Blue Arctic
WordPress
WordPress Hosting High Performance WordPress
Hosting
Web Hosting Drupal Hosting VPS Hosting Dedicated Servers
Company
Pro Services Pricing Security Why Us
Login Get Started
Legal

Privacy Policy

Last updated: April 5, 2026

1. Introduction

Blue Arctic, LLC ("Blue Arctic," "we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website, purchase or use our Services, or interact with us in any way. This policy applies to all visitors, clients, and users of Blue Arctic's website and Services.

By accessing our website or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our website and Services. For questions about this policy, contact us at privacy@bluearctic.com.

2. Information We Collect

Information you provide directly. We collect information you provide when you create an account, subscribe to Services, contact support, complete a purchase, or communicate with us. This includes:

  • Full name, email address, phone number, and mailing address
  • Company name and job title (if applicable)
  • Billing and payment information (credit card numbers, billing addresses) — processed securely by PCI-compliant payment processors; Blue Arctic does not store full credit card numbers on its servers
  • Account login credentials (username, encrypted password)
  • Communications with support (tickets, emails, chat logs)
  • Domain registration contact information (registrant name, organization, address, phone, email) as required by ICANN
  • Feedback, surveys, and customer satisfaction responses

Information collected automatically. When you use our website and Services, we automatically collect:

  • IP address, browser type, browser version, and operating system
  • Device type, screen resolution, and device identifiers
  • Pages visited, links clicked, time spent on pages, and navigation paths
  • Referring URL, search terms used, and exit pages
  • Date and time of access
  • Cookies and similar tracking technologies (see Section 6)

Information from third parties. We may receive information about you from third parties, including payment processors (transaction confirmations), domain registrars (WHOIS data), fraud prevention services (risk scores), and analytics providers (aggregated usage data).

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provide, maintain, activate, and improve our Services, process Service Orders, and manage your account
  • Billing: To process payments, send invoices, manage billing cycles, and handle refunds
  • Support: To respond to your requests, troubleshoot issues, and provide customer support
  • Transactional communications: To send account confirmations, password resets, service notifications, maintenance alerts, and security notices
  • Marketing communications: To send promotional emails, newsletters, and product announcements (only with your consent; you may opt out at any time)
  • Security: To monitor account activity, detect fraud, prevent unauthorized access, and protect the integrity of our network and infrastructure
  • Legal compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests, and to enforce our Agreement Documents
  • Analytics: To analyze usage patterns, measure website and service performance, and improve the user experience
  • Abuse prevention: To investigate and respond to abuse reports, AUP violations, and DMCA complaints

4. Lawful Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following lawful bases as defined by the General Data Protection Regulation (GDPR):

  • Contract performance (Article 6(1)(b)): Processing necessary to perform our contractual obligations to you, including providing Services, processing payments, and managing your account
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including fraud prevention, network security, service improvement, and analytics — where these interests are not overridden by your fundamental rights and freedoms
  • Legal obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, including tax reporting, law enforcement requests, and ICANN requirements
  • Consent (Article 6(1)(a)): Processing based on your freely given consent, including marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal

5. Disclosure of Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

  • Service providers: We share information with third-party service providers who perform services on our behalf, including payment processors, email delivery services (for transactional and marketing emails), analytics providers, and fraud prevention services. These providers are contractually obligated to use your information only as necessary to provide services to us and to implement appropriate data protection measures.
  • Domain registrars and registries: When you register a domain through Blue Arctic, your contact information is shared with the applicable registrar and registry as required by ICANN. WHOIS privacy protection is available for eligible domains.
  • Legal requirements: We may disclose your information if required by law, court order, subpoena, or valid governmental request, or when disclosure is necessary to protect our rights, privacy, safety, or property, or the rights, safety, or property of our customers or the public.
  • Business transfers: If Blue Arctic is involved in a merger, acquisition, bankruptcy, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will provide notice via email and/or a prominent notice on our website of any such transfer and any changes to applicable terms or privacy practices.
  • Abuse response: We may share information with law enforcement, abuse clearinghouses, affected third parties, or other hosting providers in response to abuse reports, DMCA complaints, or AUP violations.
  • With your consent: We may share your information with your explicit consent for purposes you approve.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Cookies are small data files stored on your device by your browser.

  • Essential cookies: Necessary for website functionality, security, and authentication. These cannot be disabled without impairing core website features. Lawful basis: legitimate interest / contract performance.
  • Performance cookies: Track usage patterns and measure site performance (e.g., Google Analytics). These collect anonymized, aggregated data. Lawful basis: legitimate interest (with opt-out available).
  • Marketing cookies: Personalize content and measure advertising effectiveness (e.g., Google Ads, Meta Pixel). Lawful basis: consent.

