Privacy Policy

1. Introduction

This Privacy Policy explains how Knitt (trading name of Alan Tiller) ("we", "us", "our", or "Company") collects, uses, and protects your personal data when you use our website and services. We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

We comply with the UK GDPR (General Data Protection Regulation (EU) 2016/679 as retained in UK law) and the Data Protection Act 2018.

2. Who We Are

Data Controller: Knitt, trading name of Alan Tiller, operates as a controller of personal data processed through our website and services. Knitt is a UK-based company providing web hosting, domain registration, and managed services.

3. Personal Data We Collect

We collect personal data in the following ways:

3.1 Account Registration:

• Full name
• Email address
• Phone number
• Billing address
• Password (hashed and encrypted)

3.2 Billing and Payment Information:

• Credit/debit card details (processed via third-party payment processors; we do not store full card details)
• Billing address and company details
• Invoice records
• Payment history

3.3 Support and Communications:

• Support ticket content and communications
• Email correspondence
• Chat transcripts (if chat support is provided)
• Feedback and survey responses

3.4 Website Usage Data:

• IP address and unique device identifier
• Browser type and version
• Operating system
• Pages visited and time spent on them
• Referral source and navigation patterns
• Cookies and similar tracking technologies (see our Cookie Policy)

3.5 Hosting and Domain Services Data:

• Domain registrant information (WHOIS data)
• Website content and files you store on our servers
• Email account data and associated metadata
• Server logs and access records
• SSL certificate information

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract Performance: Processing is necessary to provide hosting, domain, and other services you have requested.
• Legal Obligation: We process data to comply with applicable laws, including tax obligations, ICANN domain regulations, and regulatory requirements.
• Legitimate Interests: We process data for fraud prevention, security, service improvement, marketing with consent, and customer support.
• Consent: Where explicit consent is required (e.g., marketing emails), we will obtain your consent before processing.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• Providing hosting, domain registration, and managed services you have purchased
• Processing payments and managing billing
• Sending service notifications, updates, and announcements
• Providing customer support and technical assistance
• Detecting, preventing, and addressing fraud and security issues
• Complying with legal and regulatory obligations
• Improving our services, website, and user experience
• Sending marketing communications (with your consent)
• Responding to your inquiries and requests
• Maintaining and backing up our systems
• Complying with ICANN domain administration requirements

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers: We share personal data with the following third parties to provide our services:

• Infrastructure Provider: IONOS receives necessary data to provision and manage your hosting and domain services.
• Payment Processors: Payment card information is processed via third-party payment gateways. We do not store full card details.
• Domain Registries and Registrars: Domain registrant information (WHOIS) is shared with domain registries and ICANN as required by law.
• Email Service Providers: If third-party email delivery services are used, email metadata is processed by these providers.
• Backup Service Providers: Backup and disaster recovery data may be processed by third-party backup providers.
• Security Service Providers: Malware scanning, DDoS protection, and security monitoring may be provided by third-party services.

6.2 Legal Requirements: We may disclose your personal data if required by law, court order, law enforcement, or governmental authorities.

6.3 Business Transfer: In the event of a merger, acquisition, or business sale, your personal data may be transferred as part of that transaction. We will notify you of any such change.

6.4 Public Domain Information: WHOIS data for domain registrations is publicly available as required by ICANN regulations. This information may not be private.

6.5 Anonymized Data: We may share anonymized, aggregated data with third parties for analytics and service improvement purposes.

7. International Data Transfers

Personal data may be processed in the United Kingdom, EEA, and other jurisdictions used by our third-party service providers. Where transfers outside the UK apply, we seek to implement appropriate safeguards (such as contractual protections) where required.

8. Data Retention

We retain personal data for as long as necessary to provide services and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 5 years after account termination (to satisfy tax and legal obligations).
• Payment Records: Retained for 6 years (as required by UK tax law).
• Support Tickets: Retained for 3 years after last contact.
• Server Logs: Retained for a limited period based on security, operational, and legal requirements.
• Website Analytics: Retained for up to 26 months.
• Domain WHOIS Information: Retained as required by ICANN and domain registry requirements.
• Marketing Communications: Retained until you unsubscribe.

9. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

9.1 Right of Access: You may request a copy of the personal data we hold about you.

9.2 Right to Rectification: You may request that inaccurate or incomplete personal data be corrected.

9.3 Right to Erasure: You may request deletion of your personal data ("Right to be Forgotten") where we have no legal obligation to retain it.

9.4 Right to Restrict Processing: You may request that we limit how we process your personal data in certain circumstances.

9.5 Right to Data Portability: You may request your personal data in a structured, commonly-used, machine-readable format.

9.6 Right to Object: You may object to processing for marketing purposes and certain other legitimate interests.

9.7 Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us with details of your request.

10. Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of passwords (bcrypt or equivalent)
• Password-protected access controls
• Regular security audits and vulnerability assessments
• Firewalls and intrusion detection systems
• Secure backup and disaster recovery procedures
• Employee data protection training
• Use of third-party payment processors for card transactions

However, no security system is impenetrable. We cannot guarantee absolute security of all personal data.

11. Cookies and Tracking

Our website uses cookies and similar tracking technologies. Please see our Cookie Policy for more information about how we use cookies.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of third-party sites. We recommend reviewing their privacy policies before providing personal information.

13. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete such information and terminate the child's account.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective upon posting to our website. Your continued use of our services constitutes acceptance of the updated Privacy Policy. We will notify you of material changes via email.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: