We get it — we're huge privacy advocates too. Everyone should have a full understanding on how data is handled and reason why we need to collect certain data. We promise that we will never sell your data.

This policy applies specifically to Server Side Up, which is operated by 521 Dimensions LLC. Other products and services owned by 521 Dimensions LLC have their own separate privacy policies.

What we collect and why

We only collect what we absolutely need. Here is an explanation why:

Identity & Access

When you sign up for Server Side Up, we ask for basic information in order to identify who you are (this may include your name and email). We need this so you can sign in, personalize your own experience, send you an invoice, updates, or other essential information. If we ask for a profile image, we do that so you can add your own personal touch to our product. We do not normally look or access that image. We will never sell your personal information to third parties.

Billing Information

When you pay for Server Side Up, we ask for your credit card and billing address. We need this information so that we can charge you for the service, calculate any taxes, and send you invoices. Your credit card information is passed directly to our payment processor and never goes through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number as well as your billing address. We use this information for billing support, detect fraudulent transactions, and print on your invoice.

Geolocation Data

Our server logs all requests by full IP address so we can detect unauthorized access and diagnose service issues. We also may store the IP address that you used to access our services. We do not automatically convert IP addresses to geolocation data, although you should be aware that IP addresses do give a way a general area of where you are making the request from (but no where near as accurate as something as GPS). We do not use your IP address for exact geolocation purposes at all.

Website interactions

When you browse our marketing pages or applications, your browser automatically shares certain anonymous information such as which operating system and browser version you are using. We look at this information to see which pages are being used, which site we were able to get you from, and test new designs to make sure we are making the best experience possible.

We currently use a self-hosted Plausible instance, which helps protect your privacy from Big Cloud vendors.

Publicly accessible pages

If you leave a comment your profile image, username, and name that you have on your profile may be publicly viewable by anyone who visits that page. This may be indexed by search engines and seen by other people. Think of this as leaving a comment on a public forum. If you do not want to have your data in a public area, do not post a comment.

Voluntary correspondence

When you send a message to Server Side Up through any of our channels, we do keep a history of your email address and our previous correspondence. This helps us help you faster.

Data we specifically do not collect

We don't collect any characteristics of protected classifications including age, race, gender, religion, sexual orientation, gender identity, or gender expression. You may provide these data voluntarily, such as if you include a pronoun preference in your email signature when writing into our Support team.

We also do not collect any bio-metric data. You are given the option to add a picture to your user profile, which could be a real picture of you or a picture of something else that represents you best. We do not extract any information from profile pictures: they are for your use alone.

When we access or share your information

Our default practice is to not access your information. The only times we'll ever access or share your info are:

Provide products or services you've requested

We do use some third-party services to run our applications and only to the extent necessary process some or all of your personal information via these third parties. Below is a list of personal data subprocessors we use. These subprocessors are all located in the United States:

• Hetzner: Cloud service provider.
• Vultr: Cloud services provider.
• Amazon Web Services: Cloud services provider.
• Google Cloud Platform: Cloud services provider.
• Help Scout: Help desk software.
• Convertkit: Email newsletter service.
• Stripe: Payment provider
• Lemon Squeezy: Payment & checkout provider
• Bugflow: Bug tracking and reporting service

Help you troubleshoot or squash bugs with your permissions

If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.

To investigate, prevent, or take action regarding restricted uses

Accessing a customer's account when investigating potential abuse is a measure of last resort. We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. We do our best to balance those responsibilities throughout the process. If we do discover you are using our products for a restricted purpose, we will report the incident to the appropriate authorities.

When required under applicable law

If the appropriate law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring we share data, we have to comply. Otherwise, we flat-out reject requests from local and federal law enforcement when they seek data. And unless we're legally prevented from it, we'll always inform you when such requests are made. We have never received a National Security Letter or Foreign Intelligence Surveillance Act (FISA) order.

If 521 Dimensions LLC is acquired by or merged with another company — we don't plan on that, but if it happens — we'll notify you well before any info about you is transferred and becomes subject to a different privacy policy.

Your Rights With Respect to Your Information

At 521 Dimensions, we apply the same data rights to all customers, regardless of their location. Currently some of the most privacy-forward regulations in place are the European Union's General Data Protection Regulation ("GDPR") and California Consumer Privacy Act ("CCPA") in the US. 521 Dimensions recognizes all of the rights granted in these regulations, except as limited by applicable law. These rights include:

Right to Know

You have the right to know what personal information is collected, used, shared or sold. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.

Right of Access

This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.

Right to Correction

You have the right to request correction of your personal information.

Right to Erasure / "To be Forgotten"

This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers. Fulfillment of some data deletion requests may prevent you from using 521 Dimensions services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.

Right to Complain

You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority. To identify your specific authority or find out more about this right, EU individuals should go to https://edpb.europa.eu/about-edpb/board/members_en.

Right to Restrict Processing

This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we never have and never will sell your personal data).

Right to Object

You have the right, in certain situations, to object to how or why your personal information is processed.

Right to Portability

You have the right to receive the personal information we have about you and the right to transmit it to another party.

Right to not be subject to Automated Decision-Making

You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.

Right to Non-Discrimination

This right stems from the CCPA. We do and will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, the exercise of certain rights (such as the right "to be forgotten") may, by virtue of your exercising those rights, prevent you from using our Services.

Many of these rights can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us at [email protected]. To identify your specific authority to file a complaint or find out more about GDPR, EU individuals should go to https://edpb.europa.eu/about-edpb/board/members_en.

How we secure your data

We protect your data.

All data are written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

We use HTTPS.

Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.

Our application databases are generally not encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems.

Regularly-updated infrastructure.

Our software infrastructure is updated regularly with the latest security patches. Our products run on a firewalled network that is monitored monitored. While perfect security is a moving target, we follow security researchers to keep up with the state-of-the-art in web security.

We protect your billing information.

All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please email us at [email protected]

We do have a responsible disclosure policy that we follow on how we treat security related events:

Responsible Disclosure Policy

Location of Site and Data

Server Side Up is operated in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.

Changes & questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. If you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information please email us at [email protected]. We will be happy to answer any questions!