Privacy Policy
Last updated: March 2026
1. Who We Are
FalseViking Labs is the data controller for personal data collected in connection with our hosting services. Contact: support@falsevikinglabs.com
For hosted services (e.g. WordPress, Vaultwarden), FalseViking Labs also acts as a data processor on behalf of our clients. This relationship is governed by a separate Data Processing Agreement (DPA), which all clients are required to accept.
2. What Data We Collect
| Data | Why |
|---|---|
| Name & email address | Account creation, billing, support |
| Billing details | Payment processing (via Stripe) |
| IP addresses | Server security logs, abuse prevention |
| Hosted content | Delivery of your service |
| Support communications | Resolving issues |
We do not collect sensitive personal data, and we do not sell your data.
3. Lawful Basis (GDPR Art. 6)
- Contract performance (Art. 6(1)(b)) — processing your name, email, and payment details to deliver the service you ordered.
- Legal obligation (Art. 6(1)(c)) — retaining billing records as required by Danish law.
- Legitimate interests (Art. 6(1)(f)) — we process server logs and IP addresses to protect the security and integrity of our infrastructure, prevent abuse, and protect the rights of our clients and third parties. This processing is proportionate and does not override your fundamental rights and freedoms.
4. Data Retention
| Data | Retention period |
|---|---|
| Account & billing records | 5 years (Danish Bogføringsloven) |
| Server logs | 30 days |
| Hosted content | Deleted within 7 days of account termination |
| Support emails | 2 years |
5. Third Parties We Share Data With
We use the following data processors, each with GDPR-compliant data processing agreements:
Stripe (stripe.com)
Payment processing. Stripe handles all card data; we never see your full card details.
Hetzner Online GmbH (hetzner.com)
Server infrastructure located in the EU.
Resend (resend.com)
Transactional email delivery (order confirmations, notifications).
Zoho Corporation (zoho.com)
Support email. EU data residency enabled.
We do not share your data with any other third parties unless required by law.
6. International Transfers
All data is stored on Hetzner servers within the European Union. Stripe and Resend may process data outside the EEA under Standard Contractual Clauses (SCCs) approved by the European Commission. No other transfers outside the EEA take place.
7. Cookies
Our hosting management interface may use essential session cookies for login purposes only. We do not use tracking or advertising cookies.
8. Your Rights
Under GDPR you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion (subject to legal retention obligations)
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Restriction — request we limit processing in certain circumstances
- Complaint — lodge a complaint with Datatilsynet (see section 10)
To exercise any of these rights, contact us at privacy@falsevikinglabs.com. We will respond within 30 days.
9. Automated Decision-Making
We do not use automated decision-making or profiling as defined under GDPR Art. 22. All decisions affecting your account are made by a human.
10. Complaints
If you believe we are handling your data unlawfully, you have the right to lodge a complaint with the Danish data protection authority:
Datatilsynet
datatilsynet.dk · +45 33 19 32 00
11. Changes to This Policy
We may update this policy and will notify you by email at least 14 days before material changes take effect.