Contabo logo Contabo
Contabo logo Contabo
Register
Legal

Privacy Policy

How we collect, use, and protect your personal data in compliance with GDPR.

Last updated: 2 May 2026

This Privacy Policy explains how Contabo ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our cloud infrastructure services. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

1. Data Controller

Contabo is the data controller responsible for the processing of your personal data. If you have any questions about this policy or our data practices, please contact us at privacy@contabo.se.

2. Information We Collect

We collect the following categories of personal data:

Account information

  • Name, email address, billing address, and phone number.
  • Company name and VAT registration number (for business accounts).
  • Password (stored as a one-way cryptographic hash).

Payment information

  • Payment method details processed by our payment partners (Stripe, Klarna, Swish). We do not store full card numbers on our systems.
  • Invoice history and transaction records.

Service usage data

  • Server, storage, DNS, and domain configuration data you provide.
  • Bandwidth, CPU, and storage usage metrics.
  • Login times, IP addresses, browser type, and device information.

Support communications

  • Tickets, chat transcripts, and emails you send to our support team.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Contract performance - to deliver the services you have purchased.
  • Legal obligation - to comply with Swedish accounting, tax, and consumer protection laws.
  • Legitimate interest - to secure our infrastructure, prevent fraud, and improve our services.
  • Consent - for marketing communications and optional analytics, where applicable.

4. How We Use Your Data

We use your personal data to:

  • Provide, operate, and maintain the cloud services you use.
  • Process payments, send invoices, and manage your subscription.
  • Provide customer support and respond to your inquiries.
  • Send service notifications, security alerts, and account updates.
  • Detect, prevent, and respond to abuse, fraud, and security incidents.
  • Comply with our legal obligations and respond to lawful requests from authorities.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with carefully selected partners who help us deliver our services:

  • Infrastructure providers - Cloudflare (CDN, edge compute, storage) and our upstream server provider.
  • Payment processors - Stripe, Klarna, and Swish for payment handling.
  • Communication providers - MailChannels for transactional email, 46elks and Twilio for SMS.
  • Authorities - when required by law, court order, or to protect our legal rights.

All processors are bound by data processing agreements that meet GDPR requirements.

6. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). When data is transferred outside the EEA (for example, to Cloudflare edge locations), we use Standard Contractual Clauses approved by the European Commission and additional safeguards to ensure your data remains protected.

7. Data Retention

We retain your personal data only for as long as necessary:

  • Account data - for the duration of your account, and up to 90 days after closure.
  • Billing and tax records - 7 years, as required by Swedish accounting law (Bokforingslagen).
  • Server logs and metrics - up to 90 days for operational and security purposes.
  • Support tickets - up to 3 years for service quality and dispute resolution.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access - request a copy of the data we hold about you.
  • Rectification - correct inaccurate or incomplete data.
  • Erasure - request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
  • Restriction - limit how we process your data.
  • Portability - receive your data in a structured, machine-readable format.
  • Objection - object to processing based on legitimate interest or for direct marketing.
  • Withdraw consent - revoke consent at any time, where consent is the legal basis.

To exercise these rights, contact us at privacy@contabo.se. We will respond within 30 days.

9. Security

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS 1.2+), encryption at rest, access controls, regular security audits, and 24/7 monitoring. While no system is completely secure, we work continuously to safeguard your information.

10. Cookies and Tracking

We use essential cookies to operate the website and remember your preferences (such as language and login session). We do not use third-party advertising or tracking cookies. A separate cookie banner provides details and lets you manage your preferences.

11. Children

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a notice on our website at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY). Visit imy.se for more information.

14. Contact

For all privacy-related inquiries, please contact:

Contabo
Email: privacy@contabo.se
General support: support@contabo.se

Questions About Your Data?

Our team is here to help. Reach out anytime.

Contact Us