New Year sale: 30% off VPS and hosting — until December 31. See plans →
Blog Why epro.io Contact
AZ · AzərbaycanRU · РусскийEN · English
Order
OrderWhatsApp
Privacy · GDPR-compliant

Privacy Policy

This policy explains what personal data we collect, why, how we store it and who it is shared with. It complies with the personal data legislation of the Republic of Azerbaijan and the principles of the GDPR.

Last updated: 10 June 2026
Contents
  1. Who we are and contact details
  2. What data we collect
  3. Purposes and legal grounds
  4. Sharing with third parties
  5. Retention periods
  6. Data security
  7. Cookies and analytics
  8. Your rights
  9. International transfers, children
  10. Policy updates and contacts

1.Who we are and contact details

The data controller is Epro.io MMC, registered in the Republic of Azerbaijan.

  • Legal address: 129 Heydar Huseynov Street, Block A, 1st floor, Baku AZ1010, Azerbaijan.
  • Email for data requests: support@epro.io
  • Phone / WhatsApp: +994 77 484 00 00

Epro.io holds a license for the formation of personal data information resources, the creation of information systems and the provision of services thereon, issued by the authorized body of the Republic of Azerbaijan.

2.What data we collect

Account data

When registering in Billing we collect: name, email, phone, country, and for legal entities — company name and tax details.

Payment data

We do not store card numbers. Payments are processed by payment processors (see Section 4). We only retain the transaction ID, amount, date and payment method.

Technical data

When you visit the site or use the control panel, we automatically collect: IP address, browser User-Agent, request timestamp, referrer page, session ID. These are needed for security and diagnostics.

Domain registration data

When you register a domain through Epro.io, your contact details (name, address, email, phone) are transmitted to the registrar and appear in the WHOIS database per the rules of each zone (.az, .com, .io etc.).

3.Purposes and legal grounds for processing

  • Service provision (hosting, VPS, servers, domains) — legal basis: performance of contract.
  • Billing and tax reporting — legal basis: legal obligation (tax accounting).
  • Technical support and communication — legal basis: contract performance.
  • Security and abuse prevention (server logs, attack detection) — legal basis: legitimate interest.
  • Website analytics (Google Analytics — anonymized metrics) — legal basis: consent via cookie banner.
  • Marketing emails (news, promotions) — legal basis: your explicit consent. Consent can be withdrawn at any time.

4.Sharing data with third parties

We do not sell your personal data. Sharing with third parties occurs only when necessary for service provision or by legal requirement:

Payment processors

PayPal
PayPal payment processing
Visa / Mastercard
Card payment processing via acquiring bank
Acquiring bank (direct)
Direct bank transfers and merchant services

Analytics

Google Analytics (Google LLC)
Anonymous site visit statistics. Enabled only after your consent in the cookie banner

Domain registrars

When you register a domain, your contact data is transferred to a third-party registrar to perform the contract with the registry (.az, .com, .io etc.) and is published in WHOIS per the rules of the relevant zone.

Government authorities

Data is shared with government authorities only upon official request in accordance with the legislation of the Republic of Azerbaijan.

5.Data retention periods

  • Account data — for the duration of the contract. After account deletion — 3 more years to resolve potential disputes.
  • Payment transactions and tax documents — 5 years, in accordance with the tax laws of Azerbaijan.
  • Server and control panel logs — 90 days. For security incident investigations — up to 1 year.
  • Support tickets and correspondence — 2 years after a ticket is closed.
  • Marketing consents — until consent is withdrawn + 1 year to confirm withdrawal.

6.Data security

  • Encryption in transit — all traffic to Billing, control panel and APIs is protected with TLS (HTTPS).
  • Encryption at rest — passwords stored as hashes (bcrypt). Backups on separate physical media.
  • Access controls — customer data is accessible only to employees who need it, with authentication and action logging.
  • Physical security — equipment is hosted in a Tier III Data Center in Baku with 24/7 security, access control and fire suppression.

If we detect a security incident that may affect your personal data, we will notify you by email within 72 hours of identification.

7.Cookies and analytics

We use cookies (small text files in your browser) for three categories:

  • Strictly necessary — session, login, language and currency selection. The site cannot work without these. No consent required.
  • Analytical — Google Analytics for anonymous visit statistics. Enabled only after your consent in the cookie banner.
  • We do not use marketing cookies — no retargeting, no advertising trackers.

You can change your consent choices at any time via the cookie banner at the bottom of the site or in your browser settings.

8.Your rights as a data subject

You have the right to:

1
Know about your data
Obtain a copy of the data we hold about you
2
Correct errors
Request correction of inaccurate data
3
Delete data
Right to erasure — when there are no legal grounds for further storage
4
Restrict processing
Pause processing while a matter is under review
5
Data portability
Receive your data in a machine-readable format
6
Object to processing
Especially for marketing — withdraw consent in one click

Send rights-related requests to support@epro.io. Response time — up to 30 days. In case of a violation, you have the right to lodge a complaint with the supervisory authority: State Service of Special Communications and Information Security of Azerbaijan.

9.International transfers and children

Transfers outside Azerbaijan

Primary customer data is stored in a Tier III Data Center in Baku (Azerbaijan). Transfers outside Azerbaijan occur only in the following cases:

  • Payments through PayPal — PayPal servers are located outside Azerbaijan.
  • Google Analytics — site visit data is processed by Google LLC (only with your consent).
  • Domain registrars — for non-AZ zones, data is published in the international WHOIS.

Services for children

Epro.io services are intended for persons over 18 (or for legal entities). We do not knowingly collect data from minors.

10.Policy updates and contacts

We may update this policy to reflect legal or process changes. The current version and last update date are shown on this page. This version is effective from 10 June 2026.

For any data processing questions, email support@epro.io or reach us via any channel on the contact page.

A data request?

We'll help with access, export, correction or deletion of your data. Response within 30 days.

Email support WhatsApp