Privacy Policy

Effective Date: May 24, 2026 | Last Modified: July 13, 2026

1. Introduction and Scope

Richcs Limited (NZBN 9429053693457), trading as CutVPS ("CutVPS," "we," "us," or "our"), is committed to protecting your privacy and being transparent about how we collect, use, disclose, and safeguard your personal information. This Privacy Policy explains our data practices and your rights under the New Zealand Privacy Act 2020 and its Information Privacy Principles (IPPs). Where applicable, we also address your rights under the General Data Protection Regulation (GDPR) for individuals in the European Union or European Economic Area.

This Privacy Policy applies to personal information collected through our website (https://cutvps.com), customer account portal (https://my.cutvps.com), email communications, and in connection with the provision of our Virtual Private Server (VPS) hosting services and related infrastructure (collectively, "Services").

2. Who We Are

CutVPS is operated by Richcs Limited, a New Zealand limited company. We are the agency responsible for the personal information we hold about you under the New Zealand Privacy Act 2020. For individuals subject to the GDPR, we act as the data controller.

If you have questions about our privacy practices, wish to make a request regarding your personal information, or wish to lodge a complaint, please contact us at:

You also have the right to lodge a complaint with the New Zealand Office of the Privacy Commissioner at privacy.org.nz. If you are in the EU or EEA, you may lodge a complaint with your local data protection authority.

3. Personal Information We Collect

3.1 Information You Provide Directly (IPP 3)

When you create a CutVPS account, contact us, or use our Services, we collect the following information directly from you:

We collect this information to create and manage your account, provide the Services, process payments, deliver support, and communicate with you about your account. If you choose not to provide required information, we may be unable to provide the Services to you.

3.2 Payment Information

Payment processing is handled by our third-party payment processors: Stripe, PayPal, and CoinGate. CutVPS does not directly collect or store complete payment card information. When you provide payment details, they are transmitted securely to the relevant processor. We retain the following payment-related data:

3.3 VPS Infrastructure and Monitoring Data

During the operation of your VPS, we automatically collect technical data to maintain service quality and security:

3.4 Information Collected Indirectly (IPP 3A)

We also collect personal information indirectly — that is, not directly from you — through the following means:

We collect this information to understand how our website is used, to improve our Services, and to maintain security. This data is used in aggregate form where possible.

4. Why We Collect and Use Your Information (IPP 1 and IPP 10)

We collect and use personal information only for lawful purposes directly connected to our business functions. Specifically, we use your information to:

We will not use your personal information for a purpose other than the purpose for which it was collected, unless an exception under the Privacy Act 2020 applies.

4.1 Legal Basis for Processing (GDPR)

For individuals in the EU or EEA, our legal bases for processing are: (a) performance of our contract with you; (b) our legitimate interests in operating and improving the Services, maintaining security, and preventing fraud; (c) compliance with legal obligations; and (d) your consent, where applicable (for example, marketing communications). You may withdraw consent at any time.

5. Sharing and Disclosure of Personal Information (IPP 11)

5.1 Third-Party Service Providers

We share personal information with third parties only when necessary to provide our Services. Our current third-party providers include:

5.2 Legal and Law Enforcement Compliance

We may disclose your personal information if required by law, court order, or lawful request from a government or law enforcement agency. We may also disclose information when we believe in good faith that disclosure is necessary to protect the security of our Services, the rights or safety of our customers or staff, or to prevent or investigate possible wrongdoing or fraud.

5.3 Business Transfers

In the event that CutVPS is involved in a merger, acquisition, or asset sale, your personal information may be transferred as part of that transaction. We will provide notice of any such change via email and/or prominent notification on our website at least thirty (30) days before such a transfer takes effect.

5.4 No Sale of Personal Data

CutVPS does not sell, rent, or otherwise monetise your personal information. We do not share your data with third parties for marketing or advertising purposes without your explicit consent.

6. Cross-Border Data Transfers (IPP 12)

CutVPS is a New Zealand company. Our server infrastructure is located in Europe. However, some of the third-party services we use process personal information in other countries, including the United States and the European Union, as described in Section 5.1 above.

Under Information Privacy Principle 12 of the Privacy Act 2020, we may transfer personal information overseas only where appropriate safeguards are in place. We rely on the following bases for international transfers:

For individuals in the EU or EEA: New Zealand has been granted adequacy status by the European Commission, meaning personal data can flow freely from the EU to New Zealand. Where we transfer data to countries without adequacy status (such as the United States), we rely on the provider's contractual commitments and applicable data protection frameworks.

