Privacy Policy

We follow the principle of minimum necessity — collecting only the information strictly required to provide the service, and explicitly refusing any data collection beyond operational scope. The specific scope of what we collect includes and is limited to:

• 📧Account credentials:The email address you provide during registration, and a one-way bcrypt-hashed digest of your password (we cannot recover your original password and have no need for it).
• 💳Payment transaction summary:Payments are processed by licensed institutions such as Stripe. We retain only the order number, transaction status, and amount summary —we do not hold full card numbers, CVV codes, or bank account information.
• 📡Infrastructure health telemetry:Device power state, total network bandwidth throughput, and public IP allocation records — entirely outside the OS layer, used solely to uphold SLA commitments, with no relation to your application data.
• 🛡️Security protection logs:Source IP addresses and timestamps recorded by the WAF firewall, retained for no longer than 90 days for DDoS mitigation and malicious scan prevention — not used for user behavior profiling or commercial analytics.

✅ We explicitly commit tonot collecting application runtime data, screen content, keyboard input, or any device usage behavior from within your instance.

We strictly limit the above data to the following automated operational scenarios. No data is used for commercial marketing analytics, user profiling, or any third-party monetization:

• 🚀Completing fully automated VPS instance allocation, system initialization, and secure SSH credential delivery — enabling the instant "order-to-use" experience.
• 🧾Executing periodic billing charges (daily/weekly/monthly/quarterly), generating electronic invoices, and sending renewal reminder notifications.
• 🎧When you request technical support through the ticket system, the engineering team uses account information to verify ownership, enabling faster diagnosis and resolution of underlying network or power issues.
• 🔍Identifying and filtering malicious network traffic from compromised nodes to protect the network quality of all users on the shared backbone switch environment.

🚫 We do not transmit user data to any advertising platform or data analytics provider. The console does not embed any third-party tracking scripts or behavioral data collection SDKs.

We share minimal data only under the following three strictly limited circumstances:

• 💳Licensed payment processors:Only an order identifier is passed to compliant payment institutions such as Stripe to execute the charge. Payment processors cannot access your instance usage content or any device information.
• 🔧On-site data center engineers:When performing special hardware operations, on-site engineers are given only a rack location number — no customer account or identity information is involved.
• ⚖️Legally mandated disclosure:Upon receiving a legally valid judicial assistance request, we disclose only the minimum information required by law and notify the user at the earliest opportunity permitted by law.

🚫 We do not connect to any ad networks, do not use third-party Analytics SDKs, and do not embed any external tracking scripts in the console.

We treat the account management system as a core asset at the same level as the physical data center, with continuous investment in the following technical security layers:

• 🔐All data transmission between the console and API endpoints is enforced with TLS 1.3 encryption. All downgrade connection attempts are rejected.
• 🗝️User passwords are stored using bcrypt + high-entropy random salt scheme for irreversible hash storage. Even in the event of a database breach, attackers cannot recover plaintext passwords.
• 🖥️The core billing database and account systems are deployed within aprivate VPC isolated subnet. Direct public internet access is prohibited. Access is controlled by strict RBAC policies, and all operations produce full audit logs.
• 📷The data center facility is equipped with 24-hour video surveillance and biometric access control. Unauthorized personnel cannot access any cabinet area housing customer equipment.
• 🔍Regularthird-party security audits are conducted on infrastructure systems, with a responsible vulnerability disclosure mechanism in place to ensure security issues are prioritized and addressed within 48 hours.

We believe data sovereignty belongs to the user. The following rights can be exercised at any time, free of charge:

• 📥Access and export:In the console Billing & Finance module, you can self-service query and export all billing, order, and configuration history at any time — no customer service contact required.
• ✏️Modify and correct:Update your contact email and account information at any time in Account Settings. Changes take effect immediately.
• 🔕Unsubscribe:Disable auto-renewal at any time from the console. Daily billing orders are one-time charges with no automatic deductions.
• 👋Account deletion and right to be forgotten:To permanently delete your account, submit a request via ticket and release all instances. We will then permanently and irrecoverably delete your account data from all production systems within 30 days. Deletion is irreversible — please back up any data you need before confirming.

✅ KVMNODE does not restrict you from exercising any of these rights, and no fee is charged. If you encounter a technical issue, please contact the support team via ticket.

This policy will be continuously updated as the business evolves and regulations change.Material changes (involving changes to data sharing scope or user rights) will be notified to you via your registered email address 14 days in advance. Non-material wording or formatting adjustments will be published and take effect directly.

Continued use of the service constitutes acceptance of the most recent version of this policy. If you disagree with the updated policy, please discontinue use of the service before it takes effect and submit an account deletion request.

If you have any questions about this policy or wish to exercise any of the rights described above, please contact us through the following channels: