Privacy Policy
Version 1.0 — Effective date: May 20, 2026
1. Who We Are
PunchVPS Ltd. (“PunchVPS”, “we”, “us”) operates punchvps.com and provides cloud hosting, VPS, and server infrastructure services.
Contact: [email protected]
2. What Data We Collect, Why, and the Legal Basis
The table below lists every category of personal data we process, the purpose, and the lawful basis under Israeli law (Protection of Privacy Law 5741-1981, as amended) and GDPR Article 6 where applicable.
| Data Category | Purpose | Legal Basis | Mandatory? |
|---|---|---|---|
| Name, email, phone, address | Account creation and management | Performance of contract (GDPR Art. 6(1)(b)); PPL §11 | Mandatory — account cannot be created without it |
| Billing details (amount, date, service) | Invoicing and payment processing | Legal obligation (GDPR Art. 6(1)(c)); Israeli Tax Ordinance / VAT Law | Mandatory — required by law |
| Payment method data | Charging for services | Performance of contract (GDPR Art. 6(1)(b)) | Mandatory — service cannot be activated without payment |
| Server and network logs (IP, timestamps, traffic metadata) | Security, abuse prevention, service integrity | Legitimate interests (GDPR Art. 6(1)(f)) — protecting network integrity and preventing unauthorized access | Automatic — generated by use of the service |
| Support ticket content | Providing technical support | Performance of contract (GDPR Art. 6(1)(b)) | Voluntary — you choose whether to contact support |
| Cookie consent preferences | Recording your cookie choices | Legal obligation / legitimate interests (GDPR Art. 6(1)(c)/(f)) | Automatic — set when you interact with the cookie banner |
We do not collect special category data (health, religion, race, political views, biometrics) and ask that you do not submit such data through support tickets or account fields.
3. Data Retention
We retain data only as long as necessary for the purpose for which it was collected or as required by law:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data (name, email, contact) | Duration of contract + 7 years | Israeli Statute of Limitations; tax audit requirements |
| Invoices and billing records | 7 years from invoice date | Israeli Tax Ordinance and VAT Law (mandatory) |
| Payment method data | Not stored by us — processed by iCount | iCount retains per their own policy |
| Server and network logs | 90 days | Sufficient for security investigations; minimization principle |
| Support tickets | 3 years from closure | Contractual dispute resolution period |
| Cookie consent records | 13 months | Matches maximum analytics cookie duration; consent audit trail |
After the applicable retention period, data is securely deleted or anonymized.
4. Who We Share Your Data With
We share data only where necessary to provide our services:
- iCount (Israel) — payment processing. We pass billing details required to charge your payment method. iCount’s privacy policy: icount.co.il/privacy.
- Cloudflare, Inc. (USA) — network protection and content delivery. Network traffic passes through Cloudflare’s infrastructure. Cloudflare is certified under the EU-U.S. Data Privacy Framework. Cloudflare’s privacy policy: cloudflare.com/privacypolicy.
We do not sell your personal data. We do not share data with advertising networks or data brokers.
5. International Data Transfers
PunchVPS operates in Israel. Israel has been recognized by the European Commission as providing an adequate level of data protection (Commission Implementing Decision, reaffirmed January 2024), meaning data transfers from the EU/EEA to PunchVPS do not require Standard Contractual Clauses or other supplementary mechanisms.
For transfers to Cloudflare (USA): Cloudflare participates in the EU-U.S. Data Privacy Framework, providing a lawful transfer mechanism under GDPR Article 45.
6. Cookies
This website uses cookies. A cookie banner is displayed on your first visit — you may accept all, reject non-essential, or customize your preferences.
| Category | Purpose | Legal Basis | Duration |
|---|---|---|---|
| Strictly Necessary | Site login, session management, security, cookie consent memory | Legitimate interests / contract performance — cannot be disabled | Session or up to 1 year |
| Analytics | Currently not in use | Consent (GDPR Art. 6(1)(a)) — toggle available in cookie settings | N/A |
| Marketing | Currently not in use | Consent (GDPR Art. 6(1)(a)) — toggle available in cookie settings | N/A |
You may withdraw or change your cookie consent at any time by clearing your browser cookies — the banner will reappear on your next visit.
7. Your Rights
Under Israeli law (Protection of Privacy Law 5741-1981, Amendment 13) and GDPR (where applicable), you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data, subject to retention obligations required by law
- Restriction — request that we limit processing of your data in certain circumstances
- Portability — receive your data in a structured, machine-readable format (GDPR Art. 20)
- Object — object to processing based on legitimate interests (GDPR Art. 21)
- Object to automated decisions — not to be subject to decisions based solely on automated processing that significantly affect you (GDPR Art. 22)
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
You have the right to lodge a complaint with:
- Israeli Privacy Protection Authority (PPA): gov.il — PPA
- Your EU member state supervisory authority (if you are an EU resident)
8. Security
We implement technical and organizational measures appropriate to the risk, including access controls, encrypted transmission (TLS), and incident response procedures, in accordance with the Privacy Protection (Data Security) Regulations 5777-2017.
9. Changes to This Policy
We may update this policy from time to time. The version number and effective date at the top of this page will reflect any changes. Material changes will be communicated via email to registered customers.
Previous versions are available on request at [email protected].