StrathNode

Privacy

Privacy policy

Last updated: March 2026

StrathWorks Ltd ("we", "us", "our") operates StrathNode, a managed web hosting service. This policy explains what personal data we collect, how we use it, and your rights under UK data protection law, including the UK GDPR.

Who we are

The data controller is StrathWorks Ltd, registered in Scotland (SC880795). For data enquiries, use the contact form or write to our registered address.

What data we collect

When you create a StrathNode account, we collect:

  • Your name, email address, and company name (where provided)
  • Your primary domain name for hosting provisioning
  • A hashed password — we do not store your password in plain text
  • Billing data via Stripe — we store a Stripe customer ID and subscription ID; full payment card details are held by Stripe and never stored on our servers
  • Hosting account details generated at provisioning (domain, username, server plan)
  • Invoice records synced from Stripe
  • Login timestamps and password reset activity for security purposes

If you use the contact form, we collect your name, email, and the contents of your message.

How we use your data

We use your personal data to:

  • Create and manage your hosting account
  • Process and manage your subscription billing via Stripe
  • Send transactional emails — password resets, provisioning confirmations, and billing notifications
  • Respond to support and contact form enquiries
  • Maintain security, detect abuse, and protect the service

We do not use your data for marketing without your explicit consent. We do not sell your data to third parties.

Legal basis

We process your data on the basis of contract performance (to provide the hosting service you signed up for), legitimate interests (security, fraud prevention, service improvement), and legal obligation where applicable. Contact form data is processed on the basis of your consent in submitting it.

Third parties

We share limited data with the following third-party processors to deliver the service:

  • Stripe — payment processing and subscription management. Stripe processes payment card data under their own privacy policy and PCI-DSS compliance.
  • Microsoft — transactional email is sent via Microsoft Graph (Microsoft 365). Your email address is used solely to deliver system emails.
  • Virtualmin / hosting infrastructure — your domain name and hosting credentials are stored on the server infrastructure used to provision your account.

All processors are bound by data processing agreements. We do not share your data with any other third parties.

Data retention

We retain your account data for the duration of your subscription and for a reasonable period thereafter for legal and accounting purposes (typically six years in line with UK company law requirements). Contact form submissions are retained for the period needed to resolve your enquiry. You may request deletion at any time — see Your rights below.

Cookies and tracking

StrathNode uses a single, strictly necessary session cookie to keep you signed in to the client portal. This cookie is not used for tracking and does not persist beyond your session unless you close the browser with an active session. We do not use third-party tracking cookies, advertising pixels, or analytics scripts on this site.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (subject to legal retention obligations)
  • Request a portable copy of your data
  • Object to or restrict processing in certain circumstances
  • Withdraw consent where processing is based on consent

To exercise any of these rights, use the contact form. We will respond within one calendar month.

Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the opportunity to address your concerns directly first.

Changes to this policy

We may update this policy from time to time. The date at the top of this page will reflect the most recent revision. Continued use of the service following an update constitutes acceptance of the revised policy.