TWOO
Giriş Yap
Yasal

Privacy Policy

How we collect, use, store, and protect your personal information. GDPR compliant.

Son güncelleme: 5 May 2026

TWO-O LLC ("Two-O", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have over it. It applies to our website (two-o.net), client area, and all hosting services we provide.

1. Data controller

The data controller responsible for processing your personal data is TWO-O LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, United States. You can reach our data protection contact at privacy@two-o.net.

2. Personal data we collect

We collect and process the following categories of personal data:

  • Account data: Name, email address, postal address, phone number, company name (if applicable) provided during registration.
  • Billing data: Payment method details (processed and stored by Paddle, our merchant of record; we do not store full card numbers), invoice history, VAT identification numbers.
  • Technical data: IP addresses, browser type and version, operating system, referral URLs, access timestamps collected automatically when you visit our website or use our services.
  • Service data: Server configuration, domain names registered through Two-O, support ticket content, usage metrics.
  • Communication data: Emails, support tickets, and live chat transcripts exchanged between you and Two-O.

3. Legal basis for processing

We process personal data under the following legal bases as defined in Article 6(1) of the GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary to fulfill our contractual obligations, including provisioning services, billing, and customer support.
  • Legitimate interests (Art. 6(1)(f)): Processing for fraud prevention, network security, service improvement, and internal analytics, balanced against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)): Processing required by tax, accounting, or regulatory obligations.
  • Consent (Art. 6(1)(a)): Processing based on your explicit consent, such as marketing communications and non-essential cookies. You may withdraw consent at any time.

4. Data sharing & third parties

We share personal data only when necessary and with appropriate safeguards:

  • Payment processor: Paddle.com Inc. (PCI DSS Level 1 certified) for payment processing. Paddle's privacy policy applies to data they handle.
  • Domain registries: Accredited registries and registrars as required for domain registration and WHOIS data publication.
  • Datacenter operators: Our infrastructure partners in Frankfurt, Helsinki, Amsterdam, and Falkenstein who provide physical hosting. They act as data processors under our instructions.
  • Email service: Namecheap PrivateEmail for transactional and notification emails.
  • Law enforcement: We may disclose data when required by valid legal process, court order, or law enforcement request in accordance with applicable law.

We do not sell personal data. We do not transfer personal data outside the European Economic Area (EEA) unless adequate safeguards are in place, such as EU Standard Contractual Clauses.

5. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Account and service data is retained for the duration of your active account plus 30 days after termination. Billing and invoice data is retained for 7 years to comply with tax and accounting obligations. Server access logs are retained for 90 days. Support ticket records are retained for 3 years after resolution. You may request earlier deletion where permitted by law.

6. Cookies and tracking

Our website uses cookies and similar technologies. Essential cookies are required for the website to function and do not require consent. Analytics and preference cookies are set only after you provide consent through our cookie banner. For detailed information about each cookie category, duration, and purpose, please refer to our Cookie Policy.

7. Your rights under the GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction (Art. 18): Request that we limit the processing of your data in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@two-o.net. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

8. Security measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS 1.2+), encryption of data at rest, access control based on the principle of least privilege, regular security audits, and employee training. Our datacenters maintain ISO 27001-aligned security controls, redundant power supplies, fire suppression systems, and 24/7 physical security.

9. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email and posted on this page with an updated revision date. We encourage you to review this policy periodically.

10. Contact

For privacy-related inquiries, please contact: TWO-O LLC, Data Protection Contact, privacy@two-o.net, 30 N Gould St, Ste R, Sheridan, WY 82801, United States.