Back to Lifna

Privacy Policy

Last updated: 2026-05-13

This Privacy Policy explains how Lifna trading as Lifna ("Lifna", "we", "us") handles personal data when you use lifna.io, app.lifna.io, and the Lifna Drupal hosting platform.

Who we are

Lifna provides managed Drupal hosting. For account, billing, support, and product operations data, Lifna is usually the data controller. For personal data that customers place inside hosted Drupal sites, Lifna is usually the processor and the customer is the controller.

  • Legal entity: Lifna
  • Registered address: REPLACE_WITH_REGISTERED_ADDRESS
  • Privacy contact: privacy@lifna.io
  • ICO registration: REPLACE_WITH_ICO_REGISTRATION_OR_NOT_REQUIRED

Personal data we collect

  • Account data: name, email address, company, account type, role, and authentication metadata.
  • Billing data: Stripe customer IDs, subscription state, invoices, payment status, and billing events. We do not store full card details.
  • Hosted site data: Drupal files, databases, logs, backups, environment variables, domains, and deployment metadata for customer sites.
  • Support data: messages, replies, operational notes, and troubleshooting context that you provide.
  • Security and usage data: IP addresses, request metadata, login attempts, audit events, action logs, container health, storage usage, and error logs.
  • Interest registrations: name, email, company, account type, message, and submission timestamp.

Why we use personal data

Purpose Lawful basis
Create accounts, provide hosting, deploy sites, run backups, and provide support. Contract and legitimate interests.
Bill customers, process payments, manage failed payments, and keep accounting records. Contract, legitimate interests, and legal obligation.
Secure the platform, investigate abuse, keep audit logs, and prevent unauthorised access. Legitimate interests and legal obligation.
Respond to early-access interest and product enquiries. Legitimate interests or consent where required.
Send essential service emails about accounts, security, billing, support, and hosted sites. Contract and legitimate interests.

Hosting and subprocessors

Lifna hosts production infrastructure with Hetzner in the EU. Tenant Drupal containers, databases, backups, exports, and repository data are intended to stay in EU-hosted infrastructure unless you configure a third-party integration or ask us to transfer data elsewhere. We use subprocessors for infrastructure, payments, email, and support operations. The current list is published at Subprocessors.

Cookies

Lifna currently uses only essential cookies for login sessions, CSRF protection, and optional "remember me" login. We do not currently use advertising cookies or cross-site marketing trackers. See the Cookie Policy for details.

Retention

  • Account records are kept while the account is active and then deleted or anonymised after the configured deletion process completes.
  • Deletion requests are scheduled with a 30-day safety period unless immediate removal is required.
  • Backups are retained for up to 30 days unless you delete the site or a shorter period applies.
  • Data exports expire after 24 hours and are purged by the scheduled cleanup job.
  • Security, audit, billing, and abuse-prevention logs may be retained where necessary to protect the platform and meet legal obligations.

Your rights

Depending on where you are located, you may have rights to access, correct, erase, restrict, object to, or export your personal data. You may also have the right to withdraw consent where processing is based on consent. Account holders can request data exports and account deletion from the account area, or by contacting privacy@lifna.io.

Security

Lifna uses HTTPS, encrypted session cookies, role-based access controls, encrypted storage for secrets, rate limits on sensitive routes, audit logs, host firewalls, fail2ban, and isolated Docker environments for hosted Drupal sites. No internet service is risk-free, but we design Lifna to reduce access, retention, and blast radius wherever practical.

Complaints

Please contact us first so we can help. You may also complain to the UK Information Commissioner's Office or your local data protection authority.

Changes

We will update this page when our processing changes. If a material change affects active customers, we will give appropriate notice through the app or by email.