Cookie consent. When you first visit our website, you will be presented with a cookie consent notice allowing you to accept or reject non-essential cookies (performance and marketing). Your preferences are stored and can be updated at any time through the cookie settings link in our website footer. If you do not provide consent for non-essential cookies, only essential cookies will be used.

Browser controls. You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, blocking essential cookies may prevent portions of the website from functioning correctly.

Do Not Track. Some browsers transmit "Do Not Track" (DNT) signals. There is no industry-standard interpretation of DNT signals. Blue Arctic honors DNT signals by disabling non-essential tracking when a DNT signal is detected, provided that the user has not separately consented to tracking cookies.

7. Data Retention

We retain personal information only as long as necessary for the purposes for which it was collected, plus any additional period required by law or for legitimate business purposes. Specific retention periods:

  • Account information (name, email, contact details): Retained for the duration of the account plus 1 year after account closure or termination, to allow for account reactivation and post-termination billing resolution
  • Billing and payment records: Retained for 7 years after the transaction, as required by US tax and financial record-keeping obligations
  • Support tickets and communications: Retained for 3 years after the ticket is closed, for quality assurance and dispute resolution
  • Server and access logs (IP addresses, timestamps): Retained for 90 days for security, abuse investigation, and debugging purposes
  • Analytics data: Aggregated, anonymized analytics data is retained indefinitely. Personally identifiable analytics data is retained for 26 months (Google Analytics default)
  • Domain registration records: Retained as required by ICANN and the applicable registrar, typically for the life of the domain plus 1 year after expiration or transfer
  • DMCA and abuse records: Retained for 5 years for legal compliance and repeat infringer tracking

When information is no longer needed, we delete or anonymize it using commercially reasonable methods. Some information may be retained longer if required by law, regulation, or court order, or if necessary for the establishment, exercise, or defense of legal claims.

8. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • SSL/TLS encryption for all data transmitted between your browser and our servers
  • Encryption of sensitive data at rest where technically feasible
  • Physical data center security (biometric access, 24/7 surveillance, mantraps)
  • Role-based access controls and principle of least privilege for employees
  • Regular security audits, vulnerability assessments, and penetration testing
  • DDoS mitigation and intrusion detection systems
  • Employee security training and background checks

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and for promptly reporting any suspected unauthorized access to your account.

9. Data Breach Notification

In the event of a data breach that results in unauthorized access to, or unauthorized acquisition of, personal information that compromises the security, confidentiality, or integrity of personal information maintained by Blue Arctic, we will:

  • Investigate the breach promptly and take reasonable steps to contain and mitigate the impact
  • Notify affected individuals without unreasonable delay, and in any event within 72 hours of becoming aware of a breach involving personal data of EEA, UK, or Swiss residents (as required by GDPR Article 33)
  • Notify affected individuals within the timeframe required by applicable US state breach notification laws (ranging from 30 to 60 days depending on the state)
  • Report the breach to the relevant supervisory authority where required by GDPR or other applicable law
  • Provide affected individuals with a description of the breach, the types of information involved, steps we are taking to address the breach, and recommendations for individuals to protect themselves

Notifications will be delivered via email to the address on file. If email is not feasible (e.g., due to a compromised email system), we will use alternative methods such as posting a notice on our website.

10. Children's Privacy

Our Services are not intended for children. We do not knowingly collect personal information from individuals under the age of 16, or under such other age threshold as may be defined by applicable law (including, without limitation, age 13 under COPPA, age 16 under GDPR, and other thresholds established by US state privacy laws). If we become aware that we have collected personal information from a child below the applicable age threshold, we will take steps to delete such information and terminate the associated account. Parents or guardians who believe their child has provided information to Blue Arctic should contact us immediately at privacy@bluearctic.com.

11. International Data Transfers

Blue Arctic is headquartered in the United States, and our primary data center infrastructure is located in Tampa, Florida. Your information is processed and stored in the United States. The United States may have data protection laws that differ from those in your country of residence.

For EEA, UK, and Swiss residents: Blue Arctic provides appropriate safeguards for the transfer of Personal Data outside the EEA, UK, or Switzerland through its Data Processing Addendum ("DPA"). The DPA incorporates the European Commission's Standard Contractual Clauses (SCCs) (Commission Implementing Decision (EU) 2021/914), which apply to transfers of Personal Data from the EEA to the United States where required by applicable data protection laws. For transfers from the United Kingdom, the UK International Data Transfer Addendum to the EU SCCs is incorporated where required. For transfers from Switzerland, the SCCs apply with the modifications required by the Swiss Federal Data Protection and Information Commissioner.

