Safety Memorandum

is*hosting

Introduction

Internet security isn't a granted good — it’s a shared responsibility for everyone in the digital space. At is*hosting, we understand our role and are committed to being a trusted partner for our clients, safeguarding their data and ensuring their projects run uninterrupted. This memorandum outlines the principles and approaches that guide our work to maintain and improve security.

Our Vision

We’re not just a hosting provider — we strive to be part of the secure internet ecosystem. This means protecting our infrastructure and clients' data while preventing abuse that could harm other internet users.

We stand by our clients, safeguarding their right to privacy and fair treatment. Any action we take is based solely on legal requirements and verified evidence.

Security Principles at is*hosting

1. Transparency and Accountability
   Security starts with transparency. Instead of hiding vulnerabilities, we actively seek them out and address them. That’s why we’ve launched a public vulnerability disclosure program, inviting security researchers to help make our systems more secure.
2. Client Data Protection and Digital Freedom
   We respect our clients’ right to privacy and do not access the content stored on their servers. At the same time, we’ve implemented clear processes to handle abuse reports and follow strict procedures when dealing with legal or policy violations.
3. Accountability to the Internet Community
   We maintain a balance between protecting client interests and meeting our responsibilities to the broader internet community.
4. Continuous Improvement
   Threats constantly evolve, and so does our security. We regularly update our infrastructure and security processes to stay ahead.
5. Ethical Collaboration
   We actively engage with security researchers and the professional community to enhance security through ethical cooperation.
6. Data Minimization and Transparent Interaction
   We collect and process only the data necessary to provide services and comply with legal requirements. All actions are carried out in strict adherence to GDPR and transparency principles.
7. Fair and Transparent Engagement
   We take action only when legally required and ensure fair, transparent interactions with our clients.

Our Actions

• Public Vulnerability Disclosure Program (VDP) — we've provided security researchers with a platform aligned with Safe Harbor principles where they can report vulnerabilities and help us strengthen our infrastructure.
• Abuse Handling and Reporting — abuse reports are acknowledged within 24 hours and investigated within five business days. We ensure transparent communication with both the complainant and the resource owner.
• Proactive Threat Prevention — automated systems help us prevent DDoS attacks, spam, and other harmful activities.
• Incident Management and Threat Response — 24/7 monitoring helps us detect suspicious activity and activate response plans in case of threats.
• KYC (Know Your Customer) for Security — in specific cases, we request identity verification through a trusted third-party KYC process to prevent illegal use of our services. This process is fully GDPR-compliant.
• Data Minimization and Confidentiality — we do not access client data and conduct investigations only based on complaints or publicly available information.
• Collaboration with Regulators and Legal Authorities — we comply with legal requests only when justified and ensure data minimization principles are followed.
• Client Security Education — we regularly inform clients about best practices for protecting their data and resources, including using strong passwords and enabling multi-factor authentication.

Conclusion

We believe that security is a journey, not a destination. We are committed to continuously improving our services and contributing to a safer internet for everyone.

is*hosting — your trusted partner for secure and reliable hosting.