GDPR is obviously an important piece of legislation, not only for us, but for you, our customers.

As part of our GDPR preparations, we have created this FAQ to help you prepare for GDPR as well as reassure you about our own preparations.

Is my site compliant?

We are unable to confirm that your own site or business is compliant. We can give you as much information as we have about our systems and security, but you will need to make the decision for yourselves on your own compliance.

Where is our data located?

Our primary data centre is in Leeds (UK), and has in it:

  • All our Starter Pro, Home Pro, Business Pro, and Reseller Pro packages
  • All our Premium Hosting packages
  • Our Virtual Private Servers
  • A majority of our Hybrid Servers
  • Our legacy Dedicated Servers
  • Our stand-alone mailboxes
  • Our Hosted Exchange mailboxes
  • All our customer details
  • All our Resellers’ client details

Our secondary data centre is in the EU, and has in it:

  • Some of our Hybrid Servers
  • Most Dedicated Servers purchased after 2016

SiteDesigner is produced by BaseKit, and they have their own data policy available here.

Email Marketing is produced by, and they are updating their own data policy.

Our SSL certificates are generated by Starfield Technologies, who have a Privacy Centre here.

StopTheHacker is produced by Cloudflare and does store a small amount of customer data.

Most of our third-party partners are considered Data Processors, and we, or our customers, are the Data Controller.

How secure is our data with you?

All personal data, both your own and that of your customers, is supplied to us through controlled processes that are protected by appropriate measures, including encryption.

Access to your data is subject to audits and access logging, and is restricted based on the business need.

All staff that have access to your data, or will be collecting data, have been fully trained on respecting customers’ rights, collecting only the data that is needed, adhering to privacy by design, and following other privacy principles.

How physically secure are your data centres?

By having our own data centres, we have built in a secure and resilient network infrastructure and do not rely on third-party solutions.

Our data centres are staffed 24 hours a day every day of the year, with extensive physical security measures, including strict access control and CCTV.

What are you doing about processing Reseller customer data?

We are aware that, for some of our Reseller customers, we are the Data Processor, with the Reseller being the Data Controller. We have prepared a contract to assist our Resellers in their compliance with the obligations required by Article 17 of the Data Protection Directive 95/46/EC, which is now available to download.

What about using HostPay?

Many of the elements needed for GDPR for HostPay are already in place, or are in the process of being added.

If your customers ask for an export of their data, you can do so from the individual Customer Information page or all your customers’ data from the Reseller Control Centre. Please see “How do I export my customers’ data?” in our Support Database.

If your customers want their data deleted, you can delete them individually from the individual Customer Information page in HostPay, or you can delete all your customers’ data along with your Reseller package. Please see “How do I delete my customers’ data?” in the Support Database.

Please remember that you need to ensure that you have no live domains, packages, or products in your account, or your customer’s account, before you delete the data.

All the fields within the contact information can be changed. If you discover that a field cannot be changed, please raise a ticket with our Customer Services team.

Your customers can be added to a mailing list within HostPay. After May 25th, they will not be automatically added, and will have to opt-in to your mailing list. It is your choice to decide what this mailing list is for.

Essential emails, such as invoices, password resets, and billing information, will be sent to your customers regardless of their choice in the mailing list.

You will need to ensure that your existing customers have chosen to opt into your mailing list before you email them.

HostPay does not set any trackers in your visitors’ browsers by default. If you have added a tracker, it is your responsibility to notify your visitors about the tracker and give them the option to opt out.

What is your own GDPR policy?

Heart Internet compiles with all data protection laws applicable to its operations. GDPR is an evolution of privacy law, and not a drastic departure from the laws and regulations that currently govern our day-to-day operations. We welcome the changes as another step towards maintaining the privacy of our customers, and we’re working towards compliance as appropriate and necessary.

We store data as needed to manage and run your account, including for accounting, product configuration, and other reasons. We will be making public our full GDPR information and privacy policy closer to launch.

Wordpress Security

As WordPress grows in popularity, it becomes more and more important to protect your WordPress installation. With more and more people using it to run their websites, hackers view WordPress as a quick and easy way to control servers.
Here are our tips for securing your WordPress site. Whether on our shared hosting or using a self-managed VPS or Dedicated Server, these are fast and easy steps you can take to make sure your WordPress is well-protected.
Photo of a computer screen with a download bar
Update everything

When WordPress tells you there’s an update, no matter how small, update immediately. Each update fixes existing bugs or security issues. You can find out what each update does by reading the WordPress News page.
There is a major security update to WordPress right now – have you already updated?
Photo of a CCTV camera in a hallway
Get a good security package

There are plenty of plug-ins for WordPress that provide detailed security features for your site. WordFence gives you a firewall, two-factor authentication, and scanning, as well as monitoring your site for issues.
Photo of a chainlink fence
Build in a firewall

A good firewall stops malicious requests from even hitting your website. Block Bad Queries is a plug-in that checks all incoming traffic and blocks the bad requests that could cause problems. This not only stops hackers from getting in, it also cuts down on the number of requests that you receive, keeping your site load down and responsive for the people you want to view your site.
Photo of a door chain
Set up two-factor authentication

Two-factor authentication is a fantastic way to keep your site protected. With it, you have an app on your phone that gives you a one-time code to use when logging in. This keeps your login secure against brute force attacks while also giving you added login security. Google Authenticator is a common system used, but you can also try Clef, another plug-in.
Photo of a file cabinet
Maintain good backups

If anything does happen to your WordPress site, it’s a lot easier to restore from a clean backup than it is to try and clean up a corrupted site.
You can back up your site onto your local computer, or to a cloud storage solution. BackWPup is a plug-in that lets you choose what you back up to, whether you want to try Amazon S3, Dropbox, Google Drive, or FTP to another account.

These are some basic steps that can protect your site.