Counterwave Hosting Privacy Policy
Counterwave Hosting is an initiative of Lyberate Media Inc. and Defiant Studios. This Privacy Policy applies to all visitors and customers accessing or using our websites and core hosting/domain services. We are committed to transparency in our data handling and protecting the independent voices that rely on our platform.
1. Who We Are & How to Reach Us
- Counterwave Hosting is a service provided by Lyberate Media Inc., a registered entity in The State of New York.
- Privacy Contact: For any privacy-related questions or requests, please email us at: info@counterwavehosting.com
Important Note on Hosted Sites: This policy covers our core website and services (account management, billing, support). It DOES NOT cover the websites you host on our platform (e.g., your blog, podcast site). As the site owner/creator, you are responsible for publishing your own privacy policy for data collected directly on your hosted site.
- We use vetted third-party services (data processors) across our operations and require them to meet or exceed our strict privacy and security standards.
- We will never rent or sell potentially personally-identifying and personally-identifying information to anyone.
- If we must disclose personal information in response to a lawful request by public authorities (e.g., for national security or law enforcement), we will comply with legal requirements.
2. Personal Data We Collect (Why & How Long)
We only collect data necessary to provide and secure Our Services, support your needs, and comply with legal obligations.
A. Registered Users & Publishing Content
| Data Collected | Why We Collect It | Retention Period | Source Documentation |
| Profile Information (Gravatar, Display Name, Website URL, Bio) | To display your identity in public areas (comments, forums). | Stored indefinitely unless deletion is requested. | Section 3a |
| User Uploaded Media (e.g., images in posts/comments) | To host and display your content. Warning: If you upload images with EXIF GPS location data, visitors can extract this information. | Stored indefinitely unless deletion is requested. | Section 3a |
| Comment Data (Text, IP address, Browser User Agent) | To facilitate discussion and for spam detection (using services like Automattic/Akismet). | Published content and comments are stored indefinitely unless deletion/removal is requested. | Section 3a |
| Support Communication (Email, IP address, Data in Forms/Chats) | To provide ongoing support, improve services, and respond to your queries (via G Suite and HelpScout/LiveChatInc). | Kept indefinitely to help us provide support and improve our services. | Section 3b |
B. Hosting & API Services
- Antibot/Firewall IPs: IPs collected by our Antibot and Firewall services are solely for threat detection and preventing attacks.
- No PII Collected: We do not collect or cross-reference any personally identifiable information (PII) of the end-user or bad actor for this specific service.
- Log Retention: IP address logs are retained for a maximum of 7 days unless continued malicious activity is detected.
C. System Access & Support Credentials
- If you provide system access or login credentials as part of a support request (e.g., for troubleshooting a hosted site), we store this information exclusively to fulfill the requested service.
- Credentials are kept in our secure password manager (ProtonPass).
- Retention: Credentials are retained for a maximum of 15 days, after which they are automatically deleted unless you specifically renew them.
- For active ongoing services, credentials are kept only for the service duration and are securely deleted once the service ends.
3. User Rights
You have the right to control your personal data. We will respond to your requests within a reasonable timeframe, not to exceed one week.
| Your Right | How it Applies at Counterwave Hosting |
| Right to Access/Download Data | If you are a registered user or have left comments, you can request to see or download the data we have about you (profile info, payment history, support logs, etc.). |
| Right to Be Forgotten/Deletion | You can request “to be forgotten.” We will erase any personally identifiable data, excluding data legally required for administrative or security purposes. |
| Right to Correction/Amendment | You can request to correct or amend any inaccurate data we have about you. |
| Right to Opt-Out (Marketing) | All marketing emails include an unsubscribe link. You may also opt-out of the use of your personal information for targeted advertising (where applicable by law). |
- To exercise these rights, please direct your query to privacy@[yourdomain].com.
- For those wanting enhanced GDPR compliance, you may contact us to request a signed copy of a Data Protection Agreement (DPA).
4. Third Parties (Subprocessors)
We only partner with trusted services that prioritize security and privacy.
| Category | Service Providers (Subprocessors) | Primary Purpose | Privacy Policy Links (for your reference) |
| Hosting & Infrastructure | Amazon Web Services, Digital Ocean, Vultr, Linode | Web hosting, backups, file storage, APIs, log files. | [AWS Policy], [Digital Ocean Policy], [Vultr Policy], [Linode Policy]. |
| CDN | Bunny CDN | Content Delivery Network for performance optimization. | [Bunny Policy]. |
| Customer Support | Google G Suite, HelpScout, LiveChatInc | Internal email/communication, help desk, live chat support. | [Google Policy], [HelpScout Policy], [LiveChatInc Policy]. |
| Analytics | Google Analytics, Mixpanel, Hotjar, Sentry | Tracking visitors, logged-in user activity, user experience analysis, application monitoring. | [Google Policy], [Mixpanel Policy], [Hotjar Policy], [Sentry Policy]. |
| Payment Processors | PayPal, Stripe, Google Pay, Apple Pay, Microsoft Pay | Financial transactions and accounting. | [PayPal Policy], [Stripe Policy], etc.. |
| Domain Registration | OpenSRS | Domain name registration services. | [OpenSRS Policy]. |
5. Data Security, Breach, and Compliance
- System Access: Staff only have access to systems directly required for their job functions, and we use dual factor authentication for all critical systems.
- Data Breach Procedures: Should a data breach occur, our policy is to alert affected customers via email no later than 48 hours of becoming aware of the event. We will also report the incident to any required data protection authority.
- Regulatory Compliance: We adhere to legal requirements regarding the disclosure of personal information, including responding to lawful requests from U.S. authorities like the Federal Trade Commission (FTC), particularly concerning national security or law enforcement.