Privacy Policy

Last Updated: 01.01.2026
Operator: undergroundprivate.com (operating undergroundprivate.com and clientlogin.sx)
Jurisdiction: Belize

1. Introduction

undergroundprivate.com ("we," "us," "our") is committed to protecting your privacy. This Policy explains how we collect, use, store, and safeguard your data when you use our websites (undergroundprivate.com and clientlogin.sx) or our hosting services.

We operate as a global Infrastructure Service Provider incorporated in Belize. We procure high-performance computing resources from strategic third-party datacenters and deliver them to our customers. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

Crucial Distinction:

• Our Role: We act as the Service Provider and Billing Administrator. We manage your account, billing, and service provisioning. We do not own the physical hardware, network infrastructure, or datacenter facilities.
• Your Role: You are the sole Data Controller for all content, files, databases, and applications hosted on your server. You bear full, exclusive, and absolute responsibility for all content hosted and all actions performed on your server.
• Access Limitation: Our ability to access your server content varies by service type. If you change your SSH/root password or disable remote access, we may be completely locked out and unable to access your data.

2. Information We Collect

We collect personal data primarily through online forms used for ordering products and services on undergroundprivate.com or clientlogin.sx. The specific types of data we collect include:

• Personal Data: Name, email, phone, billing address, payment info.
• Technical Data: IP addresses, browser type, login timestamps, and service identifiers.
• Communication: Content of support tickets, emails, and chat logs.
• Billing: Invoice records, transaction details, and payment method metadata.
• Network Telemetry: IP traffic logs and abuse alerts received from third-party monitoring services or upstream datacenters.
• Specialized Verification Data: In addition to standard personal data, we may collect verification documentation (e.g., business licenses, domain ownership proofs, mailing list descriptions) specifically for the purpose of evaluating requests to unblock restricted ports (such as Port 25). This data is retained only for the duration of the evaluation and for audit purposes related to email abuse prevention.
• Sanctions Screening Data: We may collect and verify information to ensure compliance with international sanctions laws, including checking against publicly available sanctions lists.

3. How We Use Information

We use data to:

• Provision Services: Create accounts, assign IP addresses, and deliver server credentials.
• Manage Billing: Process payments, issue invoices, and manage account status via clientlogin.sx.
• Security & Abuse Response: Act on alerts from datacenters and third-party monitors regarding network anomalies (including illegal content, malware, or AI-generated abuse).
• Legal Compliance: Comply with valid legal requests from law enforcement authorities and sanctions regulations.
• Service Support: Troubleshoot technical issues only if we have administrative access.
• Criminal Investigations: Preserve data and cooperate with law enforcement upon receipt of valid court orders from the server's physical location.

We do not sell your personal data.

4. Data Retention and Backup Policies

4.1 General Principle

We retain personal data only for the specific periods required by law or operational necessity. We do not keep data indefinitely without a valid reason. Once data is no longer necessary for the purposes outlined (including legal or security obligations) and no legal hold exists, we will securely delete or anonymize it.

4.2 Scope of Retention

We operate a hybrid model. Some services are managed via our proprietary panels (e.g., SolusVM, cPanel for Shared Hosting), while others are raw servers provided directly by datacenters. Retention rights and capabilities depend on the infrastructure provider and our level of access.

4.3 Data We Retain

After account closure, we retain the following in our Billing Management System for the periods required by law or operational necessity:

• Account Records: Name, email, address, and contact info (Retained for the duration of the account and as required by statutory record-keeping obligations).
• Billing History: Invoices and payment records (Retained for the period mandated by applicable tax and accounting laws).
• Support Communications: Ticket logs (Retained for the period necessary to resolve disputes and ensure service quality).
• Login Activity: IP addresses and timestamps (Retained for the period necessary for security monitoring, fraud prevention, and legal defense).
• Sanctions & Compliance Records: Verification data related to sanctions screening (Retained for the period necessary to demonstrate compliance with applicable laws).

