Privacy Policy

This Privacy Policy describes how Allay Studios LLC (“we”, “us”, or “our”) collects, uses, and protects your personal information when you use our services, websites, dashboards, and digital platforms. We are based in the United States and operate globally, including users in the European Union and other international regions.

1. Purpose

This policy outlines how we handle your data in accordance with U.S. federal and state privacy laws, and with global standards including GDPR (EU) and CCPA (California).

2. Information We Collect

  • Account registration data, such as email, password, and optional third-party login connections
  • Billing details, saved payment method metadata, and transaction history through the payment providers available on our services
  • Account security data such as two-factor authentication status, authenticator secrets, recovery codes, security events, and related verification records
  • Server metadata and usage logs (e.g. IP addresses, panel activity, node data)
  • Website usage and technical analytics
  • Support communications
  • Cookies and similar technologies

3. How We Use Your Data

  • To register and maintain hosting accounts
  • To provide and manage infrastructure services
  • To process payments and generate invoices
  • To store and display saved payment methods for future customer-authorized transactions
  • To send service-related notifications and updates
  • To prevent fraud and unauthorized access
  • To provide account security features, including two-factor authentication and account recovery
  • To comply with legal and tax obligations
  • To analyze service usage and improve performance

4. Cookies & Tracking

We use cookies and similar technologies for authentication, analytics, and improving user experience. Essential cookies are required for login and dashboard features.

5. Payments & Billing

Payments are processed through the third-party payment providers available on our services. If you choose to save a payment method, that method may be stored, tokenized, or vaulted by the applicable provider. We only store the payment tokens, provider identifiers, billing identifiers, customer references, labels, status information, and other limited metadata reasonably needed to display the method in your account, manage it, verify it, and process future transactions that you authorize.

6. Hosting & Infrastructure

Our infrastructure is hosted in secure data centers in the United States and the European Union. Access to user data is strictly limited to authorized personnel.

7. Data Retention

We retain data only as long as necessary for legal, operational, and service-related purposes. You may request deletion of your account and data at any time by contacting us.

8. Third-Party Services

We may use third-party service providers under strict confidentiality agreements. These may include DNS hosts, analytics, email platforms, and infrastructure providers. All subprocessors are vetted for security and compliance.

9. International Transfers

By using our services, you consent to your data being processed in the United States and other countries outside of your jurisdiction. We implement appropriate safeguards to protect international data flows.

10. Your Rights

  • Right to access your stored personal data
  • Right to correct or update incorrect data
  • Right to delete your data (if no legal obligation exists)
  • Right to object or restrict processing
  • Right to data portability
  • Right to file a complaint with a data authority

11. Data Protection for EU Residents

If you are located in the European Union, your data is processed in accordance with the General Data Protection Regulation (GDPR). We rely on your consent, contract necessity, and legal obligations as lawful bases for processing.

12. Children's Privacy

Our services are not directed to individuals under the age of 13, and we do not knowingly collect data from children.

13. Security

We implement industry-standard measures including encryption, access controls, and secure hosting to protect your data. However, no internet transmission is ever 100% secure.

If you enable two-factor authentication, we store the information needed to operate that feature, such as encrypted or otherwise protected authentication secrets, recovery code records, verification timestamps, and security logs. Recovery codes are intended to help restore access to your account and should be kept private by you.

14. Dispute Resolution

EU residents may use the European Commission’s Online Dispute Resolution platform:https://ec.europa.eu/consumers/odr

15. Contact

For support: [email protected]
For legal inquiries: [email protected]

Last updated: June, 2026