# HOMURA NETWORK LIMITED PRIVACY POLICY **Effective Date: October 29, 2025** ## 1\. Introduction and Scope Homura Network Limited ("Homura Network," "we," "us," or "our") respects the privacy of our website visitors, customers, and service users. We are committed to transparency and data security in handling personal data related to our hosting, connectivity, and infrastructure services. This Privacy Policy explains what personal data we collect, how we use it, how we protect it, and your rights concerning your data. This Policy applies whenever we act as a Data Controller (determining the purposes and means of processing your data). **Services Covered:** This Policy applies to all websites operated by Homura Network Limited, and all services offered by Homura Network Limited, **including, but not limited to,** Dedicated Servers, Virtual Private Servers (VPS), Web Hosting, Network Services, and connectivity or eSIM-related services. **Policy Precedence:** This Privacy Policy should be read together with our [Terms of Service (TOS)](https://docs.homura.network/legal/terms_of_service), [Acceptable Use Policy (AUP)](https://docs.homura.network/legal/acceptable_use_policy), and [Abuse and Network Policy](https://docs.homura.network/legal/abuse_and_network_policy). ## 2\. Information We Collect We collect information that identifies, relates to, or could reasonably be linked with you ("Personal Data"). This information may come directly from you, automatically through our systems, or in some cases from third parties. ### 2.1 Categories of Personal Data Collected The examples provided in the table below are illustrative and not intended to be an exhaustive list of all data collected in that category. | Category | Description and Examples | Source & Purpose | | ----- | ----- | ----- | | **Identifiers & Contact Information** | Name, address, email, phone number (upon registration and information change). IP address on every operation. | **Directly from you** when you create an account, order services, or contact support. Used for account management, service delivery, and security. | | **Payment & Commercial Information** | Transaction history, billing address. **Note:** Sensitive payment details (e.g., full credit card numbers) are collected and processed **directly by third-party gateways**. | **From you** during purchase. We **do not** store your **full credit card number**. We **do** store necessary transaction IDs, last four digits of cards, **and the information sent back to us by the gateway, such as the billing address and name provided during the transaction** (which may be passed back from the payment gateway) for our financial records. | | **Usage & Network Activity Data** | IP address, geographical location, browser type, OS, website navigation behavior, Timezone, language. | **Automatically collected** via our website, analytics, and network logs. Used for monitoring, analytics, and security. | | **Service Data (Operational Logs)** | Network data (IPs, ports, flow data), traffic routing logs, system configuration information, and operational telemetry. For eSIMs, this includes connectivity metadata (IMEI, EID, etc). | **Automatically generated or collected** when you use our services. Used for operational integrity, troubleshooting, and abuse prevention. **These data might be processed by our partners, but only for providing the service and abuse prevention.** | | **Correspondence Data** | Support tickets, emails, and chat transcripts. | **From you** during communication. Used for record-keeping and customer service. | ### 2.2 Sensitive and Verification Data In limited circumstances, **we may request additional verification information—such as government-issued identification, proof of address**, or device/IP verification—when required for fraud prevention, credit card verification, or compliance checks. **These data are not required by default but may be necessary for completing a transaction or validating account authenticity.** We process this data only for verification, and **may utilize third-party identity verification services** to assist in this process. (As detailed in Section 6.1, this data is typically stored for no longer than 90 days). ## 3\. How We Use Your Information and Legal Bases We process your Personal Data under lawful bases, including contract performance, legal obligations, legitimate interests, and your consent where applicable. | Purpose | Data Categories Used | Legal Basis (under GDPR) | | ----- | ----- | ----- | | **Service Provision** | Identifiers, Payment, Usage, Service Data | **Performance of a Contract** | | **Billing & Financial Management** | Identifiers, Payment, Commercial Data | **Performance of a Contract** & **Legal Obligation** | | **Security & Abuse Prevention** | Identifiers, Usage, Service Data, Verification Data | **Legitimate Interests** & **Legal Obligation** | | **Legal Compliance** | All relevant categories | **Legal Obligation** | | **Service Improvement** | Usage, Correspondence, Service Data | **Legitimate Interests** | | **Marketing Communications** | Identifiers, Commercial Data | **Consent** or **Legitimate Interest** (opt-out available) | **Operational Note:** We **do not** access customer-stored data (Customer Content) on your Dedicated Server or VPS without your explicit consent. Access is strictly limited to situations where we are compelled by a valid legal order. ## 4\. Information Sharing and Disclosure to Third Parties **We do not sell or rent your Personal Data.