The incorporation of SCCs into the DPA applies to the relationship between the Client (as Data Exporter) and Blue Arctic (as Data Importer) and does not constitute a representation that SCCs have been universally executed with all third parties. We do not rely solely on consent as the legal basis for international data transfers in the context of routine service delivery.

To obtain a copy of the safeguards we use for international data transfers (which may be provided in redacted form to protect security and confidentiality), or to request a copy of the DPA, contact privacy@bluearctic.com.

12. Your Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information:

  • Right to access: You can request a copy of the personal information we hold about you
  • Right to rectification: You can request that we correct inaccurate or incomplete personal information
  • Right to erasure ("right to be forgotten"): You can request deletion of your personal information, subject to legal retention obligations and legitimate business needs
  • Right to restrict processing: You can request that we limit the processing of your personal information in certain circumstances
  • Right to data portability: You can request your personal information in a structured, commonly used, machine-readable format (e.g., CSV or JSON)
  • Right to object: You can object to the processing of your personal information based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing
  • Right to opt out of marketing: You can opt out of marketing communications at any time using the unsubscribe link in any marketing email, or by contacting us
  • Right to lodge a complaint: EEA and UK residents have the right to lodge a complaint with a supervisory authority in their country of residence if they believe their data protection rights have been violated

To exercise any of these rights, please contact us at privacy@bluearctic.com. We will verify your identity before processing your request and respond within 30 days (or within the timeframe required by applicable law). If we need additional time, we will notify you of the extension and the reason.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information:

Right to know. You have the right to request that we disclose: the categories of personal information we have collected about you; the categories of sources from which the information was collected; the business or commercial purpose for collecting the information; the categories of third parties with whom we share the information; and the specific pieces of personal information we have collected about you.

Right to delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., legal obligations, completing transactions, security).

Right to correct. You have the right to request that we correct inaccurate personal information.

Right to opt out of sale or sharing. Blue Arctic does not sell personal information as defined by the CCPA/CPRA. We do not share personal information for cross-context behavioral advertising. Because we do not sell or share personal information, a "Do Not Sell or Share My Personal Information" mechanism is not required; however, if our practices change, we will update this policy and provide the required opt-out mechanism.

Right to limit use of sensitive personal information. We only use sensitive personal information (e.g., payment information) as necessary to provide the Services. We do not use sensitive personal information for purposes beyond what is reasonably necessary.

Non-discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you Services, charge you different prices, provide a different level of service quality, or retaliate in any way for exercising your privacy rights.

Categories of personal information collected in the preceding 12 months: Identifiers (name, email, phone, IP address); commercial information (purchase history, billing records); internet activity (browsing history, search terms, interactions with our website); geolocation data (derived from IP address); and professional information (company name, job title).

To submit a CCPA/CPRA request, contact us at privacy@bluearctic.com or call +1-888-624-2527. We will verify your identity and respond within 45 days. If we need additional time, we may extend the response period by an additional 45 days with notice.

14. Changes to This Policy

Blue Arctic may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. Material changes — including changes to the categories of information collected, new third-party sharing arrangements, or changes to your rights — will be communicated via email to the address on file at least 30 days before the changes take effect, in addition to updating the "Last Updated" date on this page. Non-material changes (clarifications, formatting) may take effect immediately upon posting.

Your continued use of our Services after the effective date of a modification constitutes your acceptance of the updated Privacy Policy. If you do not agree to a material change, you may terminate your account before the change takes effect.

15. Governing Law

This Privacy Policy is governed by the governing law and jurisdiction provisions set forth in the Master Service Agreement, Section 16. For EEA and UK residents, this governing law clause does not override mandatory data protection laws in your country of residence, including the GDPR and applicable national implementing legislation.

16. Contact Information

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your data, please contact us:

Blue Arctic, LLC — Privacy
Email: privacy@bluearctic.com
Mailing Address: PO Box 2195, Bushnell, FL 33513, USA
Phone: +1-888-624-2527

Blue Arctic has not appointed a Data Protection Officer (DPO) at this time, as we do not engage in large-scale systematic monitoring of individuals or large-scale processing of special categories of data. All privacy inquiries should be directed to the contact information above. If our processing activities change such that a DPO is required under GDPR Article 37, we will update this section accordingly.

EU and UK Representative. Blue Arctic is headquartered in the United States. Where required by GDPR Article 27 or UK GDPR Article 27, Blue Arctic will designate a representative in the European Union and/or the United Kingdom and will publish the representative's contact details in this section. If you have questions about whether a representative has been designated, contact privacy@bluearctic.com.

We will respond to privacy inquiries within 30 days of receipt. If we need additional time to fulfill a request, we will notify you within the initial 30-day period.