Legal

Privacy Policy

Last updated: June 17, 2026.

Overview

LYLIX, LLC. ("LYLIX", "we", "us", or "provider") values the privacy of our customers ("you", "user", or "end-user") — current, former, and prospective — and the visitors to our website. This Privacy Policy explains what information we collect, how we use and retain it, who we share it with, and the rights you have over it.

We do not sell personal information. We do not trade in personal information. We disclose personal information only as needed to deliver our services, comply with the law, or protect our customers and our network.

Information we collect

To provide hosting services and operate this site, we collect the following categories of information:

Account & billing information

  • Name, business name (if applicable), physical address, email address, telephone number.
  • Login credentials for the customer portal (hashed; we never have access to your plaintext password).
  • Payment information — processed by a third-party merchant gateway. We retain limited records (card brand, last four digits, billing address) for invoicing and dispute handling; we do not store full card numbers, CVV codes, or bank account credentials on our systems.
  • Tax identifiers (where required for invoicing or compliance).

Service operation data

  • Information you provide when ordering or managing a server: hostnames, public SSH keys you upload, configuration choices, IP allocations, and similar.
  • Support ticket contents, knowledgebase comments, and other written correspondence.
  • Service usage metrics (CPU, memory, network, and disk telemetry) collected from the hypervisor — aggregate operational data, not the contents of your VPS.

Website & portal usage

  • IP address and approximate geolocation derived from it.
  • Browser and device type, operating system, referrer, pages visited, and time spent on each page.
  • Cookies set by us for session management and basic analytics. We do not currently use third-party advertising cookies.
  • Email engagement (opens and clicks) when we send service notifications and announcements.

Identity verification (when applicable)

To comply with merchant gateway requirements or to investigate suspected fraud, we may request copies of personally-identifying documents (government ID, utility bill, etc.). When requested, this information is transmitted over encrypted channels only, retained only as long as needed for verification, and stored according to industry compliance standards.

What we do not collect

  • The contents of your VPS — files, databases, application data, customer records you store on your VPS — remain yours. We do not inspect or index them in the ordinary course of business.
  • The contents of email or other communications transiting our network, except as required to ensure proper service operation or as compelled by law.
  • Biometric data, precise GPS location, or special-category personal data.

How we use information

We use the information we collect to:

  • Provision, operate, and bill for the services you ordered.
  • Authenticate you and protect your account from unauthorized access.
  • Send service-related communications (account confirmations, invoices, maintenance notifications, security alerts).
  • Provide customer support and respond to your inquiries.
  • Monitor for, prevent, and investigate abuse, fraud, and security incidents on our network.
  • Improve our website and services based on aggregate usage patterns.
  • Comply with legal obligations (tax records, lawful requests from authorities, etc.).
  • Send marketing communications about our own services — you can opt out of these at any time by clicking unsubscribe or opening a support ticket; opting out of marketing does not affect service-essential communications.

Who we share information with

We share personal information only with service providers and counterparties that need it to support our operation, and only to the extent necessary. The categories of third parties we work with include:

  • Payment processor. Card and bank-transfer payments are handled by a PCI-compliant merchant gateway. We share billing name, address, and payment-instrument details with the gateway; the gateway returns transaction outcomes and tokenized references that we store in your account.
  • Billing platform. We operate our customer portal on a commercial billing platform (WHMCS) hosted on infrastructure we control. Your account data lives on our systems; the vendor does not have routine access.
  • Datacenter / colocation provider. The hypervisors that host your VPS run in a third-party datacenter facility under a colocation agreement. The facility operator has physical access to the hardware but does not have logical access to customer systems or data in the ordinary course of business.
  • Upstream network providers. Internet transit and IP space are provided through carrier and cloud-infrastructure partners. Reverse-DNS / PTR records you configure through the portal are written to the upstream provider's DNS infrastructure via API.
  • Email delivery. Account, billing, and support emails are sent through commodity SMTP infrastructure on our systems; we do not currently use third-party transactional email services.
  • Professional advisors. Legal counsel, accountants, and auditors as needed, under confidentiality obligations.
  • Law enforcement and government authorities. When compelled by valid legal process (subpoena, court order, warrant) or when we believe in good faith that disclosure is necessary to prevent imminent harm. We will notify the affected customer where lawfully permitted.

