DragonHost DragonHost
Legal

Privacy policy

DragonHost Last updated: March 17, 2026 Version 1.0
GDPR compliant
🔒
At DragonHost, protecting your personal data is a priority. This policy transparently explains what data we collect, why, and how we protect it. We never sell your data. Never.
Article 01

Introduction

This Privacy Policy describes how DragonHost (hereafter “we”, “our service”) collects, uses, stores, and protects the personal information of users of the platform available at dragon-host.com.

It applies to all DragonHost services: showcase website, management panel, API, and interactions through our Discord support server.

By using DragonHost, you acknowledge that you have read this policy and consent to the processing of your data as described below. If you do not accept these terms, please do not use our service.

Core principle: DragonHost collects only the minimum necessary for the service to function properly. We do not perform commercial profiling and never resell your data to third parties.
Article 02

Collected data

We only collect the data necessary for the service to operate, divided into three categories:

DataTypePurpose
Discord identifierRequiredAuthentication, account linking
UsernameRequiredDisplay in the panel, identification
Email addressOptionalImportant notifications, account recovery
IP addressTechnicalSecurity, abuse prevention, access logs
Login logsTechnicalSecurity, debugging, intrusion detection
Server console logsTechnicalDiagnostics, technical support
Usage metrics (CPU/RAM)TechnicalResource monitoring, abuse detection
Hosted filesRequiredBot execution — you remain the owner
Environment variablesOptionalBot configuration (tokens, API keys)
⚠ Tokens & secrets: Environment variables (Discord tokens, API keys…) are stored in the database. Although we apply reasonable security measures, we do not recommend storing critical secrets if you do not fully trust our infrastructure. Use minimal Discord permissions for your bots.
Article 03

Use of data

Collected data is used exclusively for the following purposes:

  • Provide and maintain the hosting service (start, stop, server monitoring).
  • Authenticate users and secure panel access.
  • Detect and prevent abuse, Terms violations, and malicious activity.
  • Provide technical support and respond to user requests.
  • Improve infrastructure stability and performance.
  • Send important notifications (maintenance, Terms updates, incidents).
  • Sell or rent your data to third parties.
  • Use your data for advertising or commercial profiling.
  • Access your hosted files except in case of technical necessity or an abuse report.
  • Share your data with commercial partners.
Article 04

Legal basis for processing

In accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679), each data processing operation is based on an identified legal basis:

  • Performance of the contract: processing of data necessary to provide the service (identifier, username, hosted files, metrics).
  • Legitimate interest: security logs, anti-abuse monitoring, attack prevention, and infrastructure protection.
  • Consent: optional email address and non-essential cookies. You may withdraw this consent at any time.
  • Legal obligation: retention of certain logs in case of a legal obligation or judicial request.
Article 05

Retention period

We retain your data only for as long as strictly necessary for the purposes described:

  • Account data: retained for the entire active life of the account, then deleted within 30 days after a deletion request.
  • Login & IP logs: retained for 90 days for security purposes, then automatically deleted.
  • Server console logs: retained for a rolling period of 7 days, not archived beyond that.
  • Usage metrics: aggregated and anonymized after 30 days.
  • Hosted files: deleted immediately when the server or account is deleted.
  • Inactive accounts: deleted after 90 days of inactivity with prior notice via Discord.
Deletion on request: You may request the immediate deletion of your account and all your data at any time through our Discord. Deletion is completed within a maximum of 30 days.
Article 06

Data sharing

DragonHost does not share your personal data with third parties for commercial purposes. The only cases where data may be transmitted are:

  • Hosting provider / infrastructure: our hosting provider (VPS server) physically hosts the data. This provider is bound by strict confidentiality obligations.
  • Legal obligation: in case of a valid judicial request issued by a competent authority, we may be required to disclose certain data. We will inform you where possible.
  • Infrastructure protection: in case of an attack or serious abuse, certain technical data (IP, identifiers) may be shared with security services or third-party hosts to block the threat.
Discord: Our support uses Discord. Support exchanges on our Discord server are subject to Discord’s privacy policy. Never share sensitive information (tokens, passwords) in a public Discord channel.
Article 07

Cookies & sessions

DragonHost uses a minimal number of cookies, all functional and necessary for the service:

  • PHP session cookie: stores your authentication session. Required to access the panel. Deleted when closing the browser or logging out.
  • Preference cookie: remembers certain interface settings (where applicable). Duration: 30 days.
  • Advertising or tracking cookies.
  • Social media or sharing cookies.
  • Third-party analytics tools (Google Analytics, etc.).
No tracking: DragonHost does not use any behavioral tracking tool. We do not know your browsing habits outside our platform.
Article 08

Data security

We implement reasonable technical and organizational measures to protect your data against unauthorized access, loss, or disclosure:

  • Secure HTTPS (TLS) connections for all web communications.
  • Isolation of user environments (separate containers).
  • Passwords hashed with secure algorithms (bcrypt or equivalent).
  • Infrastructure access limited to DragonHost team members.
  • DDoS protection across the entire network.
  • Active monitoring of anomalies and intrusion attempts.
⚠ No security is absolute: Despite our efforts, no system is infallible. In case of a data breach affecting your information, we will notify you within 72 hours in accordance with GDPR and take the necessary corrective measures.
Article 09

Your rights (GDPR)

As a user residing in the European Union or subject to GDPR, you have the following rights over your personal data:

👁
Right of access
Obtain a copy of all personal data we hold about you.
✏️
Right to rectification
Correct inaccurate or incomplete data concerning you.
🗑
Right to erasure
Request deletion of your account and all your data (“right to be forgotten”).
Right to restriction
Restrict the processing of your data in certain circumstances.
📦
Right to portability
Receive your data in a structured and machine-readable format.
🚫
Right to object
Object to processing based on our legitimate interest.

To exercise any of these rights, contact us through our Discord server. We will respond to your request within a maximum of 30 days.

Complaint: If you believe that the processing of your data does not comply with GDPR, you have the right to lodge a complaint with your national supervisory authority. In Belgium: Data Protection Authority (APD).
Article 10

Minors

DragonHost is available to users aged at least 13 years old, in accordance with Discord’s terms of service.

For users aged 13 to 18, consent from a parent or legal guardian is required to use the service. By registering, you certify that you have obtained this consent if you are a minor.

If we become aware that a child under 13 has created an account, we will immediately delete the account and all associated data.

Article 11

International transfers

DragonHost’s infrastructure is hosted on a VPS server located in France (European Union), ensuring that your data remains subject to the European legal framework and GDPR.

Our Discord support server is operated by Discord Inc. (United States). Exchanges on Discord are subject to their own privacy policy and the applicable EU-US data transfer agreements.

✓ Data in Europe: Your hosted data (files, database, logs) remains exclusively on our infrastructure located in France (OVH / equivalent). No transfer to third countries without your agreement.
Article 12

Policy changes

DragonHost reserves the right to modify this Privacy Policy at any time. Any change will be published on this page with an updated date at the top of the document.

  • Significant changes will be announced on our Discord server with at least 7 days notice.
  • Continued use of the service after a change constitutes acceptance of the new policy.
  • If the changes substantially affect your rights, we will contact you directly if we have your contact details.
Article 13

Contact & DPO

For any question regarding this Privacy Policy, to exercise your rights, or to report a problem related to your personal data, contact us exclusively through Discord:

Support & privacy questions:
https://discord.gg/S3B9wQ527a
Response within 24–72h on business days.

As DragonHost is a small independent service, we are not legally required to appoint a formal Data Protection Officer (DPO). However, every request related to the protection of your data will be handled with the same seriousness and within the deadlines required by GDPR.