4.4 Server Content Deletion & Customer Responsibility

Managed Infrastructure (Shared Hosting & SolusVM VPS):

• Access & Monitoring: For Shared Hosting and SolusVM VPS, we retain administrative access to the server environment to manage resources and ensure security. However, we do not proactively monitor, read, or inspect the content of your files, databases, or emails unless:
  • You explicitly request technical support via a ticket.
  • We detect a security threat (e.g., malware, spam, resource abuse) via automated systems.
  • We are legally compelled by a valid court order.
• Log Responsibility: The Customer is solely responsible for archiving and maintaining their own website access logs, error logs, and email logs. We do not provide long-term archival or backup of these logs. If the Customer deletes these logs, or if they are rotated/deleted by the server's default configuration, we accept no liability for their loss.
• Deletion: Upon termination, we will provision the immediate deletion of your account, files, and databases via our management panels.

Raw Infrastructure (VPS / Dedicated without Panel):

• No Access: We do not have the ability to access or delete server content on raw infrastructure. You are solely and exclusively responsible for backing up and permanently removing your data before requesting termination.
• Locked Out: If you change your SSH/root password or disable remote access, we cannot and will not bypass these controls unless required by law or to stop an active attack.
• Liability: We bear no responsibility for data loss, retention, or destruction of your server content. If you fail to delete your data, it remains your property and your liability.

General Liability & "No Snooping" Policy:

• No Unauthorized Access: We never use our administrative capabilities to access your private data (emails, files, databases) for marketing, surveillance, or arbitrary reasons. Any access is logged, minimized, and audited.
• Customer Responsibility: Regardless of the service type, you are the sole Data Controller for all content hosted on your account. You are responsible for ensuring your content complies with all laws.

4.5 Traffic Log Retention & Access Limitations

As a reseller of virtual and dedicated infrastructure, undergroundprivate.com (operating clientlogin.sx) does not have access to, nor does it retain, raw server traffic logs, internal system logs, or content data residing within the Customer's server environment.

Once a server is provisioned and root/administrator access is granted to the Customer, all logs and data inside the server are the sole responsibility and exclusive property of the Customer. We do not monitor, store, or archive this internal data.

The only data we retain is Billing and Account information (name, email, payment history) as required by tax laws. We do not retain network traffic logs unless explicitly required by a valid court order to preserve specific evidence for an ongoing investigation, in which case we will coordinate with the upstream datacenter.

4.6 Legal Holds

If we receive a valid legal request (e.g., court order, warrant, or subpoena), we will preserve all relevant data we have access to and suspend deletion procedures until the matter is resolved. This may include billing records, login logs, and, where technically possible, server snapshots.

4.7 Deletion and Anonymization

Once data is no longer necessary for the purposes outlined (including legal or security obligations) and no legal hold exists, we will securely delete or anonymize it:

• Technical Logs: Deleted when no longer necessary for security or legal defense.
• Billing Records: Retained for as long as required by applicable tax and accounting laws.
• Server Data: Deleted per standard termination procedures on our infrastructure, or as instructed by the datacenter.

4.8 Third-Party Billing Records

We retain records of your interaction with third-party payment processors (e.g., transaction IDs, subscription status flags) solely for the purpose of verifying account status and resolving billing disputes. However, we do not control the recurring billing cycles managed directly by these third parties. Once your account is closed on our end, we cease processing new data, but we cannot alter or delete your subscription data held by the payment processor.

5. Your Rights Under Belizean Law

Under the Belize Data Protection Act (2021), you have the right to:

• Access: Request a copy of your data.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion (subject to legal retention obligations).
• Restriction: Limit processing.
• Portability: Transfer data.
• Object: Object to processing.

Contact us at legal.undergroundprivate.com@clientlogin.sx to exercise these rights. We respond within 30 days.

Note: Certain rights may be limited where data is required for legal compliance, security purposes, or ongoing investigations.

6. Cookies

We use cookies to track activity on our public websites (undergroundprivate.com and clientlogin.sx). You can refuse cookies via your browser settings.

7. Third-Party Links

We are not responsible for the privacy practices of third-party sites linked from our services.

8. Security

We implement appropriate security measures for our billing systems and network infrastructure. However, we do not control the physical security of the datacenter, nor do we guarantee the security of your server content once you have full root access. No method of transmission over the internet is 100% secure.

9. Third-Party Infrastructure & Limitation of Liability

9.1 Datacenter Independence

Our services rely on infrastructure owned and operated by third-party datacenters. We are not responsible for any actions, omissions, failures, or damages caused by these datacenters.

