Privacy Policy
Effective Date: May 24, 2026 | Last Modified: July 13, 2026
1. Introduction and Scope
Richcs Limited (NZBN 9429053693457), trading as CutVPS ("CutVPS," "we," "us," or "our"), is committed to protecting your privacy and being transparent about how we collect, use, disclose, and safeguard your personal information. This Privacy Policy explains our data practices and your rights under the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs). Where applicable, we also address your rights under the General Data Protection Regulation (GDPR) for individuals in the European Union or European Economic Area.
This Privacy Policy applies to personal information collected through our website (https://cutvps.com), customer account portal (https://my.cutvps.com), email communications, and in connection with the provision of our Virtual Private Server (VPS) hosting services and related infrastructure (collectively, "Services").
2. Who We Are
CutVPS is operated by Richcs Limited, a New Zealand limited company. We are the agency responsible for the personal information we hold about you under the New Zealand Privacy Act 2020. For individuals subject to the GDPR, we act as the data controller.
If you have questions about our privacy practices, wish to make a request regarding your personal information, or wish to lodge a complaint, please contact us at:
- Email: [email protected]
- Support: [email protected]
- Website: https://cutvps.com
- Post: Richcs Limited, 46a Waller Avenue, Bucklands Beach, Auckland 2012, New Zealand
You also have the right to lodge a complaint with the New Zealand Office of the Privacy Commissioner at privacy.org.nz. If you are in the EU or EEA, you may lodge a complaint with your local data protection authority.
3. Personal Information We Collect
3.1 Information You Provide Directly (IPP 3)
When you create a CutVPS account, contact us, or use our Services, we collect the following information directly from you:
- Full name and business name (if applicable)
- Email address (primary contact and alternate)
- Physical address (for billing and account verification)
- Phone number (optional, for account recovery)
- Username and password (hashed and securely stored)
- Account preferences and settings
- Support ticket content, chat transcripts, and correspondence
- Identity verification documentation (for compliance purposes, if required)
We collect this information to create and manage your account, provide the Services, process payments, deliver support, and communicate with you about your account. If you choose not to provide required information, we may be unable to provide the Services to you.
3.2 Payment Information
Payment processing is handled by our third-party payment processors: Stripe, PayPal, and CoinGate. CutVPS does not directly collect or store complete payment card information. When you provide payment details, they are transmitted securely to the relevant processor. We retain the following payment-related data:
- Last four digits of your payment method (where applicable)
- Card type and expiration month/year (masked)
- Billing name and address
- Transaction history and invoice records
- Billing email address
- Payment method preferences
3.3 VPS Infrastructure and Monitoring Data
During the operation of your VPS, we automatically collect technical data to maintain service quality and security:
- IP address assignment and allocation history
- Bandwidth usage and data transfer amounts
- Server resource utilisation (CPU, memory, disk usage)
- System logs and crash reports
- Backup metadata and scheduling information
- Security metrics and threat indicators
- Network traffic patterns (aggregated and non-content)
- API access logs and control panel activity logs
3.4 Information Collected Indirectly (IPP 3A)
We also collect personal information indirectly — that is, not directly from you — through the following means:
- Google Analytics 4 (GA4): When you visit our website, GA4 collects data including pages visited, time on page, referrer information, browser and device type, approximate geolocation (country/region level), and a client identifier. This data is processed by Google LLC in the United States. You can opt out of GA4 tracking by installing the Google Analytics Opt-out Browser Add-on or by using a browser that blocks third-party scripts.
- Cloudflare: Our website is served through Cloudflare, which collects performance and security data including IP addresses, request headers, and page load metrics.
- Server logs: Our web server automatically records access logs including IP addresses, timestamps, pages requested, HTTP status codes, and user agent strings.
We collect this information to understand how our website is used, to improve our Services, and to maintain security. This data is used in aggregate form where possible.
4. Why We Collect and Use Your Information (IPP 1 and IPP 10)
We collect and use personal information only for lawful purposes directly connected to our business functions. Specifically, we use your information to:
- Provide, maintain, and improve the Services
- Create and manage your account
- Process payments and generate invoices
- Deliver technical support
- Send account notifications and service communications
- Maintain the security and integrity of our infrastructure
- Prevent fraud, unauthorised access, and abuse
- Analyse website usage and service performance
- Comply with legal and regulatory obligations
- Enforce our Terms of Service and other policies
We will not use your personal information for a purpose other than the purpose for which it was collected, unless an exception under the Privacy Act 2020 applies.
4.1 Legal Basis for Processing (GDPR)
For individuals in the EU or EEA, our legal bases for processing are: (a) performance of our contract with you; (b) our legitimate interests in operating and improving the Services, maintaining security, and preventing fraud; (c) compliance with legal obligations; and (d) your consent, where applicable (for example, marketing communications). You may withdraw consent at any time.
