Privacy Policy — notbing.cc

Who operates this service

This service is operated as a personal, self-hosted cloud platform. It is not a commercial entity. There is no company, no subscriber list, and no advertising of any kind. If you have questions about how your data is handled, you can reach the operator via the contact details provided when you were invited to use the service.

Where your data is stored

All data you upload or create on this service is stored on infrastructure provided by Hetzner, a German hosting company with a data centre physically located in Helsinki, Finland. Data does not leave the European Economic Area.

Infrastructure provider

Hetzner Online GmbH & Hetzner Finland Oy

Data centre location

Helsinki, Finland — European Union

ISO certification

ISO 27001:2022 (Helsinki site included)

Data stays in EEA

Yes — no transfers outside the EU/EEA

Hetzner operates under German and EU law and is bound by the General Data Protection Regulation (GDPR). Their privacy policy and technical and organisational measures (TOMs) are published at the links in the References section below.

Applicable law

Because the server is physically located in Finland, Finnish and EU law governs how personal data is handled at the infrastructure level. The two principal legal instruments are:

EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679, directly applicable since 25 May 2018. Sets out your rights: access, rectification, erasure, restriction, portability, and objection.
Finnish Data Protection Act — Tietosuojalaki (1050/2018), in force since 1 January 2019. Supplements and specifies the GDPR in Finland.

The supervisory authority for Finland is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), based in Helsinki. You have the right to lodge a complaint with this authority if you believe your data is being handled unlawfully.

Finnish supervisory authority

Office of the Data Protection Ombudsman · tietosuoja.fi/en

What data is collected and why

This is a personal cloud storage and productivity platform. The operator does not actively collect or analyse your content. What is stored is only what you choose to upload or create:

Files, documents, photos, and other content you upload
Calendar entries, contacts, and notes if you use those features
Your account username and email address (used for authentication and notifications only)
Standard server access logs (IP address, timestamp, HTTP method) — retained for a limited period for security purposes

No analytics, tracking pixels, third-party scripts, or advertising is present on this service.

End-to-end encryption

Some Nextcloud clients and apps support client-side end-to-end encryption (E2EE). If you choose to enable this, your files are encrypted on your device before they are uploaded. The server — and therefore the operator — cannot read the contents of encrypted folders.

Important warning

End-to-end encryption is entirely at your own risk. If you lose your encryption mnemonic (recovery key), your encrypted files cannot be recovered by anyone — not by the operator, and not by Hetzner. There is no backdoor and no fallback. Keep your mnemonic safe, offline, and in more than one place. Do not rely on this service as your only copy of irreplaceable data.

E2EE is an optional feature. Files in folders that are not E2EE-encrypted are protected by standard HTTPS in transit and server-side storage, but are accessible to the server operator.

Data retention and deletion

Your data is kept for as long as your account exists on this service. If your account is removed, your files and account information are deleted from the server. Server access logs are purged on a rolling basis and are not retained indefinitely.

Backups are stored on a separate Hetzner Storage Box, also located in Helsinki. Backups exist to protect against accidental data loss and are not used for any other purpose. Deleted files may remain in backups for a short period before those backups are rotated out.

Your rights under GDPR

Under the GDPR you have the right to:

Access — request a copy of the personal data held about you
Rectification — have inaccurate data corrected
Erasure — request deletion of your data ("right to be forgotten")
Restriction — ask for processing to be limited in certain circumstances
Portability — receive your data in a machine-readable format
Objection — object to processing where the legal basis is legitimate interest

To exercise any of these rights, contact the operator directly. You also have the right to complain to the Finnish Data Protection Ombudsman at tietosuoja.fi/en.

Security measures

The server running this service applies the following security measures:

Firewall

UFW — only ports 22, 80, and 443 are open

Remote access

SSH key authentication only — password login disabled

Intrusion detection

Fail2ban with multiple active jails

TLS

HTTPS enforced via Caddy — automatic certificate renewal

Infrastructure

Hetzner ISO 27001:2022 certified data centre, Helsinki

References and further reading

[1]
Hetzner Privacy Policy
hetzner.com/legal/privacy-policy
[2]
Hetzner Data Protection FAQ (Docs)
docs.hetzner.com/general/general-terms-and-conditions/data-privacy-faq
[3]
Hetzner ISO 27001 & Certifications
hetzner.com/unternehmen/zertifizierung
[4]
EU General Data Protection Regulation (GDPR) — full text
eur-lex.europa.eu — Regulation (EU) 2016/679
[5]
Finnish Data Protection Act — Tietosuojalaki (1050/2018)
tietosuoja.fi/en/legislation
[6]
Office of the Data Protection Ombudsman (Finland)
tietosuoja.fi/en