HOMURA NETWORK LIMITED PRIVACY POLICY

Effective Date: October 29, 2025

Homura Network Limited (“Homura Network,” “we,” “us,” or “our”) respects the privacy of our website visitors, customers, and service users. We are committed to transparency and data security in handling personal data related to our hosting, connectivity, and infrastructure services.

This Privacy Policy explains what personal data we collect, how we use it, how we protect it, and your rights concerning your data. This Policy applies whenever we act as a Data Controller (determining the purposes and means of processing your data).

Services Covered: This Policy applies to all websites operated by Homura Network Limited, and all services offered by Homura Network Limited, including, but not limited to, Dedicated Servers, Virtual Private Servers (VPS), Web Hosting, Network Services, and connectivity or eSIM-related services.

Policy Precedence: This Privacy Policy should be read together with our Terms of Service (TOS), Acceptable Use Policy (AUP), and Abuse and Network Policy.

We collect information that identifies, relates to, or could reasonably be linked with you (“Personal Data”). This information may come directly from you, automatically through our systems, or in some cases from third parties.

The examples provided in the table below are illustrative and not intended to be an exhaustive list of all data collected in that category.

In limited circumstances, we may request additional verification information—such as government-issued identification, proof of address, or device/IP verification—when required for fraud prevention, credit card verification, or compliance checks.

These data are not required by default but may be necessary for completing a transaction or validating account authenticity.

We process this data only for verification, and may utilize third-party identity verification services to assist in this process. (As detailed in Section 6.1, this data is typically stored for no longer than 90 days).

We process your Personal Data under lawful bases, including contract performance, legal obligations, legitimate interests, and your consent where applicable.

Operational Note: We do not access customer-stored data (Customer Content) on your Dedicated Server or VPS without your explicit consent. Access is strictly limited to situations where we are compelled by a valid legal order.

We do not sell or rent your Personal Data. However, we share information with trusted third parties as necessary for secure service delivery.

Users may contact [email protected] for a current list of third-party processors and their contact details, or to inquire about the physical storage location(s) of their Account Data.

Homura Network Limited is based in Hong Kong. We store and process data across multiple data centers globally.

• Account Data: Your Identifiers, Payment, Commercial, and Correspondence Data are processed and stored in our central servers, which may be located in Hong Kong, the USA, or a GDPR-compliant country.
• Service Data (VPS/Hosting): The live content you store on your VPS (your “Customer Content”) is stored exclusively in the data center location you selected when purchasing the service (e.g., a server purchased for Singapore will be stored in Singapore; a server for Hong Kong will be stored in Hong Kong). Backups of this Service Data may be stored in a different secure, central location (e.g., a GDPR-compliant region or Hong Kong) for disaster recovery purposes.
• Service Data (eSim): Data for eSIM services will be processed by local carriers and partner roaming operators in various jurisdictions. Data is stored on our partners' systems and in our central data storage locations as necessary for service provision.

We ensure that all cross-border data transfers are protected by strong technical safeguards, such as encryption during transit.

Homura Network Limited is a company registered in Hong Kong, and our primary compliance framework is Hong Kong's Personal Data (Privacy) Ordinance (PDPO). We recognize our customers are global, and will make commercially reasonable efforts to respect global privacy standards. However, we do not guarantee full compliance with all specific requirements (such as GDPR) of your local jurisdiction. You are responsible for ensuring your use of our services complies with your local regulations.

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Where possible, data is aggregated or anonymized after its retention period.

• Customer Content (User Disk Data): All data related to a service (including automated backups and snapshots) is destroyed upon cancellation or termination of the service.
• Invoicing Records (Payment & Commercial Data): May be retained permanently, and will be kept for at least 7 years as required for business, tax auditing, and legal obligations. After the minimum legal retention period (7 years) has passed, we will anonymize this data upon verifiable request, where legally permissible and not in conflict with our auditing requirements.
• Account & Contact Data: Retained for the duration of your active service use, and for a period after account closure as required by law or for legitimate business purposes (e.g., fraud prevention).
• Verification Data (when collected): Securely deleted within 90 days after the verification process is complete, unless retention is legally required.
• Service Data (Operational Logs): Retained for a limited period (e.g., 6-18 months) for network analysis, troubleshooting, and abuse investigation, after which they are aggregated or anonymized.
• Network Logs & Access Metadata: Retained for a limited period (e.g., 6-12 months) for security, abuse investigation, and network analysis.
• Correspondence Data: Retained for the duration of your account's life to maintain a history of support interactions.

We use several types of cookies and tracking technologies, including but not limited to:

• Essential Cookies: Authentication, session maintenance, fraud prevention, and security.
• Functional Cookies: User preferences such as language or layout.
• Analytics Cookies: Anonymous usage insights (e.g., Cloudflare Web Analytics).
• Security Cookies: Detect and mitigate attacks or abnormal traffic.
• Referral/Marketing Cookies: Used only for referral tracking; no cross-site profiling.

Users can disable optional cookies via browser settings. Blocking essential cookies may affect functionality.

Our services are intended for users who have reached both the age required to enter into a legally binding contract in their jurisdiction (often 18 years or older) and the minimum age required to consent to data processing. If you do not meet these requirements, you must have obtained valid legal guardian consent for us to lawfully process your data and for you to agree to our Terms of Service.

We do not knowingly collect data from minors without such consent. If a parent or guardian believes a minor has provided data to us without their consent, please contact [email protected] for immediate removal of that data.

In accordance with the Hong Kong PDPO and other applicable laws, you have the right to request access to, correction of, or deletion of your Personal Data held by us.

You may submit a request to [email protected]. We will respond to verifiable requests within the legally mandated timeframe.

Please note that deletion requests are subject to exceptions. We will honor requests to delete data such as Correspondence Data (support tickets/email logs) or non-essential account details. However, we cannot delete data that we are required to retain by law or for overriding legitimate business interests.

For example, even if you request full account deletion, we are required by law to retain Invoicing Records permanently and may retain data related to abuse or AUP violations to protect our network and defend against legal claims.

We implement reasonable administrative, technical, and physical security measures to protect your Personal Data from unauthorized access, loss, misuse, or alteration.

In the event of a data breach that is likely to result in a real risk of harm to our users, we will take steps to mitigate the impact. While Hong Kong's PDPO does not currently have a mandatory universal notification requirement, we commit to notifying the Office of the Privacy Commissioner for Personal Data (PCPD) and affected individuals as appropriate and in accordance with legal requirements and industry best practices.

You are solely responsible for securing the data, applications, and services operating within your server environment (e.g., VPS or Dedicated Server), which constitutes “Customer Content.” As stated in Section 3, we do not access or control the Customer Content you store on our infrastructure.

Therefore, this Privacy Policy does not apply to any data loss, breach, or unauthorized access that results from a compromise of your server environment due to your own actions or inactions (such as weak passwords, unpatched software, or insecure configurations). Such incidents are your sole responsibility and are outside of Homura Network's control.

Homura Network Limited

Hong Kong BRN: 75553711

Address: RM 1805-06, 18/F, HOLLYWOOD PLAZA, 610 NATHAN ROAD, KOWLOON, HONG KONG SAR

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Privacy Inquiries: [email protected]
• Abuse Reports: [email protected]

Existing clients may also contact us by opening a support ticket on our platforms (e.g., Homura.Network, NAT.Toys, eSIM.day).

You may also contact us by mailing a physical document to our registered business address listed above.