Política

Política de Privacidad

(El texto siguiente solo es legalmente vinculante en su versión en inglés.)

Last Updated
2026-05-07
Company
Tealight Ltd
Company Number
15078084
UK VAT Number
GB522366506
Registered Office
61 Bridge Street, Kington, England, HR5 3DJ
Registered In
England and Wales
Website
kumo2.com
Privacy Contact
[email protected]
Legal Contact
[email protected]
Abuse Contact
[email protected]

1. Introduction

This Privacy Policy explains how Tealight Ltd (“we”, “us”, “our”, or the “Company”) collects, uses, stores, shares and protects personal data when you visit our website, create an account, order services, use our control panel, use our API, contact support, receive communications from us, or otherwise use our services.

This Privacy Policy applies to our VPS, cloud server, dedicated server, networking, IP address, storage, control panel, API, support, billing and related services.

This Privacy Policy should be read together with our Terms of Service, Acceptable Use Policy, Refund Policy, Data Processing Agreement where applicable, Cookie Policy where applicable, and any product-specific terms.

If you do not agree with this Privacy Policy, you should not use our services.

2. Who We Are

Tealight Ltd is a company incorporated in England and Wales under company number 15078084, with its registered office at 61 Bridge Street, Kington, England, HR5 3DJ.

For account management, billing, fraud prevention, security, abuse handling, support, service operation, legal compliance and business administration, we generally act as a data controller.

For personal data contained in Customer Content stored or processed inside your VPS, cloud server, dedicated server or other instance, where we do not determine the purposes and means of processing, we generally act as a processor or infrastructure provider on behalf of the customer.

Where we process personal data on behalf of a Business Customer as a processor, our Data Processing Agreement applies.

3. Scope of This Policy

This Privacy Policy covers personal data we process about:

  • account holders;
  • billing contacts;
  • administrative users;
  • technical contacts;
  • support contacts;
  • website visitors;
  • API users;
  • prospective customers;
  • abuse reporters;
  • complainants;
  • persons involved in legal, security or abuse investigations;
  • representatives of suppliers, partners or service providers.

This Privacy Policy does not directly govern Customer Content that you choose to host, store, transmit or process using our services, except where we process such content for support, security, abuse handling, legal compliance or service operation purposes.

You are responsible for providing appropriate privacy notices to your own customers, users, visitors and end users where you use our services to process their personal data.

4. Personal Data We Collect

We may collect and process the following categories of personal data.

4.1 Account Data

  • name;
  • company name;
  • username;
  • email address;
  • phone number;
  • billing address;
  • country or region;
  • account ID;
  • account status;
  • account preferences;
  • authentication settings;
  • verification status;
  • communications preferences.

4.2 Billing and Payment Data

  • invoice details;
  • order history;
  • payment status;
  • transaction identifiers;
  • billing country;
  • tax information;
  • VAT, GST or tax registration numbers where applicable;
  • payment method type;
  • fraud screening results;
  • chargeback, dispute or refund records.

We normally do not store full card numbers. Card payments are usually processed by third-party payment processors.

4.3 Service Data

  • services ordered;
  • service identifiers;
  • instance IDs;
  • IP addresses assigned to your services;
  • data centre or region;
  • operating system image selected;
  • plan, resources and configuration;
  • reverse DNS records;
  • firewall or network settings;
  • bandwidth usage;
  • resource usage;
  • service status;
  • provisioning, suspension, termination and deletion records.

4.4 Technical and Log Data

  • login IP addresses;
  • access times;
  • browser type;
  • device information;
  • operating system information;
  • session identifiers;
  • API requests;
  • control panel activity;
  • authentication logs;
  • security logs;
  • system alerts;
  • network metadata;
  • traffic metadata;
  • error logs;
  • diagnostic logs.

Traffic metadata may include source and destination IP addresses, ports, timestamps, protocols, packet or flow statistics and similar information. We do not routinely inspect the contents of your server files or communications, but we may access or process content where necessary for support, security, abuse handling, legal compliance or enforcement.

4.5 Support and Communication Data

  • support tickets;
  • emails;
  • live chat messages;
  • call notes;
  • attachments you provide;
  • troubleshooting information;
  • customer feedback;
  • internal notes relating to your request;
  • communications with you.
  • abuse complaints;
  • abuse reports;
  • security alerts;
  • law enforcement requests;
  • preservation requests;
  • legal notices;
  • copyright or DMCA notices;
  • fraud indicators;
  • sanctions screening results;
  • risk scores;
  • investigation notes;
  • evidence submitted by reporters or affected parties;
  • remediation records;
  • enforcement records.

