and use of that application data. NkaiHost provides the hosting environment and may process the data only as needed to provide, secure and support the service.
Under EU data protection guidance, a processor that uses a sub-processor should ensure that the sub-processor is subject to contractual obligations that protect personal data in a way consistent with the controller-processor arrangement.
Customers are responsible for ensuring that the data they collect, store or process through NkaiHost services complies with applicable law.
This includes having a suitable privacy policy on their own website, obtaining valid consent where required, using lawful bases for processing, securing administrator accounts, managing user permissions, keeping applications and plugins updated, configuring email securely, protecting passwords, and ensuring that any personal data uploaded to NkaiHost is lawful and necessary.
Customers using WordPress Hosting should keep themes, plugins and administrator accounts secure. Customers using Shared Hosting should ensure their CMS, scripts and databases are maintained. Customers using Node.js Hosting should secure application dependencies, environment variables and APIs. Customers using VPS Hosting are responsible for server-level security unless they have purchased a managed service from NkaiHost.
Customers using Business Email Hosting should configure devices securely, use strong passwords, protect mailbox access and ensure that email use complies with anti-spam and privacy laws.
NkaiHost is based in the United Kingdom and aims to align its practices with the UK GDPR and the Data Protection Act 2018.
The UK GDPR framework requires organisations to process personal data lawfully, fairly and transparently; collect it for specified purposes; keep it accurate; retain it only as long as necessary; secure it appropriately; and remain accountable for compliance. The ICO provides guidance for UK organisations on GDPR responsibilities, including controllers, processors and accountability requirements.
For UK customers, NkaiHost’s approach includes limiting access to customer data, using security controls, maintaining support records, applying appropriate retention periods, and helping customers respond to data protection requests where technically possible and legally required.
Where NkaiHost acts as a processor for UK customers, we recommend that business customers use a suitable Data Processing Agreement if they process personal data through our hosting services.
For customers in the European Union or customers processing personal data relating to individuals in the EU, the EU GDPR may apply.
The European Data Protection Board explains that the concepts of controller, processor and joint controller are central to GDPR compliance because they determine which party is responsible for which obligations.
Where NkaiHost provides hosting services to EU-based customers, or where customer-hosted services process EU personal data, we aim to support GDPR-aligned practices such as confidentiality, access controls, data minimisation, security, breach response support, deletion assistance, processor obligations and the use of appropriate safeguards for international transfers.
Customers remain responsible for determining whether their use of NkaiHost services requires additional measures, such as a Data Processing Agreement, privacy notices, cookie consent tools, records of processing activities or data protection impact assessments.
The United States does not have a single federal privacy law equivalent to the GDPR for all sectors. Instead, privacy requirements may come from federal laws, state privacy laws and sector-specific rules.
For many US users, the most significant state-level privacy framework is the California Consumer Privacy Act, as amended by the California Privacy Rights Act. The California Attorney General explains that the CCPA gives California consumers rights including the right to know what personal information is collected, used and shared; the right to delete personal information; the right to opt out of sale or sharing; and the right to non-discrimination for exercising privacy rights.
The California Privacy Protection Agency also notes that the CCPA can apply to businesses, service providers, contractors and third parties, with different obligations depending on the role.
NkaiHost does not sell customer personal data. Where we provide hosting services to US customers, our role may be similar to a service provider or processor depending on the arrangement and the data involved. Customers subject to US privacy laws are responsible for ensuring their own websites, applications, email practices and customer data collection processes meet applicable US legal requirements.
If a US customer uses NkaiHost to host an application that collects personal information from California residents or residents of other US states with privacy laws, the customer should ensure their privacy notices, consent flows, opt-out mechanisms and data request procedures are legally appropriate.
For Canadian customers or customers processing data relating to individuals in Canada, the Personal Information Protection and Electronic Documents Act may apply, along with provincial privacy laws in certain provinces.
The Office of the Privacy Commissioner of Canada provides guidance on cross-border personal data processing and explains that organisations remain accountable for personal information transferred to third parties for processing. The guidance also highlights the importance of using contractual or other measures to protect personal information when it is handled by a third-party processor.
For Canadian customers using NkaiHost services, this means the customer should consider whether its use of a UK-based hosting provider involves cross-border processing and whether its own privacy notices should disclose that personal data may be stored or processed outside Canada.
