Privacy Policy

Effective date: August 22, 2025
Legal entity: Pacific Net West, LLC (“Pacific Net West”, “we”, “us”, or “our”)

At a glance

  • We use personal information to operate our website and deliver hosting, domain, email, and related services.
  • For customer content (e.g., websites, emails, databases) we act as a service provider / processor. For our own website and account/billing data we act as a controller.
  • We do not sell personal information and we do not use customer content for advertising.

This Privacy Policy describes how we collect, use, disclose, and protect information when you visit pacificnetwest.com (the “Site”) and when you use our products and services (collectively, the “Services”).

If you are a customer of our Services, our Data Processing Addendum (DPA) governs our processing of personal information in customer content as a processor/service provider. You can request our DPA at privacy@pacificnetwest.com.

1) Scope & Roles

  • Controller role. We are the controller for personal information we collect about Site visitors, account holders, and billing/communications contacts.
  • Processor / Service Provider role. For customer content processed through our Services (e.g., websites you host with us, emails you send/receive, DNS and domain settings), we process data on your instructions and as set out in the DPA.

2) Information We Collect

A. Information you provide to us

  • Account & profile: name, organization, email, phone (optional), authentication credentials, support PINs, and preferences.
  • Billing: billing address, tax IDs, purchase history. Payment card details are processed by our payment processor; we do not store full card numbers.
  • Domains: registrant/admin/technical contact details required by registrars/registries (name, address, email, phone) and DNS records you configure.
  • Support: content of tickets, screenshots, logs you choose to send us, and call/chat recordings if you consent.

B. Information we collect automatically

  • Service logs: IP address, timestamps, user agent, pages/screens viewed, referring URL, and basic device information.
  • Infrastructure logs (hosting/email/DNS): connection metadata (IP, ports, protocol, message IDs), sender/recipient addresses, message routing outcomes, spam/virus filter results.
  • Cookies and similar technologies: used for session management, security (e.g., CSRF), preferences, and limited analytics (see Cookies below).

C. Information from third parties

  • Payment processors (e.g., transaction confirmations, fraud screening results).
  • Domain registrars/registries (e.g., registration status, transfer tokens, WHOIS/RDAP data as required by ICANN policies).
  • Vendors that provide anti‑abuse, security, or analytics services.

Customer Content: Files, databases, emails, and other content you host with us may contain personal information about you or your end users. We process this only to provide the Services and as directed in the DPA. You are responsible for providing legally sufficient privacy notices to your end users.

3) How We Use Information (Controller)

We use personal information to:

  1. Provide and maintain the Services, including account creation, authentication, and customer support.
  2. Process transactions and manage billing, subscriptions, refunds, and accounting.
  3. Secure the Services, detect/prevent abuse and fraud, and enforce our terms and acceptable use policies.
  4. Communicate with you about service updates, invoices, incidents, and changes to terms or policies. You can opt out of non‑essential marketing emails.
  5. Analyze and improve our Site and Services (e.g., performance monitoring, capacity planning, quality assurance) using aggregated or de‑identified data where possible.
  6. Comply with law and exercise legal claims or defend our rights.

We do not use customer content for advertising or model training, and we do not sell personal information.

4) Cookies & Analytics

  • Essential cookies: required for login/session security and preferences. You cannot opt out of these without affecting service functionality.
  • Analytics: we may use privacy‑respecting, first‑party analytics to understand Site usage in aggregate. If we use a third‑party analytics provider, it will be listed in our subprocessors list and configured without cross‑site tracking where feasible.
  • Your choices: you can control cookies via your browser settings. If we deploy a consent banner, your preferences will be honored accordingly.

5) Email & Messaging Through Our Services

If you use our email hosting/relay features:

  • Transport: messages are transmitted using industry‑standard encryption in transit where supported by counterparties (e.g., TLS).
  • Filtering: we scan message metadata and content automatically for spam/virus/abuse detection. This is not human review, except when required to investigate abuse, security incidents, or troubleshoot with your explicit request.
  • Retention: we retain server logs and quarantined/spam artifacts for limited periods for security and reliability. Mailbox contents are retained according to your account settings; deleted items may persist in backups for a limited time.

