Legal
Privacy Policy
How cPBackup (cpbackup.net) collects, uses, stores, and protects data when you use our website and backup service.
Last updated
12 January 2026
1) Who we are
cPBackup / cpbackup.net is operated by:
Controller: HostXNow
Registered address: 582-586 Kingsbury Rd, Birmingham B24 9ND
Contact Form: https://cpbackup.net/contact.php
If you back up personal data belonging to your customers/users, you are typically the controller for that data and we act as a processor providing the backup service.
Controller: HostXNow
Registered address: 582-586 Kingsbury Rd, Birmingham B24 9ND
Contact Form: https://cpbackup.net/contact.php
If you back up personal data belonging to your customers/users, you are typically the controller for that data and we act as a processor providing the backup service.
2) What we collect
Account & billing
- Name, email address, company (optional), address (optional), invoices/payment status (payment details are usually handled by your payment provider)
Backup Manager configuration
- Domain/hostname, cPanel/WHM username, API token (revocable)
- Schedules, retention, and destination location
Backup content (Customer Content)
- Backups you store may include personal data (emails, databases, files). We process this only to provide the service.
Metadata & usage
- Job status, timestamps, sizes, integrity info (e.g., hashes), and storage usage (including peak usage where used for billing)
Support
- Tickets, messages, and attachments you submit
Technical data
- IP address and basic security logs
- Name, email address, company (optional), address (optional), invoices/payment status (payment details are usually handled by your payment provider)
Backup Manager configuration
- Domain/hostname, cPanel/WHM username, API token (revocable)
- Schedules, retention, and destination location
Backup content (Customer Content)
- Backups you store may include personal data (emails, databases, files). We process this only to provide the service.
Metadata & usage
- Job status, timestamps, sizes, integrity info (e.g., hashes), and storage usage (including peak usage where used for billing)
Support
- Tickets, messages, and attachments you submit
Technical data
- IP address and basic security logs
3) How we use your data
- Provide the service (account management, backups, downloads/restores)
- Secure access (tokens, session security, secure download links)
- Verify integrity and display verification information
- Measure usage for billing and capacity planning
- Provide support and troubleshooting
- Prevent abuse and comply with legal obligations
- Secure access (tokens, session security, secure download links)
- Verify integrity and display verification information
- Measure usage for billing and capacity planning
- Provide support and troubleshooting
- Prevent abuse and comply with legal obligations
4) Legal bases (UK GDPR)
We rely on one or more of the following:
- Contract (to provide the service)
- Legitimate interests (security, fraud prevention, service improvements)
- Legal obligation (tax/accounting, lawful requests)
- Consent (where required, e.g., optional marketing)
- Contract (to provide the service)
- Legitimate interests (security, fraud prevention, service improvements)
- Legal obligation (tax/accounting, lawful requests)
- Consent (where required, e.g., optional marketing)
5) Where data is stored
Backups are stored in the location you select (e.g., UK/EU/US). Choosing a location may involve international transfers depending on your choice.
6) Sharing and subprocessors
We share data only as needed to operate the service (e.g., infrastructure providers, payment processors, email/support tooling). We require providers to protect data and use it only to provide services to us. A current list of key subprocessors can be provided on request.
7) Security
We use practical protections appropriate to the service, which may include:
- Encryption in transit (e.g., HTTPS for web/API; SSH/SCP for transfers)
- Token-based access (revocable tokens)
- Secure downloads (e.g., expiring/single-use links where available)
No system is 100% secure, but we maintain reasonable technical and organisational measures.
- Encryption in transit (e.g., HTTPS for web/API; SSH/SCP for transfers)
- Token-based access (revocable tokens)
- Secure downloads (e.g., expiring/single-use links where available)
No system is 100% secure, but we maintain reasonable technical and organisational measures.
8) Retention
- Backups are retained according to your configured retention settings.
- Account/billing records are retained as required for contractual and legal purposes.
- After cancellation, we will delete backups (unless legally required to retain certain records).
- Account/billing records are retained as required for contractual and legal purposes.
- After cancellation, we will delete backups (unless legally required to retain certain records).
9) Your rights
Subject to UK GDPR and applicable law, you may have rights to access, correct, delete, restrict, object, and (where applicable) portability.
Contact Form: https://cpbackup.net/contact.php
You can also complain to the UK ICO if you are unhappy with how we handle your data.
Contact Form: https://cpbackup.net/contact.php
You can also complain to the UK ICO if you are unhappy with how we handle your data.
10) Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date will be revised when changes are made.