Privacy Policy
Last updated: 16 July 2026 · Version 1.0
This policy explains what personal data we process when you use yiorashost.com and panel.yiorashost.com, why, who we share it with and what rights you have under the EU General Data Protection Regulation (GDPR) and Greek Law 4624/2019.
1. Who is responsible (controller)
Georgios Koikas, sole trader (ελεύθερος επαγγελματίας)
Olympionikon 19, 20200 Kiato, Korinthia, Greece
Tax ID (ΑΦΜ): 171419432
Email: support@yiorashost.com · Phone: +30 694 735 3025 ·
Support: yiorashost.com/tickets
2. What we collect
- Account data — name, email address, country, password (stored only as a cryptographic hash).
- Billing data — orders, invoices, payment status and payment-method metadata (for example card brand and last four digits). Full card details go directly to our payment provider and never touch our servers.
- Service data — the servers you run and their configuration; the files, worlds, databases and backups you store with us.
- Support data — tickets and emails you send us.
- Technical data — IP addresses and timestamps in web-server, panel, authentication and security logs.
3. Why we process it (legal bases)
- To provide the Service (contract, Art. 6(1)(b) GDPR): account management, provisioning your servers, billing, support, and service emails such as invoices, renewal reminders and "your server is ready" notices.
- Legal obligations (Art. 6(1)(c)): keeping invoices and tax records as Greek tax law requires.
- Legitimate interests (Art. 6(1)(f)): security logging, abuse and fraud prevention, and defending legal claims — narrowly scoped to what running a hosting service safely requires.
We do not send marketing email without your consent, we do not profile you, and we do not sell personal data.
4. Who we share it with (processors)
| Provider | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Data-center infrastructure our servers run on | Germany (EU) |
| Stripe Payments Europe Ltd. | Payment processing | Ireland (EU); some data processed by Stripe Inc. in the US |
| Cloudflare, Inc. | DNS and network services for our domains | EU/US |
| Resend, Inc. | Sending transactional email (invoices, service notices) | US |
Stripe and Cloudflare act as our processors for some operations and as independent controllers for others — for example Stripe's fraud prevention and its own regulatory compliance — as described in their own privacy notices. Where a provider processes data outside the EU/EEA, transfers rest on an EU adequacy decision (including the EU-US Data Privacy Framework where the provider is certified) and/or the European Commission's Standard Contractual Clauses.
In addition, our accountant receives the billing records needed for bookkeeping and tax filings, and invoice data is transmitted to the Greek tax authority (ΑΑΔΕ) through the myDATA system, as Greek law requires. Beyond that, we disclose personal data only if the law requires it.
5. How long we keep it
- Account data — for as long as your account exists. You can request deletion at any time; we then delete or anonymise everything not covered by a retention duty.
- Invoices and tax records — as long as Greek tax legislation requires (at least five years).
- Server files, databases and backups — deleted when the service is terminated (see the Terms, section 10).
- Logs — rotated on short schedules and kept no longer than 12 months, most much shorter.
- Support tickets — kept while your account exists so we have context when you come back.
6. Players on your server
If you run a server, your players' data (usernames, UUIDs, IP addresses, chat) ends up in your server's files and logs, which we host for you. What runs on the server and what data it collects is your decision — for that content we act on your behalf. Where you are the controller of your community's data, section 15 of the Terms of Service serves as our data-processing agreement with you under Article 28 GDPR.
7. Your rights
You have the right to access, rectify and erase your personal data, to restrict or object to its processing, and to receive it in a portable format (Arts. 15–21 GDPR). Exercise them via a support ticket or email to support@yiorashost.com — we respond within one month.
You also have the right to lodge a complaint with a supervisory authority. In Greece that is the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), dpa.gr — though we would appreciate the chance to resolve any concern directly first.
8. Security
All connections to the store, panel and customer databases are encrypted with TLS. Access to infrastructure is restricted, key-based and logged; customer servers run isolated from one another; passwords are stored only as hashes. No internet service can promise perfect security, but if a breach ever affects your data we will notify you and the authority as the GDPR requires.
9. Minors
The Service is not directed at children under 15, matching Greece's age of digital consent (Law 4624/2019). Customers between 15 and 18 need a parent or guardian per our Terms.
10. Cookies and analytics
We use only strictly necessary cookies — see the Cookie Policy. If we add visitor analytics it will be a cookieless, privacy-preserving tool that stores no personal data, and this policy will be updated to name it.
11. Changes
We will update this policy when our processing changes — for example new providers or features — and note the date at the top. For significant changes we notify you by email.