Website Hosting & Data Protection Terms

/

Website Hosting & Data Protection Terms

These Website Hosting & Data Protection Terms apply when you host your website through KPFdigital’s managed hosting service. They work together with your signed project agreement and any separate maintenance agreement.

If there is any conflict between these terms and a signed agreement, the signed agreement will control, including its limitation of liability and indemnification sections.

1. How Our Hosting Works

  • KPFdigital provides managed hosting by reselling hosting accounts on infrastructure operated by Verpex.
  • Your site runs on Verpex servers, and Verpex’s core Terms of Service and Acceptable Usage Policy (AUP) apply to your hosting account.
  • KPFdigital may also use trusted third-party services such as Cloudflare for DNS and firewall protection, and providers such as Zeptomail or Brevo for outbound transactional email delivery. These services operate only as needed to support your website.
  • KPFdigital manages setup, configuration, migrations (when included), and ongoing technical support as described in your agreement or maintenance plan.

You remain the owner of your website content. KPFdigital and its infrastructure partners provide the environment it runs on.

2. Acceptable Use and Content Restrictions

Because your site runs on Verpex servers, you must follow Verpex’s Acceptable Usage Policy (AUP) and content rules. (https://verpex.com/acceptable-usage-policy)

  • Your site and use of the service must be legal in your country, in the server location, and under UK, US, or EU law.
  • You may not host phishing sites, malware, or other clearly harmful or abusive content.
  • Certain categories such as warez, bulk mailing, audio or “tube” style video streaming, some bots, and some regulated industries may be restricted or forbidden unless Verpex has given explicit approval in advance.
  • Using the hosting as a pure offsite backup or file-dump service is not allowed.
  • Verpex may limit email sending volume or block messages that cause abuse or risk to the platform.

If Verpex suspends or terminates a hosting account for AUP violations, KPFdigital is required to follow their decision. You are responsible for making sure your site and use of the hosting service comply with these upstream rules.

3. Shared Security Responsibilities

3.1 KPFdigital responsibilities

  • Configure the hosting environment for your site based on current best practice for typical WordPress sites.
  • Use commercially reasonable measures to protect your site against common threats such as brute force attacks and basic exploits.
  • Apply software updates and security patches to WordPress core, themes, and plugins as described in your maintenance plan.
  • Coordinate with Verpex support when server-side actions or investigations are required.

KPFdigital relies on Verpex for underlying network, datacenter, hardware, and platform-level security.

Your website is built on WordPress and may use third-party plugins, themes, and connected services. These tools are developed and operated by their respective providers and may communicate with external systems as part of their normal function. KPFdigital does not control the availability, security, data handling, or continued operation of any third-party software or connected service, and the Client is responsible for complying with any terms or licensing required by those providers.

3.2 Client responsibilities

  • Using strong, unique passwords for WordPress and any related accounts.
  • Limiting admin access to people who genuinely need it.
  • Not installing unlicensed, unsupported, or suspicious plugins, themes, or custom code without review.
  • Informing KPFdigital promptly if you see suspicious activity or receive notices about abuse, phishing, or compromised accounts.

If you or a third party add software or integrations that introduce security issues, remediation work may be billed at KPFdigital’s standard rates unless covered in a separate agreement.

4. Data Retention, Backups, and Deletion

4.1 Operational data and backups

  • Verpex maintains server-level backups and logs according to its own systems and schedules. These may change over time as Verpex adjusts platform policies.
  • KPFdigital may also maintain additional backups or snapshots for working purposes and disaster recovery.

Backups are intended to help restore service after a failure or incident. They are not a long-term archive. You should keep your own independent copies of any critical content or data.

4.2 Retention periods

  • Server logs, database backups, and file backups are typically retained for a limited period, then automatically rotated or deleted by the hosting platform.
  • KPFdigital does not guarantee that any specific backup will exist or be usable for a specific date unless explicitly agreed in writing.

4.3 Termination and data deletion

When you move away from KPFdigital hosting or terminate services:

  • KPFdigital will remove locally stored working copies of your site and configuration files within a reasonable period, except where needed for legal, billing, or dispute-resolution purposes.
  • Data on Verpex systems will be removed according to Verpex’s standard processes once the account is closed.
  • On written request before deletion, KPFdigital can usually provide an export of your site files and database. Standard migration or export fees may apply if this work is not already included in your agreement.

Nothing in this section changes the limitation of liability in your master agreement.

5. Security Incidents and Data Breaches

A “security incident” means suspected or confirmed unauthorized access, use, disclosure, alteration, or destruction of data related to your hosted site.

5.1 Detection and investigation

  • Server logs and monitoring tools.
  • Warnings or tickets from Verpex.
  • KPFdigital’s manual review.
  • Reports from you or your users.

KPFdigital will investigate incidents that come to its attention and may coordinate with Verpex and other vendors as needed.

5.2 Response actions

  • Temporarily disable parts of your site or your hosting account to contain the issue.
  • Reset passwords and recommend that you reset credentials for affected services.
  • Restore from a recent backup if appropriate and available.
  • Remove or disable insecure code, plugins, or themes where feasible.
  • Work with Verpex to address any platform-level issues.

5.3 Notification

If KPFdigital confirms a data breach that affects your site or data, you will be notified without undue delay after confirmation, typically within 72 hours where practicable.

You are responsible for deciding whether to notify end users, regulators, or other parties, and for sending any such notices.

6. E-Commerce and Payment Processing

If your website processes online payments:

  • KPFdigital does not store, process, transmit, or have access to customers’ credit card numbers or sensitive payment data.
  • All payment information entered on your website is handled directly by third-party payment processors such as Stripe using secure, PCI-compliant connections.
  • Your business remains responsible for maintaining any required PCI compliance for your operations, including proper configuration of your payment gateway.
  • Your website hosting account is not intended for storing any sensitive authentication data, and such data must never be sent through email, contact forms, or stored within WordPress.

7. Confidentiality and Privacy

Your existing project agreement already includes a Confidential Information clause. That clause governs how confidential information is protected and continues to apply to hosting and support work.

KPFdigital will only use your confidential information, including credentials and business data, as needed to provide agreed services or as required by law.

KPFdigital may share necessary information with Verpex or other service providers strictly to deliver hosting and related services.

For user-facing privacy notices and cookie banners on your site, you are the data controller. You are responsible for providing any required privacy policy and disclosures to your visitors.

8. Data Subject Rights Requests

  • You are the controller of the data collected through your website.
  • If an individual contacts KPFdigital directly about access, deletion, or other rights related to your site, KPFdigital will, where possible, direct them to you and notify you.
  • On your written instructions, KPFdigital can assist with locating, exporting, or deleting specific records, such as WordPress user accounts or form submissions, where technically feasible.
  • Work beyond normal maintenance may be billed at standard rates unless covered in another agreement.

9. Changes to These Hosting Terms

KPFdigital may update these Website Hosting & Data Protection Terms from time to time to align with changes to Verpex policies, hosting platform behavior, new security practices, or legal requirements.

When material changes are made, KPFdigital will update the “last updated” date on this page. Continued use of KPFdigital hosting after changes are posted will mean you accept the updated terms.