We do not sell personal information. We do not share personal information with advertising networks. We do not provide personal information to data brokers.

Data retention

We retain personal information only as long as needed for the purpose it was collected, plus any period required by law:

  • Active accounts: account, contact, billing, and support data is retained while your account remains open.
  • Cancelled accounts: contact and billing records are retained for up to seven (7) years after cancellation for tax, accounting, and audit purposes. Support ticket archives are retained for the same period. Server snapshots and customer VPS data are deleted in accordance with our Terms of Service and are not recoverable after cancellation.
  • Identity verification documents: deleted after verification completes, unless a fraud investigation is ongoing.
  • Server logs and operational telemetry: retained on a rolling basis (typically 30-90 days for system logs, longer for security-relevant events).

Security

We use industry-standard security measures to protect personal information, including:

  • TLS encryption for the customer portal, this website, and email transport where supported.
  • Bcrypt-hashed passwords; we never store or have access to your plaintext credentials.
  • Access controls on internal systems, with administrative access limited to staff who need it.
  • Encrypted storage of sensitive fields in our billing database.
  • Network monitoring for unauthorized access attempts and abuse patterns.

No system is perfectly secure. If we discover a security incident affecting your personal information, we will notify you and applicable authorities as required by law.

Your rights

Regardless of where you live, you may:

  • Access the personal information we hold about you. Most of it is visible in your customer portal; open a ticket if you need the rest.
  • Correct inaccurate information about you. Use the customer portal or open a support ticket.
  • Delete personal information we hold about you, subject to our retention obligations for tax, accounting, and legal compliance. Closing your account triggers our standard retention timeline (see Data Retention above).
  • Export a copy of your account information in a portable format. Open a support ticket and we'll send it.
  • Opt out of marketing communications. Service-essential communications (invoices, maintenance notices, security alerts) cannot be opted out of while the account is active.
  • Object to our processing or restrict it in certain circumstances; we'll evaluate the request against our legal and contractual obligations.

To exercise any of these rights, contact us via the customer portal or at privacy@lylix.net. We respond within 30 days; we may ask for verification before acting on a request.

California residents

If you reside in California, the California Consumer Privacy Act (CCPA, as amended by the CPRA) provides additional rights:

  • Right to know the categories and specific pieces of personal information we collect, the purposes for which we use it, and the categories of third parties we share it with. The sections above describe this.
  • Right to delete personal information we collected from you, subject to legal exceptions.
  • Right to correct inaccurate personal information we hold about you.
  • Right to opt out of "sale" and "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising, so no opt-out is necessary, but you have the right to confirm that with us at any time.
  • Right to non-discrimination for exercising your CCPA rights.

Submit CCPA requests through the same channels listed under "Your rights" above.

International users

Our services are operated from the United States. If you access our services from outside the US, your personal information will be transferred to, stored in, and processed in the United States. By using our services, you consent to this transfer. We do not maintain data-processing infrastructure outside the United States.

Children's privacy

Our services are not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us at privacy@lylix.net and we will delete it.

Cookies

We use cookies and similar technologies for:

  • Session management on the customer portal (required for the portal to function).
  • Aggregate analytics on this website (which pages are popular, what browsers visitors use). We do not use cookies to track you across other websites.

You can disable cookies in your browser settings; doing so will prevent the customer portal from working but will not affect public marketing pages.

Changes to this policy

We may revise this Privacy Policy from time to time to reflect changes in our practices or in the law. We will update the "Last updated" date at the top of this page when we do. Material changes that affect how we use information we already hold will be communicated by email to affected customers. Continued use of our services after a revision constitutes acceptance of the revised policy.

Contact

For privacy-related questions, requests, or complaints, contact us at:

LYLIX, LLC.
privacy@lylix.net
or through the customer portal.