Privacy Policy

1. Who we are

This Privacy Policy describes how RareSRV, a Rare Media Group brand ("RareSRV," "we," "us"), collects and uses personal information in connection with our website at raresrv.com and our hosting, web design, Discord bot hosting, and email services (the "Services"). Our mailing address is 30 Pine Trl., Harpers Ferry, WV 25401.

For purposes of California privacy law, RareSRV is a "business." For other U.S. state privacy laws, we act as a "controller" of the personal information we collect from visitors and customers.

2. What we collect

We only collect information we need to create your account, deliver the Services, keep the infrastructure safe, and comply with the law.

Information you give us

• Account information. Name, business name (optional), email address, mailing address, phone number (optional), and account password hash.
• Billing information. Card brand, last four digits, and expiration date, stored by our payment processor. We do not store full card numbers on our servers.
• Support communications. Messages you send through our contact form, support tickets, or email.
• Customer Content. Files, databases, code, emails, and other content you upload to or transmit through the Services. We treat Customer Content as confidential and do not access it except to provide the Services, respond to your requests, or comply with the law.

Information collected automatically

• Usage and device data. IP address, browser type and version, operating system, pages viewed, referrer, and timestamps. Collected in web-server and application logs.
• Cookies and similar technologies. Session cookies and login cookies for the client area. No third-party advertising trackers. See Cookies below.
• Server and security logs. Authentication events, mail logs, abuse-related logs, and rate-limit events, for security and operations.

Information from third parties

• Payment processor. Transaction results, fraud-risk signals, and payment-method metadata from our processor.
• Abuse feeds and blocklists. IP-reputation data from industry sources used to block spam and attacks.

3. How we use it

We use personal information for these purposes:

• Creating and managing your account.
• Providing the Services you have ordered, including provisioning servers, mailboxes, and bots.
• Processing payments and preventing fraud.
• Responding to support requests and communicating about your account.
• Sending service notices (billing, security, scheduled maintenance, material changes to the Services or these policies). These are transactional and you cannot opt out while the account is active.
• Sending occasional product updates, if you have opted in. You can opt out at any time using the link in any such email.
• Keeping the infrastructure secure, detecting abuse, and preventing violations of our Acceptable Use Policy.
• Complying with legal obligations, including tax, accounting, and responses to valid legal process.

4. Who we share it with

We share personal information only with the following categories of recipients:

• Service providers (sub-processors) acting on our behalf, under written contracts, including our payment processor (Stripe or equivalent), our billing platform (WHMCS), our datacenter provider, our transactional email provider, and our DNS and CDN providers.
• Legal and safety recipients, such as law-enforcement agencies, courts, or other parties, when we have a good-faith belief that disclosure is required by law or necessary to protect rights, property, or safety.
• NCMEC, for reports of apparent child sexual abuse material as required by 18 U.S.C. §2258A.
• Corporate transactions, such as a merger, acquisition, financing, or sale of assets. If that happens, we will post a notice in the client area and by email before any transfer of your information.

We do not share your information with advertisers.

5. We do not sell or share for cross-context advertising

We do not sell personal information as "sell" is defined under the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), or the Utah Consumer Privacy Act (UCPA). We do not share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than providing the Services.

6. Retention

We keep personal information only as long as we need it:

• Account records while your account is active, plus up to 7 years after closure for tax and accounting records that we are required to keep.
• Customer Content for the duration of your subscription and for a grace period (typically 30 days) after termination, to allow restoration if you return.
• Server and security logs for up to 90 days, longer if needed to investigate a specific abuse or security incident.
• Support tickets for up to 3 years for quality and training.
• Backups rotate on a schedule described on the Hosting page. Deleted data may persist in encrypted backups until the next rotation.

7. Security

We take reasonable and appropriate technical and organizational measures to protect personal information against unauthorized access, loss, or disclosure. These include encryption of data in transit (TLS), encryption of backups, access controls with least privilege, audited admin access, network isolation, and regular patching. No system is perfect, and we cannot promise absolute security.

We comply with the data-security requirements of the New York SHIELD Act (N.Y. Gen. Bus. Law §899-bb) for private information of New York residents. If a security breach affects your information, we will notify you and applicable authorities as required by law.

8. Your rights

Depending on where you live, you may have the right to:

• Know what personal information we have collected about you and why.
• Access a copy of that information in a portable format.
• Correct inaccurate information.
• Delete information we are not required to keep.
• Opt out of certain uses (see sections below for details).
• Not be retaliated against for exercising these rights.

To exercise any of these rights, email abuse@raresrv.com from the address on your account, or open a ticket from the client area. We will verify your identity before acting on a request and respond within the time the applicable law requires (generally 45 days). There is no fee for most requests. You can authorize an agent to submit a request on your behalf; we may ask for written proof.

9. California residents (CCPA / CPRA)

If you are a California resident, you have the rights listed in Section 8 above. The categories of personal information we have collected in the last 12 months map to the CCPA categories as follows:

• Identifiers (name, email, postal address, IP address, account ID).
• Customer records (billing address, payment-method metadata).
• Commercial information (orders, invoices, subscriptions).
• Internet or network activity (log files, session data).
• Professional information (business name, if supplied).

We have not sold or shared personal information in the preceding 12 months and do not intend to. We do not knowingly collect personal information from minors under 16.

To submit a CCPA request, email abuse@raresrv.com. We will not discriminate against you for exercising your rights.

10. Virginia, Colorado, Connecticut, Utah, and other states

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), or another state with a comprehensive privacy law, you have the rights listed in Section 8 above, subject to exceptions in the applicable law. You can appeal our decision on a privacy request by replying to our response with the word "appeal." If we deny the appeal, Virginia and Colorado residents may contact their state attorney general.

11. New York residents

New York does not currently have a comprehensive consumer privacy law, but the New York SHIELD Act imposes data-security obligations on anyone who owns or licenses the private information of New York residents. We comply with those obligations through the measures described in Section 7. New York residents can exercise rights under Section 8 by contacting us at abuse@raresrv.com.

12. Children's privacy

The Services are not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, email abuse@raresrv.com and we will delete it. Consistent with the Children's Online Privacy Protection Act (COPPA) and state laws, we do not target or profile minors.

13. Cookies and similar technologies

We use a small number of cookies:

• Strictly necessary. Session and login cookies for the client area. The site does not function without these.
• Security. Anti-CSRF tokens and rate-limiting identifiers.

We do not use third-party advertising cookies, analytics that track you across sites, or fingerprinting. If we ever add analytics, we will choose a privacy-respecting provider and update this policy first.

You can block or delete cookies through your browser settings. Some features of the client area will not work without them.

14. International users

The Services are operated from the United States. If you access the Services from outside the U.S., your information will be transferred to, processed, and stored in the U.S., which may have different data-protection rules than your country. By using the Services, you consent to that transfer.

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will post a notice in the client area and email the address on your account before the change takes effect. The "Last updated" date at the top reflects the most recent revision.

16. Contact