9.2 Hardware & Maintenance

We are not liable for:

• Hardware Failures: Any data loss, corruption, or service interruption resulting from hardware failure, component replacement, or server renewal by the datacenter.
• Maintenance Schedules: Any damage or downtime resulting from scheduled or unscheduled maintenance, hardware upgrades, or facility migrations performed by the datacenter.
• Notification Gaps: We are not obligated to inform you of datacenter-level hardware changes, renewals, or maintenance schedules. It is your responsibility to maintain independent backups.

9.3 Force Majeure

We are not liable for any loss or damage resulting from events beyond our reasonable control, including but not limited to datacenter outages, network failures, natural disasters, or acts of war.

10. Changes to This Policy

We may update this Policy. Minor changes are posted on the website; Material changes may be notified via email. Continued use constitutes acceptance.

11. International Users and Regional Rights

• EEA/UK: We process data in accordance with internationally recognized standards. You may have rights under local laws depending on your residence.
• California: Rights under CCPA/CPRA apply. We do not sell data.
• Other Jurisdictions: Local laws prevail if they provide greater rights.

Data Transfers: Your data may be transferred to various jurisdictions globally. We ensure appropriate safeguards are in place.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we discover that we have collected personal data from a user under the age of 18, we will immediately delete that information and terminate the account.

13. Data Breach Notification

We implement strict security measures to protect our billing data. However, in the unlikely event of a data breach that compromises your personal data:

• We will notify the relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by applicable laws.
• We will notify affected customers via email without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
• We are not liable for breaches caused by your own failure to secure your server, weak passwords, or compromised applications.

14. "Do Not Track" Signals

Some web browsers have a "Do Not Track" feature. We currently do not respond to "Do Not Track" signals as there is no universally accepted standard. You can manage cookies via your browser settings.

15. Data Storage Locations

To ensure the highest level of security and compliance, we store your data in the following locations:

• Billing and Account Data: All billing information is securely housed on encrypted, geographically distributed infrastructure managed by our trusted third-party providers. This data is processed in strict adherence to internationally recognized data protection standards and industry best practices for security and privacy.
• Customer Content: The content hosted on your server (files, databases, applications) is stored on the server you have selected, which may be located in various jurisdictions. You are the sole Data Controller for this content and bear full responsibility for all actions and content hosted on your server.
• Server Migration: We reserve the right to migrate your server to different geographic locations. Your data may therefore be stored in different jurisdictions over time, subject to the laws of the new location.

16. Law Enforcement & Legal Requests

• Belizean Law: As a company incorporated in Belize, we comply with valid court orders or warrants issued by Belizean judicial authorities. If such authorities request billing or account data, we will verify the order and retrieve the data directly from our secure Billing Management System and provide it to them.
• Server Location: For data stored on the server you have rented, we comply with valid local court orders issued by the authorities of the country where the server is physically located.
• Locked-Out Servers & Datacenter Intervention:
  • If you have locked us out of the server (e.g., changed SSH passwords) or if our management panels are inaccessible due to technical failures, we cannot directly access the data.
  • However, in the event of a valid court order, we will immediately instruct the Datacenter to take a forensic snapshot of the server, reset access credentials, or provide physical access to facilitate the investigation.
  • Prevention of Data Destruction: In cases of valid legal orders involving locked-out servers, we will also instruct the Datacenter to isolate the server or prevent further access by the customer to preserve evidence and prevent data destruction.
• Physical Access: If law enforcement demands physical access to the server, they must contact the datacenter directly.
• Foreign Jurisdiction Requests: We do not recognize informal requests from foreign authorities. All requests must be accompanied by a valid court order issued by the local authorities of the server's physical location.

17. Abuse Monitoring & Network Security

17.1 Reactive Monitoring & No Proactive Duty

We do not actively scan, inspect, or monitor the content of your server or network traffic. We have no obligation to proactively detect illegal activity, abuse, or security breaches. Our security measures are strictly reactive, relying solely on:

• Automated Alerts: Notifications received from upstream datacenters or third-party monitoring providers regarding network anomalies (e.g., DDoS, spam, illegal traffic, or AI-generated abuse patterns).
• Abuse Reports: Valid complaints received via our designated abuse channels.
• Legal Orders: Direct instructions from law enforcement or judicial authorities.