Depending on your cookie settings and our website configuration, we may collect:

  • IP address;
  • device identifiers;
  • browser information;
  • pages viewed;
  • referral URL;
  • session data;
  • analytics data;
  • cookie identifiers;
  • marketing preference data.

Further details may be provided in our Cookie Policy.

5. Customer Content

Customer Content means data, files, software, applications, systems, configurations, databases, websites, logs, images, text, code and other content that you upload to, store on, transmit through or process using our services.

You retain ownership of your Customer Content.

We do not claim ownership of Customer Content.

We do not routinely monitor or review Customer Content. However, we may access, preserve, copy, disclose, disable, isolate or delete Customer Content where necessary for:

  • providing support at your request;
  • maintaining service security and integrity;
  • investigating abuse or security incidents;
  • enforcing our Terms of Service or Acceptable Use Policy;
  • complying with legal obligations;
  • responding to valid legal process;
  • protecting the rights, safety and property of us, our users, upstream providers, affected parties or the public;
  • preventing fraud, malware, spam, attacks or other abuse.

6. Sources of Personal Data

We may collect personal data from:

  • you directly;
  • your account users or authorised contacts;
  • your use of our website, control panel, API and services;
  • payment processors;
  • fraud prevention providers;
  • identity or verification providers;
  • data centres and upstream providers;
  • abuse reporters;
  • security researchers;
  • copyright owners or their agents;
  • law enforcement agencies, courts, regulators or government authorities;
  • publicly available sources;
  • third-party platforms that you use to interact with us.

7. How We Use Personal Data

We may use personal data for the following purposes.

7.1 Account and Service Administration

  • creating and managing accounts;
  • provisioning services;
  • authenticating users;
  • managing service configuration;
  • processing orders;
  • maintaining service records;
  • providing control panel and API access.

7.2 Billing and Payments

  • issuing invoices;
  • processing payments;
  • managing renewals;
  • collecting overdue amounts;
  • processing refunds or credits;
  • handling chargebacks and disputes;
  • maintaining accounting and tax records.

7.3 Support and Customer Communications

  • responding to support requests;
  • troubleshooting service issues;
  • notifying you about incidents, maintenance or changes;
  • sending service-related messages;
  • managing customer relationships.

7.4 Security and Abuse Prevention

  • detecting and preventing fraud;
  • detecting and preventing abuse;
  • investigating spam, phishing, malware, DDoS, scans, attacks or other prohibited activity;
  • protecting IP reputation and network integrity;
  • securing accounts and systems;
  • enforcing our Terms of Service and Acceptable Use Policy;
  • responding to complaints and abuse reports.
  • complying with legal obligations;
  • responding to lawful requests;
  • preserving records where required;
  • enforcing our rights;
  • defending legal claims;
  • complying with sanctions, export control, tax, accounting, consumer protection, cybersecurity and data protection obligations.

7.6 Business Operations

  • improving services;
  • developing new features;
  • maintaining internal records;
  • monitoring service performance;
  • conducting audits;
  • managing suppliers and partners;
  • business planning and reporting.

7.7 Marketing

Where permitted by law, we may use your contact details to send service updates, product information, offers or other marketing communications.

You can opt out of marketing communications at any time.

We will still send necessary service, billing, legal, security and account communications.

8. Lawful Bases for Processing

Where UK GDPR or similar data protection laws apply, we rely on one or more of the following lawful bases.

8.1 Contract

We process personal data where necessary to enter into or perform a contract with you, including:

  • account creation;
  • service provisioning;
  • billing;
  • support;
  • service management;
  • renewal and cancellation.

We process personal data where necessary to comply with legal obligations, including:

  • tax and accounting requirements;
  • lawful requests;
  • data protection obligations;
  • sanctions and export control obligations;
  • consumer protection obligations;
  • fraud and abuse reporting obligations where applicable.

8.3 Legitimate Interests

We process personal data where necessary for our legitimate interests or the legitimate interests of others, provided those interests are not overridden by your rights and freedoms.