5. Sharing and Disclosure of Personal Information (IPP 11)
5.1 Third-Party Service Providers
We share personal information with third parties only when necessary to provide our Services. Our current third-party providers include:
- Stripe (United States): Payment processing and fraud prevention. Stripe processes billing name, address, and payment card information securely in accordance with PCI-DSS standards. Stripe Privacy Policy.
- PayPal (United States): Alternative payment processing. PayPal processes billing information for customers who choose PayPal as their payment method. PayPal Privacy Policy.
- CoinGate (Lithuania/EU): Cryptocurrency payment processing for customers who choose to pay with cryptocurrency. CoinGate Privacy Policy.
- Google LLC (United States): Website analytics via Google Analytics 4. Google processes anonymised and pseudonymised usage data. Google Privacy Policy.
- Cloudflare (United States): Content delivery, DDoS protection, and web performance analytics. Cloudflare processes IP addresses and request metadata. Cloudflare Privacy Policy.
5.2 Legal and Law Enforcement Compliance
We may disclose your personal information if required by law, court order, or lawful request from a government or law enforcement agency. We may also disclose information when we believe in good faith that disclosure is necessary to protect the security of our Services, the rights or safety of our customers or staff, or to prevent or investigate possible wrongdoing or fraud.
5.3 Business Transfers
In the event that CutVPS is involved in a merger, acquisition, or asset sale, your personal information may be transferred as part of that transaction. We will provide notice of any such change via email and/or prominent notification on our website at least thirty (30) days before such a transfer takes effect.
5.4 No Sale of Personal Data
CutVPS does not sell, rent, or otherwise monetise your personal information. We do not share your data with third parties for marketing or advertising purposes without your explicit consent.
6. Cross-Border Data Transfers (IPP 12)
CutVPS is a New Zealand company. Our server infrastructure is located in Europe. However, some of the third-party services we use process personal information in other countries, including the United States and the European Union, as described in Section 5.1 above.
Under Information Privacy Principle 12 of the Privacy Act 2020, we may transfer personal information overseas only where appropriate safeguards are in place. We rely on the following bases for international transfers:
- The receiving country has comparable privacy protections (for example, EU member states, which are covered by New Zealand's EU adequacy status)
- The receiving party is subject to binding privacy obligations under their own contractual terms or privacy certifications
- Where required, we use contractual arrangements that provide comparable safeguards to those under New Zealand law
For individuals in the EU or EEA: New Zealand has been granted adequacy status by the European Commission, meaning personal data can flow freely from the EU to New Zealand. Where we transfer data to countries without adequacy status (such as the United States), we rely on the provider's contractual commitments and applicable data protection frameworks.
7. Data Retention (IPP 9)
We retain personal information only for as long as necessary for the purpose for which it was collected, or as required by law. Our retention periods are:
| Data Type | Retention Period |
|---|---|
| Active Account Information | Duration of account + 90 days after closure |
| Payment and Billing Records | 7 years (tax and legal compliance) |
| Support Tickets and Communications | 3 years after last interaction |
| Server Logs and Infrastructure Data | 30 days (except for security incidents) |
| Access Logs and Authentication Events | 30 days |
| Backup Data (VPS) | 7 days after account deletion |
| Website Analytics | 24 months (aggregated) |
| Marketing Communications Opt-outs | Indefinitely (to honour preferences) |
| Incident Reports and Security Events | 5 years (if relevant to compliance) |
After the retention period expires, personal data is securely deleted or anonymised. In some cases, we may retain data longer if required by law or to protect the security of our infrastructure.
8. Your Rights
8.1 Under the New Zealand Privacy Act 2020
Under the Privacy Act 2020, you have the right to:
- Access your personal information (IPP 6): You may request a copy of the personal information we hold about you. We will respond within twenty (20) working days.
- Request correction (IPP 7): You may request that we correct any inaccurate or incomplete personal information. You may update much of your account information directly through your control panel.
If we refuse a request for access or correction, we will provide you with the reasons for our decision and advise you of your right to complain to the Office of the Privacy Commissioner.
8.2 Under the GDPR (EU/EEA Individuals)
If you are in the European Union or European Economic Area, you have additional rights under the GDPR, including:
- Right to erasure: You may request deletion of your personal information in certain circumstances.
- Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON).
- Right to restrict processing: You may request that we restrict the processing of your personal information while we verify contested data.
- Right to object: You may object to processing based on legitimate interests, including for marketing purposes.
- Right regarding automated decision-making: You have the right not to be subject to decisions made solely by automated means that produce significant legal effects. CutVPS uses automated systems only for technical operations and fraud detection; significant account decisions are made by human review.
We will respond to GDPR requests within thirty (30) days (extendable by two months for complex requests).
8.3 How to Exercise Your Rights
To exercise any of the above rights, submit a written request to [email protected] with your full name, email address, and a description of your request. We will verify your identity before processing your request.
