At FlashRDP, protecting your privacy and the sovereignty of your data is a fundamental priority. This Privacy Policy explains how we collect, use, and protect your information when you use our services.
To provide our unmanaged cloud infrastructure, we collect minimal necessary information.
- Account Data: Full name, email address, and billing address.
- Payment Data: For credit/debit card payments, details are processed securely and directly by Stripe (FlashRDP does not store full credit card numbers). For cryptocurrency payments, we strictly do not log or track the sending wallet address or your identity. We only record the internal invoice metadata required to verify the transaction (e.g., Amount, Date, Status, Order ID, and internal Payment ID).
- Support Data: Information you provide when opening support tickets or communicating with our team.
- Usage Logs: IP addresses used to access the client portal, browser type, and access times to ensure account security and prevent fraud.
- Server Metadata: Resource utilization metrics (CPU, RAM, bandwidth usage) to enforce billing and Acceptable Use Policy limits.
- Cookies & Analytics: Essential cookies are used to maintain your login session and portal preferences. We also use PostHog (self-hosted) and Google Analytics to collect aggregated, anonymized usage data to improve our documentation, website performance, and overall user experience.
What We Do Not Collect: FlashRDP is an unmanaged infrastructure provider. We do not access, analyze, index, or monitor the contents of the files, databases, or software hosted on your Virtual Private Servers. You maintain full Administrator/Root control over your data.
- To provision, maintain, and manage your cloud infrastructure.
- To process payments, issue invoices, and manage your FlashRDP wallet.
- To provide customer support and respond to inquiries.
- To detect and prevent fraudulent accounts, network abuse, and DDoS attacks.
- To send you critical service updates, renewal notices, and security alerts.
2a. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data under the following legal bases as required by GDPR Article 6:
| Data Category | Legal Basis |
|---|
| Account & billing data | Contract performance (Art. 6(1)(b)) — necessary to deliver the services you purchased |
| Payment processing | Contract performance (Art. 6(1)(b)) — required to complete your transactions |
| Transaction records (7-year retention) | Legal obligation (Art. 6(1)(c)) — required by tax and financial accounting law |
| Usage logs & fraud detection | Legitimate interests (Art. 6(1)(f)) — protecting network security and preventing abuse |
| Service communications & renewal notices | Legitimate interests (Art. 6(1)(f)) — necessary for service continuity |
| Analytics (PostHog, privacy-respecting) | Legitimate interests (Art. 6(1)(f)) — improving documentation and user experience |
3. Data Sharing and Third Parties
FlashRDP does not sell your personal data to advertisers or third-party marketers. We only share data with trusted partners necessary to operate our service:
- Payment Processors: Stripe (for fiat payments) and various crypto gateways (for cryptocurrency payments) strictly to process transactions.
- Infrastructure Partners: Upstream data center providers may see network-level traffic (e.g., IP routing) but do not have access to your account details or server contents.
- Law Enforcement: We will disclose account information or server access only when legally compelled by a valid court order, subpoena, or specific legal process, as outlined in our Terms of Service.
4. International Data Transfers
FlashRDP is a Wyoming LLC with global infrastructure. By using our services, your information may be transferred to, stored, or processed in the United States, Europe, or other regions where our operational teams or servers are located. We rely on European Commission-approved Standard Contractual Clauses (SCCs) and relevant adequacy decisions as the legal mechanism to safeguard data during cross-border transfers, including transfers of EU user data to US-based analytics providers like Google Analytics.
5. Data Retention
- Active Accounts: We retain your account and billing information for as long as your account remains active.
- Terminated Services: When a server is terminated, all data on the NVMe drives is instantly and unrecoverably wiped.
- Financial Records: We retain transaction records, invoice history, and basic account logs for a minimum of seven (7) years to comply with tax and financial accounting laws, even after an account is closed.
5a. Data Retention by Category
| Data Category | Retention Period |
|---|
| Account profile (name, email, address) | Duration of active account + 90 days after closure |
| Payment card data | Not stored by FlashRDP (processed by Stripe) |
| Cryptocurrency transaction records | 7 years (legal/tax obligation) |
| Invoice & billing history | 7 years (legal/tax obligation) |
| Support ticket communications | 3 years after ticket closure |
| Server access logs & usage metrics | 90 days rolling |
| Portal login logs (IP, browser, timestamp) | 12 months |
| Server NVMe data | Destroyed instantly upon service termination |
6. Your Rights (GDPR & CCPA)
Depending on your jurisdiction — the European Union (GDPR), the United Kingdom (UK GDPR), or California (CCPA) — you possess the following rights regarding your personal data:
- Right to Access (Art. 15 GDPR): Request a copy of all personal data we hold about you.
- Right to Rectification (Art. 16 GDPR): Correct inaccurate data. You can update most information directly via the client portal.
- Right to Erasure / Right to be Forgotten (Art. 17 GDPR): Request deletion of your account and personal data. We must retain financial transaction records for 7 years by law; all other data will be purged.
- Right to Data Portability (Art. 20 GDPR): Request your data in a structured, machine-readable format.
- Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests (e.g., analytics). We will cease processing unless we can demonstrate compelling legitimate grounds.
- Right to Restrict Processing (Art. 18 GDPR): Request restriction of processing while a dispute about accuracy or lawfulness is resolved.
- Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with your local supervisory authority. For EU users, contact your national Data Protection Authority (DPA). For UK users, contact the Information Commissioner’s Office (ICO) at ico.org.uk. For California users, contact the California Privacy Protection Agency (CPPA).
- CCPA Rights: California residents have the right to know what personal information is collected, the right to delete, the right to opt-out of sale (we do not sell data), and the right to non-discrimination for exercising these rights.
Automated Decision-Making: FlashRDP does not make legally significant automated decisions about individual users solely by automated means. AUP enforcement actions (suspensions, terminations) are triggered by automated systems based on billing rules or abuse detection, but a human review can be requested via a support ticket.
Cookies & Tracking Opt-Out: We use essential session cookies required to maintain your login. Analytics are powered by PostHog (self-hosted) and Google Analytics, configured to respect your privacy by aggregating data. Neither system is used to track your activities inside your provisioned server. To opt out of analytics, you may use your browser’s Do Not Track setting, an ad-blocker, or contact us at privacy@flashrdp.com.
To exercise any of the above rights, open a support ticket in the client portal or email privacy@flashrdp.com. We will respond within 30 days (or within the timeframe required by applicable law).
7. Changes to This Policy
We may update this Privacy Policy periodically. If we make material changes, we will notify you via email or through an announcement in the client portal at least 30 days before the changes take effect.
Last Updated: June 22, 2026 