Our legitimate interests include:

  • operating and improving our services;
  • securing our network and infrastructure;
  • preventing fraud and abuse;
  • protecting IP reputation;
  • investigating complaints;
  • enforcing our Terms and AUP;
  • managing business risk;
  • recovering unpaid amounts;
  • protecting our legal rights;
  • communicating with business customers.

We rely on consent where required, for example for certain cookies, optional marketing or specific data uses where consent is legally required.

You may withdraw consent at any time where processing is based on consent.

8.5 Vital Interests

In rare cases, we may process personal data where necessary to protect someone’s life or physical safety.

8.6 Public Interest or Official Authority

Where applicable, we may process personal data where necessary for tasks carried out in the public interest or in connection with lawful requests from competent authorities.

9. Cookies and Similar Technologies

We may use cookies, pixels, local storage, session storage and similar technologies to operate our website, authenticate users, remember preferences, improve performance, analyse usage, prevent fraud and support marketing.

Cookies may include:

  • strictly necessary cookies;
  • security cookies;
  • preference cookies;
  • analytics cookies;
  • marketing cookies.

Where required by law, we will ask for your consent before using non-essential cookies.

You can manage cookies through your browser settings and, where available, our cookie preference tool.

Blocking some cookies may affect website or control panel functionality.

Further details may be provided in our Cookie Policy.

10. Sharing Personal Data

We may share personal data with the following categories of recipients where necessary.

10.1 Service Providers and Subprocessors

  • data centres;
  • hosting and infrastructure providers;
  • network providers;
  • DDoS mitigation providers;
  • payment processors;
  • fraud prevention providers;
  • identity verification providers;
  • support ticket providers;
  • email providers;
  • analytics providers;
  • monitoring and logging providers;
  • accounting providers;
  • legal, tax and professional advisers;
  • customer communication providers.

10.2 Upstream Providers and Data Centres

We may share relevant information with upstream providers, data centres, transit providers, IP providers or network partners for service operation, abuse handling, security, troubleshooting, legal compliance or network protection.

We may share personal data with courts, law enforcement agencies, regulators, government authorities, legal advisers, payment networks or other parties where required or permitted by law.

10.4 Abuse Reporters and Affected Parties

Where appropriate, we may share limited information with abuse reporters, affected parties, copyright complainants, security researchers or network operators to investigate, mitigate or resolve abuse, security incidents or legal complaints.

10.5 Business Transfers

If we sell, merge, restructure, transfer or finance all or part of our business, personal data may be disclosed to potential or actual buyers, investors, advisers or successors, subject to appropriate confidentiality and legal safeguards.

11. International Data Transfers

We are incorporated in the United Kingdom, but our services, infrastructure, data centres, upstream providers, payment processors, support providers and other subprocessors may be located in the United States or other countries.

Your personal data may be processed in the United Kingdom, United States, European Economic Area and other jurisdictions.

Where UK GDPR or similar laws require safeguards for international transfers, we use appropriate mechanisms where applicable, such as:

  • the UK International Data Transfer Agreement;
  • the UK Addendum to the EU Standard Contractual Clauses;
  • adequacy regulations;
  • transfers to organisations certified under applicable data transfer frameworks;
  • other lawful transfer mechanisms.

Not all countries provide the same level of data protection as the United Kingdom. Where required, we take steps designed to protect personal data in accordance with applicable law.

12. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the type of data and purpose.

Examples include:

  • account data: retained while your account is active and for a reasonable period after closure;
  • billing and invoice data: retained as required for tax, accounting and audit purposes;
  • support tickets: retained for customer service, quality, dispute and compliance purposes;
  • login and security logs: retained for security, abuse prevention and investigation purposes;
  • IP allocation records: retained for abuse handling, legal compliance and network operation purposes;
  • abuse and legal records: retained as necessary to investigate, enforce, defend claims, comply with legal obligations and prevent repeated abuse;
  • backups: retained according to backup cycles and may be overwritten automatically.

You may request deletion of personal data, but deletion rights are not absolute. We may retain data where necessary for legal obligations, dispute resolution, fraud prevention, abuse prevention, security, accounting, tax, enforcement or legitimate business purposes.

13. Security

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

Measures may include access controls, authentication, encryption in transit where appropriate, logging, monitoring, network security, backup procedures, staff access restrictions and internal policies.

No service can be guaranteed to be completely secure. You are responsible for securing your own account, credentials, servers, applications, Customer Content and end users.

