Privacy Policy

Last updated: April 5, 2026

Fxolio LLC ("Fxolio," "we," "us," or "our"), a Wyoming limited liability company operating BareMetalServer.ai, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

For users in the European Economic Area (EEA) and United Kingdom, we process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable local data protection laws.

1. Information We Collect

Account Information: When you register for an account, we collect your name, email address, and any other information you provide through our authentication provider, Clerk. This may include profile information and authentication credentials.

Payment Information: When you make a purchase, payment details (such as credit card numbers and billing addresses) are collected and processed directly by Stripe, our payment processor. We do not store your full payment card details on our servers. We receive limited payment information from Stripe, such as the last four digits of your card, card brand, and billing address, for record-keeping and support purposes.

Server and Usage Data: We collect information related to the servers you provision and manage through our platform, including server configurations, provisioning dates, operating system selections, and usage metrics. Our management agent, if installed on your server, collects operational data such as server health metrics, resource utilization, and system status to provide management features.

IP Addresses and Access Logs: We automatically collect your IP address, browser type, operating system, referring URLs, and access timestamps when you visit our website or use the platform. This information is used for security, analytics, and troubleshooting purposes.

Communications: If you contact our support team, we collect the content of your messages, your email address, and any other information you choose to provide.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To provision and manage your servers, process your orders, and provide the features and functionality of the platform.
• Billing and payments: To process payments, send invoices, and manage your billing account.
• Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
• Security and fraud prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other malicious activities.
• Service improvement: To analyze usage patterns, monitor platform performance, and improve our services.
• Communications: To send you service-related notices, billing alerts, security warnings, and, with your consent, promotional communications. You may opt out of promotional communications at any time.
• Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

Legal Basis for Processing (EEA/UK Users): We process your personal data on the following legal bases under the GDPR:

• Contract performance: Processing necessary to fulfill our contractual obligations to you (account management, server provisioning, billing).
• Legitimate interests: Processing necessary for our legitimate business interests (security, fraud prevention, service improvement), provided these interests do not override your fundamental rights.
• Legal obligation: Processing necessary to comply with legal requirements.
• Consent: Where required, we obtain your consent for specific processing activities (e.g., marketing communications).

3. Third-Party Services

We share your information with the following categories of third-party service providers, each of which operates under its own privacy policy:

• Stripe (payment processing): Stripe processes your payment information on our behalf. Stripe's privacy policy is available at stripe.com/privacy.
• Clerk (authentication): Clerk provides account registration and authentication services. Clerk's privacy policy is available at clerk.com/privacy.
• Resend (email delivery): Resend delivers transactional and service-related emails on our behalf.
• Data center partners (server hosting): We work with data center partners who physically host and maintain the servers we provision for you. These partners may have access to limited server and network information necessary to deliver the infrastructure services. Our data centers are located in Lithuania, the Netherlands, Germany, Sweden, the United States, and Singapore.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service. Specifically:

• Authentication cookies: Clerk sets cookies necessary to manage your login session and authenticate your identity. These are essential cookies required for the Service to function and cannot be disabled while using the platform.
• Security cookies: We may set cookies for security purposes, such as CSRF protection and fraud detection.

We do not currently use third-party advertising or tracking cookies. If this changes in the future, we will update this policy and, where required, obtain your consent.

5. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specifically:

• Account data: Retained for the duration of your account and for a reasonable period thereafter to allow for account reactivation or to address disputes.
• Billing and payment records: Retained for a minimum of seven (7) years to comply with tax, accounting, and financial reporting obligations.
• Server logs and access data: Retained for up to twelve (12) months for security and troubleshooting purposes.
• Support communications: Retained for the duration of your account and for a reasonable period thereafter.

When personal data is no longer required, we will securely delete or anonymize it in accordance with our data retention procedures.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of inaccurate or incomplete personal data.
• Right to erasure: You may request deletion of your personal data, subject to our legal retention obligations.
• Right to restriction: You may request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object: You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. For EEA/UK residents, we will respond within the timeframes required by applicable law. If you are in the EEA or UK and believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with your local data protection authority.

7. Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL.
• Secure storage of sensitive data with encryption at rest where applicable.
• Access controls limiting personnel access to personal data on a need-to-know basis.
• Regular security reviews and monitoring of our systems.
• Use of established, reputable third-party service providers with strong security practices.

While we take reasonable precautions to protect your data, no method of transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at [email protected].

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence, including the United States and the countries where our data center partners operate (Lithuania, the Netherlands, Germany, Sweden, the United States, and Singapore). These countries may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the EEA or UK to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data is protected in accordance with applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and notify you via email or through the platform. We encourage you to review this page periodically. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

11. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about our handling of your personal data, please contact us:

• Email: [email protected]
• Company: Fxolio LLC, Wyoming, USA
• Website: baremetalserver.ai