NkaiHost supports responsible cross-border hosting arrangements by applying appropriate security controls, access limitations, confidentiality practices and contractual safeguards where required.
Because NkaiHost may serve customers in the UK, EU, US, Canada and other jurisdictions, personal data may be processed or accessed across borders depending on the customer’s location, support requirements, service providers and infrastructure arrangements.
Where international transfers are subject to legal restrictions, NkaiHost aims to use appropriate safeguards. These may include contractual protections, supplier due diligence, access restrictions, data minimisation, encryption and other technical or organisational controls.
Customers are responsible for assessing whether their own use of NkaiHost services creates international transfer obligations for the data they control. For example, a Canadian business hosting customer data with a UK provider may need to disclose this in its privacy documentation, while an EU business may need appropriate GDPR transfer safeguards depending on the circumstances.
NkaiHost applies technical and organisational measures designed to protect customer data against unauthorised access, accidental loss, misuse, alteration and disclosure.
Our security approach may include account authentication controls, role-based access, firewall protection, malware scanning, SSL/TLS encryption, server monitoring, backup systems, secure customer portal access, ticket-based support records, activity logging and controlled administrative access.
For Plesk-hosted services, customers may have access to tools for SSL certificates, backups, file management, databases, DNS, email accounts, password management and application-level controls. Customers should use these tools responsibly and keep their own applications secure.
Customer accounts, billing, provisioning and support information is handled through the client portal, helping customers manage services in a structured and auditable way.
No hosting provider can guarantee absolute security, but NkaiHost aims to maintain a security-conscious hosting environment and expects customers to apply good security practices within their own accounts.
NkaiHost may provide backup features depending on the hosting plan. Backups are designed to support recovery from accidental deletion, corruption, technical failure or migration issues.
However, backups should not be treated as a replacement for customer-controlled data protection. Customers remain responsible for maintaining their own backup strategy where appropriate, especially for business-critical websites, ecommerce stores, customer databases, email archives, Node.js applications and VPS environments.
Retention periods may vary depending on the service type, hosting plan, backup configuration, legal obligations, billing records and operational needs. Account and billing information may be retained for legal, tax and accounting purposes. Hosted content may be deleted after cancellation, suspension, termination or expiry, subject to applicable terms and legal requirements.
NkaiHost Business Email Hosting may involve the processing of email messages, mailbox metadata, spam filtering data, authentication logs, MX records, SPF records, DKIM records and DMARC records.
Customers are responsible for the content of email sent and received through their mailboxes. They must not use NkaiHost services for spam, phishing, unlawful marketing, malware distribution or other abusive activity.
NkaiHost may process email-related logs and delivery data for troubleshooting, abuse prevention, security monitoring and service reliability. Where email migration is requested, NkaiHost may temporarily access mailbox data strictly for migration and support purposes.
When customers register, transfer or manage domains through NkaiHost, certain registrant and administrative data may need to be processed by domain registries, registrars or related service providers.
Domain registration may require the collection of registrant name, organisation, address, email address, phone number and technical contact details depending on the domain extension and registry rules.
DNS records may include technical data that connects your domain to websites, email providers, verification services, payment platforms, analytics tools or third-party systems. Customers are responsible for ensuring DNS records are accurate and do not expose unnecessary information.
Customers using the NkaiHost Drag-and-Drop Website Builder may process website content, images, form submissions, contact details, visitor interactions and SEO metadata.
Customers are responsible for ensuring that forms on their website collect only necessary information, include appropriate privacy notices and obtain consent where required. If the website uses analytics, tracking pixels, marketing forms or embedded third-party tools, the customer should ensure the required privacy and cookie notices are in place.
Customers using NkaiHost Node.js Hosting may process application data, environment variables, API keys, authentication tokens, logs, databases and third-party service integrations.
NkaiHost is responsible for providing the hosting environment according to the service purchased, while the customer is responsible for securing the application code, dependencies, user authentication, API endpoints, business logic and application-level data processing.
Customers should avoid storing secrets in public repositories, should rotate credentials where necessary, and should ensure that logs do not expose sensitive information unnecessarily.
VPS customers may have greater control over the server environment. This also means greater responsibility.
Unless NkaiHost provides a managed VPS service under a separate agreement, VPS customers are responsible for operating system updates, firewall rules, software patching, application security, user permissions, database security, SSH access, backups, monitoring and compliance for any data processed on the VPS.
