Privacy Policy
1.Overview
This Privacy Policy explains how HostingX Solutions LLC ("Company", "we", "our") collects, uses, and protects data.
2.Data Categories
- Account Data: name, email, authentication identifiers.
- Platform Metadata: logs, usage metrics, API timings (limited presently).
- Customer Data: data you intentionally send to future platform features (none persisted yet beyond form submissions).
- Support Data: messages you send us.
- Consent & Preference Data: cookie and marketing choices.
3.Legal Bases (EEA / UK)
Contract performance (core features), legitimate interests (security, service integrity), consent (marketing and non-essential cookies), and legal obligation (records, fraud prevention).
4.Use of Data
Currently we use personal data only to:
- respond to inquiries,
- record consent and unsubscribe events,
- maintain minimal security logs, and
- send requested communications.
5.Customer Data Processing
Where we act as a processor (future pipeline features), we will only process per your documented instructions. Presently, no customer production data is ingested beyond forms.
6.Subprocessors
Subprocessors active on getfinops.cloud:
- Amazon Web Services, Inc. (United States): static hosting (S3 + CloudFront, us-east-1), Route 53 DNS, contact-form compute (API Gateway + Lambda, us-east-1), inbound mail delivery (Amazon SES v2, us-east-1), and security logs (CloudWatch, us-east-1).
- Google LLC (United States) — Google Tag Manager: tag-deployment container with the ID
GTM-PGJRZBLJ. Loadsgtm.json every public page. GTM itself collects no personal data and sets no cookies; it is a delivery mechanism for other tags configured through tagmanager.google.com. As of the "Last updated" date above, the GTM container is empty — no third-party tags are deployed through it. Any tag added to the container in the future that introduces a new cookie or data flow will be disclosed in a Privacy Policy update before activation. Data is processed under Google's Standard Contractual Clauses for EU traffic. - Google LLC (United States) — Google Analytics 4: page-view and engagement analytics via
gtag.jswith the measurement IDG-WYE7HVPXL4. Loaded on every page of the public landing site. Writes first-party_gaand_ga_*cookies (see §11). Configured withanonymize_ip: true(IP truncated before storage),allow_google_signals: false(cross-device tracking disabled), andallow_ad_personalization_signals: false(data is not used for advertising personalization). Used solely to understand which landing pages and content perform best. Data is processed under Google's Standard Contractual Clauses for EU traffic. - Google LLC (United States) — Google Ads: conversion tracking via
gtag.js. Loaded only when theNEXT_PUBLIC_GADS_IDbuild-time configuration is set, and only on the public landing page. Writes a single first-party_gcl_aucookie (see §11). The conversion event is fired only on a successful contact-form submission whose declared role is "Prospective customer" — investor, press, and "something else" submissions are excluded from advertising attribution by design. Data is processed under Google's Standard Contractual Clauses for EU traffic. No remarketing audiences are built; no personal data is shared with Google beyond the raw conversion event (no name, email, message, or IP is forwarded).
Any additional subprocessors for product features beyond the landing page will be listed here with at least thirty (30) days' notice before activation.
7.Security Measures
Encryption in transit (HTTPS), least-privilege internal access, periodic review of access logs. As the platform expands, we will publish a detailed security whitepaper.
8.Retention
Contact and consent records retained while necessary for proof of compliance (generally up to 24 months) unless earlier deletion is requested (subject to legal holds). Unsubscribe records retained to enforce suppression.
9.International Transfers
If data is transferred cross-border, we will implement appropriate safeguards (e.g., SCCs). Currently hosting is planned within reputable cloud regions.
10.Your Rights
You have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time. To exercise any of these rights, email privacy@hostingx.co.il — we reply within thirty (30) days. California residents have equivalent rights under the CCPA; we do not sell or share personal data as those terms are defined under California Civil Code § 1798.140.
11.Cookies & Local Storage
getfinops.cloud sets a minimal number of first-party cookies and one localStorage entry. We use no third-party cookies and no cross-site tracking.
saas-theme(localStorage): records your light/dark-mode preference so it persists between visits. Strictly necessary functional storage under Article 5(3) of the ePrivacy Directive; does not require consent. Set on every visit._gaand_ga_*(first-party cookies, 24-month TTL): set by Google Analytics 4 (see §6) to distinguish unique visitors and maintain per-session state for pageview and engagement reporting. The asterisk in_ga_*is replaced by our property ID at runtime (yielding_ga_WYE7HVPXL4). IP addresses are truncated before storage and Google Signals is disabled — no cross-device tracking._gcl_au(first-party cookie, 90-day TTL): set by Google Ads conversion tracking (see §6) only when a visitor arrives from a Google Ads click (identified by agclidURL parameter) AND only on deploys configured with a Google Ads conversion ID. Stores an opaque identifier used solely to attribute a subsequent contact-form submission (role = "Prospective customer") back to the originating ad. Not set on organic visits or on deploys without conversion tracking enabled.
You can clear any of these any time via your browser's site-data controls, or block all third-party scripts (including Google Analytics and Google Ads) via standard ad-blocking extensions — the site remains fully functional without them.
12.Communications
Marketing emails only sent with prior opt-in; you may unsubscribe anytime. Transactional or security notifications (if any) are still sent when required.
13.Third Parties
We do not sell personal data. Any future subprocessors will be contractually bound to equivalent protections and listed prior to activation.
14.Children
Not directed to children under 16. Contact us for prompt removal if such data is discovered.
15.Changes
Material updates announced via site notice or email with effective date.
16.Contact
- Privacy questions
- privacy@hostingx.co.il
- General inquiries
- hello@getfinops.cloud