Privacy Policy

1. Introduction

Galaxy Cloud Solutions LLC ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services at galaxycloudsolutions.com. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Name and contact information (email address, phone number)
• Billing information (processed securely through PayPal and Stripe)
• Account credentials (username, hashed password)
• Support communications and tickets
• Any other information you voluntarily provide to us

2.2 Information Collected Automatically

• IP addresses and connection logs
• Browser type and operating system
• Pages visited, actions taken, and time spent on our website
• Server resource usage associated with your account (CPU, RAM, disk, bandwidth)
• Device identifiers and configuration information
• Referring URLs and traffic sources
• Login history including timestamps and IP addresses for admin and client accounts
• Monthly bandwidth consumption per VM via network interface monitoring
• Outbound network connection rates and destination IP counts
• Disk I/O activity rates per VM

2.3 Automated VM Monitoring Data

As described in our Acceptable Use Policy, we operate automated monitoring systems on all customer VMs. In connection with this monitoring, we may collect and temporarily retain:

• Lists of running process names inside your VM (used solely for AUP enforcement)
• Outbound connection counts and destination IP address ranges
• Network traffic volume and rate data per VM interface
• Disk read/write activity rates
• IP reputation scores from third-party databases (AbuseIPDB)
• SSL certificate status for your assigned subdomain

Process names and connection data are used exclusively for AUP enforcement and are not shared with third parties except as required by law. This data is retained for a maximum of 90 days.

2.4 Referral Program Data

When you use additional features of our service, we collect and store the following data associated with your account:

• REST API tokens: A unique API authentication token is generated and stored for your account. This token is used to authenticate programmatic access to your VPS resources. You may regenerate this token at any time.
• SSH IP allowlist: If you configure IP restrictions for SSH access to your VM, we store the IP addresses and CIDR ranges you specify along with optional labels you provide.
• Firewall rules: Custom inbound firewall rules you configure via the client portal are stored and applied to your VM. This includes port numbers, protocols, actions (allow/deny), and source IP addresses.
• Block storage volumes: Metadata about block storage volumes attached to your VM is stored, including volume size, device assignment, label, and pricing information. The contents of your block storage volumes are not accessed or stored by us.
• Anomaly detection baselines: We maintain statistical baselines of your VM's normal resource usage (CPU, RAM, network, disk I/O, system load) calculated from historical Prometheus metrics. These baselines are used exclusively to detect unusual activity that may indicate abuse, compromise, or runaway processes.
• Log aggregation: We collect and retain system logs from our management infrastructure via Loki log aggregation. This includes Nginx access logs, application logs, and monitoring script logs. Customer VM logs are not collected. Aggregated logs are retained for 30 days on a rolling basis.
• Auto-snapshot schedules: If you configure automated snapshot schedules, we store your preferences including frequency (hourly/daily/weekly) and retention count.

If you participate in our referral program, we collect and store:

• Your unique referral code
• The identity of customers who sign up using your referral code
• Referral conversion status and credit history

2.5 Information from Third Parties

• Payment verification information from PayPal and Stripe
• Analytics data from Google Analytics
• Advertising data from Google Ads

3. How We Use Your Information

• Provision and manage your hosting services
• Process payments and send invoices (including automated PDF invoice generation)
• Communicate with you about your account and services
• Send automated service emails including welcome emails, follow-up emails, bandwidth warnings, suspension notices, and re-engagement emails
• Provide customer support
• Detect and prevent abuse, fraud, and policy violations via automated monitoring
• Monitor and enforce compliance with our Acceptable Use Policy including automated suspension
• Track and enforce monthly bandwidth limits per your plan
• Generate monthly business metrics reports (aggregate, anonymized internally)
• Administer our referral program including tracking conversions and issuing credits
• Send maintenance and downtime notifications
• Improve our website and services
• Send service-related announcements and updates
• Comply with legal obligations
• Respond to law enforcement requests

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. We use:

• Essential cookies — required for our website and client portal to function, including session management and authentication
• Analytics cookies — Google Analytics to understand how visitors use our website (you can opt out at tools.google.com/dlpage/gaoptout)
• Advertising cookies — Google Ads to measure the effectiveness of our advertising campaigns

Most browsers allow you to control cookies through their settings. Disabling essential cookies may affect the functionality of our services.

5. Data Sharing

We do not sell your personal information. We may share your information with:

• Payment processors — PayPal and Stripe to process transactions
• Analytics providers — Google Analytics and Google Ads for website analytics and advertising measurement
• Law enforcement — when required by valid legal process including subpoenas, court orders, or search warrants
• Service providers — third parties who assist us in operating our business, under confidentiality agreements
• Business transfers — in connection with a merger, acquisition, or sale of assets

6. International Data Transfers

Galaxy Cloud Solutions LLC is based in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our services, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

7. Data Retention

We retain your account information while your account is active. Upon termination, data is retained for up to 90 days for legal and billing purposes, then deleted. We may retain certain information longer if required by law or for legitimate business purposes.

8. Data Security

2.6 Portal Usage Data

When you use our client portal, we collect and store records of actions you perform including VM control actions (reboot, shutdown, start), snapshot creation, password resets, plan upgrades, OS reinstalls, and dashboard views. This data is associated with your account and used to improve our services, identify feature usage patterns, and provide accurate account history. Portal usage data is retained for the duration of your account plus 90 days after closure.

2.7 Uptime & Performance Data

We track daily uptime status for each customer VM and calculate monthly uptime percentages. This data is used to monitor service quality, generate monthly resource reports sent to customers, and identify VMs experiencing availability issues. Uptime data is retained for 90 days on a rolling basis.

2.8 Automated Email Communications

We send automated emails as part of our service including onboarding sequences (day 1, 3, 7, 14), payment reminders (day 3, 5, 7 past due), bandwidth and resource alerts, monthly resource reports, upgrade recommendations, suspension notices, and re-engagement emails. A full description of automated communications is available in Section 8b of our Terms of Service. These communications are sent to the email address associated with your account.

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted communications (SSL/TLS), hashed passwords, and access controls. However, no method of internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.

8a. Automated Decision-Making

We use automated systems to make enforcement decisions including VM suspension. These decisions are made based on objective thresholds described in our Acceptable Use Policy and Terms of Service (e.g., bandwidth usage exceeding 100% of plan allocation, prohibited processes detected, network traffic exceeding defined limits). You will receive an email notification for every automated suspension explaining the specific trigger and how to resolve it.

If you believe an automated suspension was made in error, please contact us at [email protected] for manual review. We will review and respond within 24 hours.

9. Your Rights

You have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate or incomplete information
• Deletion — request deletion of your personal information, subject to legal retention requirements
• Opt-out — opt out of non-essential communications at any time
• Data portability — request your data in a portable format

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your CCPA rights, contact us at [email protected].

11. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website at least 14 days before the changes take effect. Continued use of our services after notification constitutes acceptance of the updated policy.

13. Contact Us

Privacy questions or requests: [email protected]

Galaxy Cloud Solutions LLC | Valley City, North Dakota | galaxycloudsolutions.com