17.2 Customer Sole Responsibility for Reporting

The Customer is solely and exclusively responsible for ensuring that all abuse reports, legal notices, or security alerts directed at their server are received and addressed.

• Valid Contact Requirement: You must maintain a valid, working abuse email address and contact form on your website and domain registrar details.
• No Liability for Missed Reports: We are not liable for any failure to receive, process, or act on an abuse report, regardless of the reason. This includes, but is not limited to:
  • Reports sent to an incorrect or unreachable email address.
  • Reports that are missed, overlooked, or delayed due to internal workload, staffing issues, human error, illness, or any other reason.
  • Reports sent to channels we do not actively monitor.
  • Technical failures affecting our communication systems.
• Customer Liability: Even if we fail to receive or act on a report, you remain fully liable for all consequences, damages, legal costs, and violations resulting from the content or activity on your server. We have no duty of care to ensure you receive every report sent to us.

17.3 Immediate Action Upon Receipt

Upon receiving a valid alert or report, we reserve the right to take immediate action (including suspension, termination, or traffic filtering) to protect our network and comply with legal obligations. However, failure to act immediately does not constitute negligence or admit liability on our part.

17.4 Port 25 Traffic Monitoring (Strategic Partner Infrastructure)

• Monitoring Scope: On services provisioned through Strategic Partner Infrastructure, we employ automated monitoring systems to detect suspicious outbound traffic patterns on Port 25 (SMTP).
• No Proactive Scanning: We do not inspect the content of emails transmitted through Port 25. Monitoring is limited to traffic volume, frequency, and IP reputation metrics.
• Data Retention: Traffic logs related to Port 25 monitoring are retained for as long as necessary to investigate abuse incidents, defend against legal claims, or comply with regulatory obligations. Once these purposes are fulfilled and no legal hold exists, the data will be securely deleted.
• Customer Notification: If blocking action is taken based on monitoring alerts, we will notify the Customer via email or support ticket after the action has been implemented.

17.5 Forensic Snapshots & Criminal Investigations

• Evidence Preservation: In the event of credible allegations of severe criminal activity (e.g., CSAM, large-scale fraud, botnets) or upon receipt of a valid court order, we may instruct the Datacenter to take forensic snapshots of your server.
• No Customer Notification: We reserve the right to preserve evidence without prior notice to the Customer if notification would risk evidence destruction or continuation of criminal activity.
• Data Integrity: We are not liable if the Customer deletes, alters, or destroys data prior to or during an investigation, rendering it unrecoverable.

18. Customer Responsibility & Limitation of Liability

18.1 Sole Responsibility

You are the sole and exclusive Data Controller for all content, files, and data hosted on your server. You bear full and absolute responsibility for:

• All content hosted on your server.
• All actions, activities, and communications originating from your server.
• Ensuring your server software, applications, and passwords are secure.
• Compliance with all laws applicable to the server's location.

18.2 No Liability for Server Content

We are not responsible for any illegal content, data breaches, malware, or damages resulting from your server's operation. We do not monitor your server content unless required by law or triggered by an abuse alert.

18.3 Access Limitations

We are not liable for any inability to access, backup, or retrieve your data if you have locked us out (e.g., by changing SSH passwords) or if our management tools are temporarily unavailable. In such cases, you must coordinate directly with the datacenter.

18.4 Good Faith Actions

We reserve the right to take action in good faith to protect our network, comply with legal obligations, or prevent harm. We are not liable for any damages resulting from such actions, even if based on erroneous reports or human error.

19. Contact Information & Legal Identity

• Primary Website: undergroundprivate.com
• Billing & Client Portal: clientlogin.sx
• Support: legal.undergroundprivate.com@clientlogin.sx
• Registered Office: Registered Office in Belize

Legal Identity & Transparency

For legal inquiries regarding the specific legal entity name and registration details of undergroundprivate.com, please submit a formal written request to legal.undergroundprivate.com@clientlogin.sx. We will provide this information promptly to verified parties (including payment processors, banks, regulators, and law enforcement) in accordance with applicable laws.