6) Domains, Registrars & WHOIS/RDAP

When you register or transfer a domain via us:

  • We collect and share registrant/admin/technical contact details with the accredited registrar and relevant registry as required by ICANN policies and applicable law.
  • Public WHOIS/RDAP publication is subject to registry policy and privacy/proxy services; we will offer redaction or proxy where available.
  • We may contact you regarding ICANN‑mandated verification and renewal notices. Failure to respond may affect domain status.

7) Legal Bases (EEA/UK)

Where GDPR applies, our processing relies on one or more of the following legal bases: contract performance, legitimate interests (e.g., securing and improving Services), legal obligation, and consent where required (e.g., optional marketing or non‑essential cookies).

8) Sharing & Disclosures

We disclose personal information to:

  • Service providers / subprocessors who assist with infrastructure, networking, storage, email delivery, DDoS protection, analytics, payments, and customer support—bound by confidentiality and data protection terms.
  • Domain registrars/registries and anti‑abuse providers as required for domain lifecycle management.
  • Authorities when required by law or to protect rights, safety, and security, subject to applicable legal process.
  • Business transfers in connection with a merger, acquisition, or sale of assets (we will notify you of material changes to control).

We do not provide personal information to third parties for their own marketing.

9) Data Retention

We retain personal information only for as long as necessary to provide the Services, comply with legal obligations (e.g., tax/audit), resolve disputes, and enforce agreements. Backup copies are deleted or anonymized on a rolling schedule.

10) Security

We employ technical and organizational measures designed to protect personal information, including encryption in transit, network segmentation, access controls, logging/monitoring, and regular backups. No system is perfectly secure; please protect your credentials and notify us immediately of any suspected unauthorized access.

11) International Transfers

We may process information in the United States and other countries where we or our providers operate. Where required, we use appropriate safeguards for cross‑border transfers (e.g., Standard Contractual Clauses and additional measures). Details are available in our DPA upon request.

12) Your Privacy Rights

Depending on your location, you may have rights to:

  • Access and port your data;
  • Correct inaccurate data;
  • Delete your data;
  • Object to or restrict certain processing; and
  • Withdraw consent where processing is based on consent.

You (or your authorized agent) can exercise these rights by contacting privacy@pacificnetwest.com. We may need to verify your identity and may refer requests about customer content to the relevant customer (the controller).

California (CCPA/CPRA) Notice

  • Notice of collection: we collect identifiers (e.g., name, email, IP), customer records (billing), commercial information (purchases), Internet/network activity (logs), and in limited cases sensitive information (account logins). We collect these for the purposes described above.
  • No sale/share: we do not sell or share personal information as defined by CPRA, and we do not use or disclose sensitive personal information for purposes other than those permitted by law (e.g., to provide the Services and ensure security).
  • Your rights: access, correction, deletion, portability, and to limit the use/disclosure of sensitive personal information (where applicable). We will not discriminate against you for exercising your rights.

EEA/UK Residents

You have the rights listed above and the right to lodge a complaint with your local supervisory authority. Our lead contact for GDPR inquiries is via privacy@pacificnetwest.com.

13) Children’s Privacy

Our Site and Services are not directed to children under 13 (or the age defined by your local law). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us to request deletion.

14) Third‑Party Links & Services

The Site may link to third‑party websites or services. Their privacy practices are governed by their own policies; we are not responsible for their content or practices.

15) Changes to This Policy

We may update this Policy from time to time. The “Effective date” at the top indicates the latest revision. Material changes will be communicated via email or prominent notice on the Site.

16) Contact Us

Pacific Net West, LLC
Walla Walla, Washington, USA
Email: info@pacificnetwest.com

Annex A: Service Provider / Processor Disclosures

When acting as a processor/service provider under a DPA:

  • We process personal information solely on your documented instructions and for the permitted purposes.
  • We impose confidentiality, security, and data protection obligations on our personnel and subprocessors.
  • We assist with data subject requests and incident notifications as required by the DPA.
  • We enable audits or provide reports/certifications as specified in the DPA.
  • We delete or return personal information at the end of the Services, subject to lawful retention.

Subprocessors: We maintain a list of infrastructure and support providers used to deliver the Services (e.g., data centers, registrars, email delivery, payment processing). On request, we’ll provide the current list and advance notice of material changes as required by the DPA.