7. Data Retention (IPP 9)

We retain personal information only for as long as necessary for the purpose for which it was collected, or as required by law. Our retention periods are:

Data TypeRetention Period
Active Account InformationDuration of account + 90 days after closure
Payment and Billing Records7 years (tax and legal compliance)
Support Tickets and Communications3 years after last interaction
Server Logs and Infrastructure Data30 days (except for security incidents)
Access Logs and Authentication Events30 days
Backup Data (VPS)7 days after account deletion
Website Analytics24 months (aggregated)
Marketing Communications Opt-outsIndefinitely (to honour preferences)
Incident Reports and Security Events5 years (if relevant to compliance)

After the retention period expires, personal data is securely deleted or anonymised. In some cases, we may retain data longer if required by law or to protect the security of our infrastructure.

8. Your Rights

8.1 Under the New Zealand Privacy Act 2020

Under the Privacy Act 2020, you have the right to:

If we refuse a request for access or correction, we will provide you with the reasons for our decision and advise you of your right to complain to the Office of the Privacy Commissioner.

8.2 Under the GDPR (EU/EEA Individuals)

If you are in the European Union or European Economic Area, you have additional rights under the GDPR, including:

We will respond to GDPR requests within thirty (30) days (extendable by two months for complex requests).

8.3 How to Exercise Your Rights

To exercise any of the above rights, submit a written request to [email protected] with your full name, email address, and a description of your request. We will verify your identity before processing your request.

9. Cookies and Analytics

9.1 Essential Cookies

CutVPS uses essential cookies that are necessary for the functioning of our website and Services:

9.2 Analytics

We use the following analytics services to understand how our website is used and to improve our Services:

9.3 No Advertising or Tracking Cookies

CutVPS does not use advertising cookies, retargeting cookies, social media tracking pixels, or behavioural tracking technologies.

9.4 Analytics and Your Consent

We use Google Analytics 4 (measurement ID G-83VSJP78WE), a web-analytics service provided by Google LLC, to understand how visitors find and use our website so we can improve it. Google Analytics uses cookies and similar technologies to collect standard internet-log information and aggregated visitor-behaviour information (such as pages viewed, approximate location derived from IP address, device and browser type). We have configured Google Analytics to use IP-anonymisation and we do not use it for advertising personalisation.

We manage analytics cookies through Google Consent Mode and an on-site consent banner:

Your choice is remembered on your device and applied on future visits. You can change it at any time by clearing our cookies for this site, which will bring the banner back.

Information collected by Google Analytics is processed by Google in accordance with the Google Privacy Policy and How Google uses information from sites or apps that use our services. We do not sell your personal information. For information about the personal information we hold, how we use it, and your rights under the New Zealand Privacy Act 2020 (and, where applicable, the EU/UK GDPR), see the rest of this Privacy Policy and our contact details in §16 (Contact Us).

9.5 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Disabling essential cookies may impair the functionality of our Services.

10. Children's Privacy

CutVPS Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will delete such information and terminate the associated account. Parents or guardians who believe their child has provided personal information to CutVPS should contact us immediately at [email protected].

11. Security (IPP 5)

11.1 Security Measures

CutVPS implements security measures to protect personal information against unauthorised access, alteration, disclosure, or destruction, including:

11.2 Security Limitations

While we implement reasonable security measures, no system is completely secure. CutVPS cannot guarantee absolute security against all threats. You are responsible for maintaining the security of your login credentials and account access.

12. Data Breach Notification

Under sections 112 to 117 of the Privacy Act 2020, CutVPS is required to notify the Office of the Privacy Commissioner and affected individuals if a privacy breach has caused, or is likely to cause, serious harm. In the event of such a breach:

For individuals in the EU/EEA, we will also comply with GDPR breach notification requirements where applicable.

13. Policy Updates

CutVPS reserves the right to modify this Privacy Policy at any time. Material changes will be effective fourteen (14) days after notification via email to your registered email address or prominent notification on our website. Your continued use of the Services after the effective date constitutes acceptance of the modified Privacy Policy. If you do not agree with the changes, you may request account termination.

14. Additional Rights for Specific Jurisdictions

14.1 California (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. CutVPS does not sell personal information. To exercise any rights, please submit a request to [email protected].

14.2 Australia

If you are in Australia, the Australian Privacy Principles under the Privacy Act 1988 (Cth) may also apply to you. Your rights under Australian law are broadly similar to those described in Section 8 above.

15. Third-Party Links and Services

Our website and Services may contain links to third-party websites and services that are not operated by CutVPS. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party services before providing your personal information. CutVPS is not responsible for the privacy practices of third-party websites or services.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

We will respond to your inquiry within twenty (20) working days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner of New Zealand at privacy.org.nz.