9. Cookies and Analytics
9.1 Essential Cookies
CutVPS uses essential cookies that are necessary for the functioning of our website and Services:
- Session Cookies: Required to maintain your login session and authenticate your access to the control panel
- Security Cookies: Used to prevent fraud, protect against malicious access, and maintain account security
- Functionality Cookies: Preserve your preferences and settings (such as language and timezone)
9.2 Analytics
We use the following analytics services to understand how our website is used and to improve our Services:
- Google Analytics 4 (GA4): GA4 uses cookies and similar technologies to collect usage data including pages visited, session duration, referrer information, and approximate geolocation. GA4 data is processed by Google LLC in the United States. IP anonymisation is enabled. You can opt out by installing the Google Analytics Opt-out Browser Add-on or by configuring your browser to block third-party cookies and scripts.
- Cloudflare Web Analytics: Cloudflare collects performance metrics including page load times and request volumes. This data is primarily aggregated and does not identify individual users.
9.3 No Advertising or Tracking Cookies
CutVPS does not use advertising cookies, retargeting cookies, social media tracking pixels, or behavioural tracking technologies.
9.4 Analytics and Your Consent
We use Google Analytics 4 (measurement ID G-83VSJP78WE), a web-analytics service provided by Google LLC, to understand how visitors find and use our website so we can improve it. Google Analytics uses cookies and similar technologies to collect standard internet-log information and aggregated visitor-behaviour information (such as pages viewed, approximate location derived from IP address, device and browser type). We have configured Google Analytics to use IP-anonymisation and we do not use it for advertising personalisation.
We manage analytics cookies through Google Consent Mode and an on-site consent banner:
- If you are visiting from the European Economic Area (EEA) or the United Kingdom, analytics and advertising storage are denied by default. No analytics cookie is set unless you select "Accept" on our consent banner. You may reject at any time, and rejecting keeps analytics off.
- If you are visiting from elsewhere, including New Zealand, analytics storage is enabled by default in accordance with applicable local law. You may opt out at any time by selecting "Reject" on our consent banner, or by using your browser's cookie controls.
Your choice is remembered on your device and applied on future visits. You can change it at any time by clearing our cookies for this site, which will bring the banner back.
Information collected by Google Analytics is processed by Google in accordance with the Google Privacy Policy and How Google uses information from sites or apps that use our services. We do not sell your personal information. For information about the personal information we hold, how we use it, and your rights under the New Zealand Privacy Act 2020 (and, where applicable, the EU/UK GDPR), see the rest of this Privacy Policy and our contact details in §16 (Contact Us).
9.5 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Disabling essential cookies may impair the functionality of our Services.
10. Children's Privacy
CutVPS Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will delete such information and terminate the associated account. Parents or guardians who believe their child has provided personal information to CutVPS should contact us immediately at [email protected].
11. Security (IPP 5)
11.1 Security Measures
CutVPS implements security measures to protect personal information against unauthorised access, alteration, disclosure, or destruction, including:
- Transport Layer Security (TLS) encryption for all data in transit
- Secure password hashing using industry-standard algorithms
- Firewalls and intrusion detection systems
- Regular security audits
- Role-based access controls for staff access to customer data
- Secure disposal of personal data at end of life
11.2 Security Limitations
While we implement reasonable security measures, no system is completely secure. CutVPS cannot guarantee absolute security against all threats. You are responsible for maintaining the security of your login credentials and account access.
12. Data Breach Notification
Under sections 112 to 117 of the Privacy Act 2020, CutVPS is required to notify the Office of the Privacy Commissioner and affected individuals if a privacy breach has caused, or is likely to cause, serious harm. In the event of such a breach:
- We will notify the Privacy Commissioner as soon as practicable (targeting within 72 hours of becoming aware the breach is notifiable)
- We will notify affected individuals as soon as practicable
- Notifications will include a description of the breach, the categories of personal information affected, the likely consequences, and the measures we have taken or recommend to mitigate harm
For individuals in the EU/EEA, we will also comply with GDPR breach notification requirements where applicable.
13. Policy Updates
CutVPS reserves the right to modify this Privacy Policy at any time. Material changes will be effective fourteen (14) days after notification via email to your registered email address or prominent notification on our website. Your continued use of the Services after the effective date constitutes acceptance of the modified Privacy Policy. If you do not agree with the changes, you may request account termination.
14. Additional Rights for Specific Jurisdictions
14.1 California (CCPA/CPRA)
If you are a California resident, you may have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. CutVPS does not sell personal information. To exercise any rights, please submit a request to [email protected].
14.2 Australia
If you are in Australia, the Australian Privacy Principles under the Privacy Act 1988 (Cth) may also apply to you. Your rights under Australian law are broadly similar to those described in Section 8 above.
15. Third-Party Links and Services
Our website and Services may contain links to third-party websites and services that are not operated by CutVPS. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party services before providing your personal information. CutVPS is not responsible for the privacy practices of third-party websites or services.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
- Email: [email protected]
- Support: [email protected]
- Website: https://cutvps.com
- Post: Richcs Limited, 46a Waller Avenue, Bucklands Beach, Auckland 2012, New Zealand
We will respond to your inquiry within twenty (20) working days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner of New Zealand at privacy.org.nz.