** However, we share information with trusted third parties as necessary for secure service delivery. | Recipient Category | Purpose | Example of Data Shared | Contact/Policy Reference | | ----- | ----- | ----- | ----- | | **Payment Processors** | Transaction handling, fraud screening | Billing info, payment method, last 4 digits | Stripe ([https://stripe.com/privacy](https://stripe.com/privacy)) PayPal ([https://www.paypal.com/webapps/mpp/ua/privacy-full](https://www.paypal.com/webapps/mpp/ua/privacy-full)) CoinPayment ([https://www.coinpayments.net/en/privacy-policy](https://www.google.com/search?q=https://www.coinpayments.net/en/privacy-policy)) Cryptomus ([https://cryptomus.com/privacy-policy](https://www.google.com/search?q=https://cryptomus.com/privacy-policy)) and other processors as may be offered. | | **Fraud Detection & Verification** | Risk assessment, ID validation | IP, device info, verification data | FraudLabs Pro ([https://www.fraudlabspro.com/privacy](https://www.google.com/search?q=https://www.fraudlabspro.com/privacy)) MaxMind ([https://www.maxmind.com/en/privacy-policy](https://www.maxmind.com/en/privacy-policy)) | | **Connectivity & Fulfillment Partners** | Fulfillment of eSIM or other connectivity services | Identifiers, usage metadata | RedteaGo ([https://www.redteago.com/privacy](https://www.google.com/search?q=https://www.redteago.com/privacy)) CMLink ([https://www.cmlink.com/en/privacy-policy](https://www.google.com/search?q=https://www.cmlink.com/en/privacy-policy)) etc. | | **Logistics & Shipping Providers** | Fulfillment of physical goods (e.g., hardware, SIM cards) | Name, Shipping Address, Contact Information | Varies by selected carrier (e.g., DHL, FedEx, local post). | | **CDN & Security Providers** | Service delivery, security, analytics. | IP, usage data, website activity | Cloudflare ([https://www.cloudflare.com/privacypolicy](https://www.cloudflare.com/privacypolicy)) | | **Infrastructure, Software, & Network Transit** | Data center hosting, IP transit, email delivery. (Your service traffic transits their networks). | Account and technical data, IP traffic, operational telemetry (if applicable) | Varies by service. A list for your specific service is available upon request. | | **Professional Advisers & Legal** | Compliance, risk management | Case-related data | Confidential, available upon request | | **Law Enforcement & Regulators** | Legal obligations | Data as required by valid order | Provided only with proper legal authority | Users may contact **privacy@homura.network** for a current list of third-party processors and their contact details, or to inquire about the physical storage location(s) of their Account Data. ## 5\. Data Location and International Transfers Homura Network Limited is based in Hong Kong. We store and process data across multiple data centers globally. * **Account Data:** Your Identifiers, Payment, Commercial, and Correspondence Data are processed and stored in our central servers, which may be located in Hong Kong, the USA, or a GDPR-compliant country. * **Service Data (VPS/Hosting):** The *live content* you store on your VPS (your "Customer Content") is stored **exclusively in the data center location you selected** when purchasing the service (e.g., a server purchased for Singapore will be stored in Singapore; a server for Hong Kong will be stored in Hong Kong). **Backups of this Service Data** may be stored in a different secure, central location (e.g., a GDPR-compliant region or Hong Kong) for disaster recovery purposes. * **Service Data (eSim):** Data for eSIM services will be processed by local carriers and partner roaming operators in various jurisdictions. Data is stored on our partners' systems and in our central data storage locations as necessary for service provision. We ensure that all cross-border data transfers are protected by strong technical safeguards, such as encryption during transit. ### 5.1 Regional Compliance Note Homura Network Limited is a company registered in Hong Kong, and our primary compliance framework is Hong Kong's Personal Data (Privacy) Ordinance (PDPO). We recognize our customers are global, and will make commercially reasonable efforts to respect global privacy standards. **However, we do not guarantee full compliance with all specific requirements (such as GDPR) of your local jurisdiction. You are responsible for ensuring your use of our services complies with your local regulations.