NkaiHost may process limited VPS-related operational data for provisioning, billing, support, abuse prevention and infrastructure management.
NkaiHost support staff may access customer account information, service configuration, logs, website files, databases or email settings where necessary to provide technical support, migration assistance, troubleshooting, security investigation or service administration.
Access is limited to what is reasonably necessary for the support request or operational need. Customers should avoid sharing unnecessary sensitive information in tickets and should use temporary passwords where possible. After a migration or support session, customers should rotate credentials where appropriate.
NkaiHost treats customer support information as confidential and expects staff and service providers to follow appropriate confidentiality and security practices.
NkaiHost aims to respond promptly to security incidents involving personal data.
Where NkaiHost acts as a data controller and a personal data breach occurs, we will assess the risk, take containment measures, investigate the incident and notify the relevant supervisory authority or affected individuals where legally required.
Where NkaiHost acts as a processor and becomes aware of a personal data breach affecting customer-controlled data, we will notify the relevant customer without undue delay where required, provide available information to support the customer’s assessment, and assist with reasonable mitigation steps.
Customers remain responsible for determining whether a breach affecting their own hosted data must be reported to their users, regulators or other parties.
Depending on the applicable law, individuals may have rights to access, correct, delete, restrict, object to or receive a copy of their personal data.
Where NkaiHost acts as a controller, requests relating to NkaiHost account, billing, portal or support data should be sent directly to NkaiHost.
Where NkaiHost acts as a processor, requests relating to data stored inside a customer website, database, email account, application or VPS should normally be directed to the customer who controls that data. NkaiHost may assist the customer where technically possible and legally required.
NkaiHost may use trusted third-party providers to help deliver hosting, billing, payment processing, domain registration, email delivery, security, monitoring, support, analytics, data centre operations or infrastructure services.
Where required, NkaiHost seeks to ensure that service providers process data under appropriate contractual, confidentiality and security obligations. We aim to work with providers that support reliable service delivery and responsible data protection practices.
Customers who require a list of relevant sub-processors for contractual or compliance purposes may contact NkaiHost support.
Business customers who use NkaiHost to process personal data on behalf of their own customers, users, employees or clients may require a Data Processing Agreement.
A Data Processing Agreement typically defines the subject matter and duration of processing, the nature and purpose of processing, the categories of data, the categories of data subjects, the obligations of the controller, the obligations of the processor, confidentiality requirements, security measures, sub-processing terms, international transfer safeguards, breach notification support, deletion or return of data, and audit or compliance assistance.
Customers who require a Data Processing Agreement should contact NkaiHost before using services for regulated or sensitive processing.
NkaiHost services are general-purpose hosting services. They are not automatically configured for highly regulated data such as medical records, financial records, government-classified data, criminal offence data, biometric identification data or large-scale special category data.
Customers must not use NkaiHost services for sensitive or regulated processing unless they have confirmed that the selected service, contract, security controls and compliance arrangements are appropriate for that purpose.
If your business handles sensitive personal data, special category data, payment card data, healthcare information, children’s data or regulated financial information, please contact NkaiHost before ordering so we can discuss whether our services are suitable.
NkaiHost aims to apply privacy and security considerations throughout service delivery. This includes limiting data access, separating customer accounts, supporting SSL encryption, offering backup options, using structured support records, applying reasonable retention practices and helping customers configure secure hosting environments.
For customers, privacy by design also means choosing the right hosting plan, using strong passwords, enabling SSL, keeping software updated, limiting admin access, collecting only necessary personal data and publishing clear privacy notices.
If you have questions about data protection, data processing, security, privacy rights or compliance requirements relating to NkaiHost services, please contact us:
NkaiHost UK
NKAI SYSTEMS LIMITED
124 City Road, London, EC1V 2NX
United Kingdom
Email: info@nkaihost.com
This Data Protection page is designed to explain NkaiHost’s approach to data protection across its hosting and digital infrastructure services. It is provided for general information and should not be treated as legal advice.
Data protection obligations may vary depending on your business type, customer location, service configuration, data categories and legal jurisdiction. Customers are responsible for ensuring that their own use of NkaiHost services complies with applicable data protection, privacy, electronic communications, cybersecurity, consumer protection and sector-specific laws.
NkaiHost recommends that business customers obtain independent legal advice where they process personal data through websites, applications, email systems, customer databases or VPS environments.