Data Handling Policy
At Ultra.cc, we collect and store only the minimum amount of information required to provide and maintain your services. Our team is trained to handle your data with strict privacy and security in mind. Staff are required to use strong credentials, multi-factor authentication, and observe strict internal access controls.
Payment processing is handled entirely by third-party processors. Ultra.cc never stores your full financial details. We only keep records such as transaction IDs.
Ultra.cc processes personal data in line with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, and Singapore law. We act as the data controller for customer account, billing, and support information.
GDPR Principles Applied
- Lawful Basis: Data is processed to perform our contract with you, to comply with legal obligations such as retaining billing records for six years under Singapore law, for Ultra.cc’s legitimate interests such as fraud prevention, network security, and service improvements, or with your consent.
- Retention: Non-essential identifiers such as names and emails may be anonymised on request. Billing and payment data must be retained for six years under Singapore law.
- International Transfers: When data is transferred outside the EU or UK, safeguards such as Standard Contractual Clauses (SCCs) are applied.
- User Rights: EU and UK customers may request access, rectification, erasure with limitations, restriction, portability, or objection via ticket. Customers may also complain to their local Data Protection Authority.
- No Data Selling: Ultra.cc does not sell customer data. Data is only shared with trusted third parties such as payment processors or infrastructure providers where necessary.
Support Access and Customer Consent
By opening a support ticket regarding a service, application, or configuration issue, you acknowledge that Ultra.cc staff may access your account details, service configuration files, installed applications, and relevant logs strictly for the purpose of diagnosing and resolving the reported issue.
- Access is limited in scope and duration to what is necessary.
- Ultra.cc does not inspect or use customer files for any purpose other than troubleshooting and compliance with law.
- Staff will not access user-created files unless explicitly instructed by you or where legally required.
Ticket System
- Uses
- Records customer support interactions, troubleshooting steps, and account details where relevant.
- Provides an auditable history for compliance, dispute resolution, and training.
- Collection
- Entered by you via the Ultra.cc ticket system.
- May include account information, service configurations, or logs voluntarily provided.
- Storage
- WHMCS = Cleartext for ticket text and attachments.
- Stored in secure, access-controlled systems.
- Access
- You.
- Ultra.cc support staff involved in handling your request.
- Retention
- Ticket contents and attachments are purged after ninety (90) days.
- Anything in relation to consumption is removed immediately.
- Minimal metadata such as ticket ID, timestamps, and status may be retained for compliance and audit, but without message content.
- Uses: Login identifier, contact point for announcements and tickets.
- Collection: Provided at signup.
- Storage: WHMCS = Cleartext; Django Suit = Cleartext.
- Access: You and the Ultra.cc team.
- Retention: Indefinite unless anonymised on request.
Username
- Uses: Identifies you in WHMCS, names your Ultra.cc slot, and is used by installed apps.
- Collection: Provided at signup.
- Storage: WHMCS = Cleartext; Django Suit = Cleartext; Applications = varies.
- Access: You and the Ultra.cc team.
- Retention: Indefinite unless anonymised on request.
Country
- Uses: Determines applicable taxes.
- Collection: Provided at signup.
- Storage: WHMCS = Cleartext.
- Access: You and the Ultra.cc team.
- Retention: Indefinite unless anonymised on request.
Passwords
- Ultra.cc Client Area Password
- Uses: Login to Client Area.
- Collection: Provided at signup.
- Storage: Encrypted in WHMCS.
- Access: You only. Staff can reset but cannot view plaintext.
- Retention: Until account closure.
- Ultra.cc Control Panel Password
- Uses: Login to Ultra.cc Control Panel.
- Collection: Set by you after deployment.
- Storage: Encrypted in Django Suit.
- Access: You only. Staff can reset but cannot view plaintext.
- Retention: Until account closure.
- Application Passwords
- Uses: Access user-installed applications.
- Collection: Set by you.
- Storage: Django Suit = Cleartext due to technical limitation. Installed Applications = varies.
- Access: You. Ultra.cc staff only for troubleshooting with your consent.
- Retention: Until you uninstall the app.
Payment Processing
- PayPal
- Stored: Transaction ID.
- Access: Ultra.cc Sales Team.
- Retention: Six years minimum.
- Stripe
- Stored: Payment ID, Hash, last four digits of card, expiry.
- Access: Ultra.cc Sales Team.
- Retention: Six years minimum.
- BTCPay
- Stored: Order Code and Confirmation Hash.
- Access: Ultra.cc Sales Team.
- Retention: Six years minimum.
Logs and Analytics
- Server Metrics: Retained indefinitely for support and abuse investigation.
- VPN Logs: Operational metadata only. No traffic content. Logs rotated.
- FTP Logs: Operational metadata only. Logs rotated to aid in any troubleshooting.
- Authentication Logs: Rotated on a monthly basis to aid in any security and abuse investigations.
- SSHD Logs: Logs rotated to aid in security mechanisms.
- System Logs: Logs rotated to aid in security, aggregated in Sentry.io.
- Application Logs: Retained until the app is uninstalled or the client deletes log files.
- User Bash History: Retained until cleared by you or service is Termin
Hosted Data
- Installed Applications
- Stored: Core files and configurations required for the application to operate.
- Access: You, and Ultra.cc staff only when necessary for troubleshooting, with your consent provided through the creation of a support ticket.
- Retention: Retained until you uninstall or remove the application.
- User Data
- Stored: Files you create or upload.
- Access: You only. Staff access requires your explicit request or legal requirement such as DMCA.
- Retention: Until removed by you. Legitimate DMCA requests may require removal within 24 hours.
- Data Handling Policy
- GDPR Principles Applied
- Support Access and Customer Consent
- Ticket System
- Email
- Username
- Country
- Passwords
- Payment Processing
- Logs and Analytics
- Hosted Data