You should notify us immediately if you suspect unauthorised access, credential compromise, data breach or other security incident involving your account or services.

14. Your Privacy Rights

Depending on your location and applicable law, you may have rights in relation to your personal data, including:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object;
  • the right to withdraw consent where processing is based on consent;
  • the right not to be subject to certain solely automated decisions;
  • the right to lodge a complaint with a supervisory authority.

To exercise your rights, contact us at [email protected].

We may need to verify your identity before responding to a request.

Some rights are subject to conditions, exemptions or limitations. For example, we may retain information where required for legal compliance, security, fraud prevention, abuse handling, dispute resolution, accounting or enforcement.

If you are in the United Kingdom, you have the right to complain to the Information Commissioner’s Office. We encourage you to contact us first so we can try to resolve your concern.

15. California Privacy Notice

This section applies only where the California Consumer Privacy Act or similar California privacy laws apply to us.

In the preceding 12 months, we may have collected the categories of personal information described in this Privacy Policy, including identifiers, commercial information, internet or network activity information, geolocation inferred from IP address, professional or business contact information, and inferences related to fraud or abuse risk.

We collect personal information for the business and commercial purposes described in this Privacy Policy, including service provision, billing, support, security, fraud prevention, abuse handling, legal compliance and service improvement.

We may disclose personal information to the categories of recipients described in this Privacy Policy.

[Choose one before publishing:]

Option A: We do not sell personal information and do not share personal information for cross-context behavioural advertising as those terms are defined by applicable California privacy law.

Option B: If we sell or share personal information as defined by applicable California privacy law, we will provide a “Do Not Sell or Share My Personal Information” mechanism and honour applicable opt-out requests.

California residents may have the right to:

  • know what personal information we collect, use, disclose, sell or share;
  • access personal information;
  • request deletion;
  • request correction;
  • opt out of sale or sharing where applicable;
  • limit use of sensitive personal information where applicable;
  • not be discriminated against for exercising privacy rights.

To exercise California privacy rights, contact [email protected].

16. EEA and Swiss Users

If you are located in the European Economic Area or Switzerland, you may have rights under applicable EU or Swiss data protection laws.

Where required, we will process your personal data in accordance with applicable data protection requirements and provide appropriate safeguards for international transfers.

If we are required to appoint an EU representative or other local representative, we will publish the relevant contact details.

17. Children

Our services are not intended for children.

You must not create an account or use our services if you are not legally able to enter into a binding contract.

We do not knowingly collect personal data from children for account creation or service provision.

If you believe a child has provided personal data to us, contact [email protected].

This section does not limit our ability to process information relating to child safety, CSAM reports, abuse investigations or legal compliance.

18. Marketing Communications

We may send marketing communications where permitted by law.

You can opt out of marketing emails by using the unsubscribe link or contacting us.

Even if you opt out of marketing, we may still send service-related, billing, account, legal, security and abuse-related communications.

19. Automated Decision-Making

We may use automated systems to help detect fraud, abuse, payment risk, spam, security threats, sanctions risk or violations of our Terms or AUP.

These systems may contribute to decisions such as requiring verification, rejecting an order, limiting resources, blocking payment methods, suspending services or escalating an account for manual review.

Where required by law, you may request human review of decisions that produce legal or similarly significant effects.

20. Do Not Track and Global Privacy Controls

Some browsers provide “Do Not Track” signals. Because there is no consistent industry standard for these signals, our website may not respond to all Do Not Track signals.

Where required by applicable law, we will honour legally recognised opt-out preference signals, such as Global Privacy Control, for applicable privacy choices.

Our website, documentation or control panel may contain links to third-party websites, applications, integrations or services.

We are not responsible for the privacy practices, security or content of third-party services.

Your use of third-party services is governed by their own privacy policies and terms.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time for legal, regulatory, operational, technical, security or business reasons.

The updated version will be posted on our website or otherwise made available to you.

If we make material changes, we will take reasonable steps to notify you.

Your continued use of our services after the updated Privacy Policy takes effect means you acknowledge the updated policy.

23. Contact Us

For privacy requests or questions:

Privacy Contact
[email protected]

For legal requests:

Legal Contact
[email protected]

For abuse reports:

Abuse Contact
[email protected]

Postal address:

Tealight Ltd 61 Bridge Street, Kington, England, HR5 3DJ [United Kingdom]