** ## 6\. Data Retention We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Where possible, data is aggregated or anonymized after its retention period. ### 6.1 Retention Periods * **Customer Content (User Disk Data):** All data related to a service (including automated backups and snapshots) is **destroyed upon cancellation or termination** of the service. * **Invoicing Records (Payment & Commercial Data): May be retained permanently,** and will be kept for **at least 7 years** as required for business, tax auditing, and legal obligations. **After the minimum legal retention period (7 years) has passed, we will anonymize this data upon verifiable request,** where legally permissible and not in conflict with our auditing requirements. * **Account & Contact Data:** Retained for the duration of your active service use, and for a period after account closure as required by law or for legitimate business purposes (e.g., fraud prevention). * **Verification Data (when collected):** Securely **deleted within 90 days** after the verification process is complete, unless retention is legally required. * **Service Data (Operational Logs):** Retained for a limited period (e.g., 6-18 months) for network analysis, troubleshooting, and abuse investigation, after which they are aggregated or anonymized. * **Network Logs & Access Metadata:** Retained for a limited period (e.g., 6-12 months) for security, abuse investigation, and network analysis. * **Correspondence Data:** Retained for the duration of your account's life to maintain a history of support interactions. ## 7\. Cookies and Tracking We use several types of cookies and tracking technologies, **including but not limited to**: * **Essential Cookies:** Authentication, session maintenance, fraud prevention, and security. * **Functional Cookies:** User preferences such as language or layout. * **Analytics Cookies:** Anonymous usage insights (e.g., Cloudflare Web Analytics). * **Security Cookies:** Detect and mitigate attacks or abnormal traffic. * **Referral/Marketing Cookies:** Used only for referral tracking; no cross-site profiling. Users can disable optional cookies via browser settings. Blocking essential cookies may affect functionality. ## 8\. Children’s Privacy Our services are intended for users who have reached **both** the age required to enter into a legally binding contract in their jurisdiction (often 18 years or older) **and** the minimum age required to consent to data processing. If you do not meet these requirements, you must have obtained valid legal guardian consent for us to lawfully process your data and for you to agree to our Terms of Service. We do not knowingly collect data from minors without such consent. If a parent or guardian believes a minor has provided data to us without their consent, please contact **privacy@homura.network** for immediate removal of that data. ## 9\. Data Subject Rights (Access, Correction, and Deletion) In accordance with the Hong Kong PDPO and other applicable laws, you have the right to request access to, correction of, or deletion of your Personal Data held by us. You may submit a request to `privacy@homura.network`. We will respond to verifiable requests within the legally mandated timeframe. Please note that deletion requests are subject to exceptions. We will honor requests to delete data such as Correspondence Data (support tickets/email logs) or non-essential account details. However, we cannot delete data that we are required to retain by law or for overriding legitimate business interests. For example, even if you request full account deletion, we are required by law to retain **Invoicing Records** permanently and may retain data related to abuse or AUP violations to protect our network and defend against legal claims. ## 10\. Data Security and Breach Notification We implement reasonable administrative, technical, and physical security measures to protect your Personal Data from unauthorized access, loss, misuse, or alteration. In the event of a data breach that is likely to result in a real risk of harm to our users, we will take steps to mitigate the impact. While Hong Kong's PDPO does not currently have a mandatory universal notification requirement, we commit to notifying the Office of the Privacy Commissioner for Personal Data (PCPD) and affected individuals as appropriate and in accordance with legal requirements and industry best practices. ## 11\. User Responsibilities and Customer Content You are solely responsible for securing the data, applications, and services operating within your server environment (e.g., VPS or Dedicated Server), which constitutes "Customer Content." As stated in Section 3, we do not access or control the Customer Content you store on our infrastructure. **Therefore, this Privacy Policy does not apply to any data loss, breach, or unauthorized access that results from a compromise of your server environment due to your own actions or inactions (such as weak passwords, unpatched software, or insecure configurations). Such incidents are your sole responsibility and are outside of Homura Network's control.** ## 12\. Contact and Business Information **Homura Network Limited** **Hong Kong BRN: 75553711** Address: RM 1805-06, 18/F, HOLLYWOOD PLAZA, 610 NATHAN ROAD, KOWLOON, HONG KONG SAR If you have any questions about this Privacy Policy or our data practices, please contact us: * **Privacy Inquiries:** `privacy@homura.network` * **Abuse Reports:** `abuse@homura.network` Existing clients may also contact us by opening a support ticket on our platforms (e.g., Homura.Network, NAT.Toys, eSIM.day). You may also contact us by mailing a physical document to our registered business address listed **above**.