Privacy Policy

1337 Services GmbH ("we", "us", or "our") operates RDP.sh and is committed to protecting your privacy. We are based in Hamburg, Germany and comply with the European Union General Data Protection Regulation (GDPR).

We process your personal data based on various legal grounds as described in this policy, including contract performance, legal obligations, and legitimate interests.

The data controller responsible for your personal data is:

We use the collected information for the following purposes:

• To provide and maintain our services
• To process transactions and send invoices
• To send service-related notifications (server status, billing reminders)
• To detect and prevent fraud and abuse
• To provide customer support
• To comply with legal obligations (tax laws, court orders)

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)) - Processing necessary to provide our services, including account creation, service provisioning, and customer support.
• Legal Obligation (Article 6(1)(c)) - Processing required to comply with legal requirements, such as tax laws, accounting regulations, and responding to lawful requests from authorities.
• Legitimate Interests (Article 6(1)(f)) - Processing for fraud prevention, security monitoring, service improvement, and protecting our legal rights, where these interests are not overridden by your rights and freedoms.

We use essential cookies only. We do not use third-party analytics or tracking cookies.

• Session Cookie - maintains your login session (expires after 2 hours of inactivity)
• CSRF Token - protects against cross-site request forgery attacks

All cookies are encrypted and transmitted securely over HTTPS.

We use third-party payment processors to handle payments. We do not store your credit card details. These processors have their own privacy policies governing the use of your payment information.

• Cryptomus - Cryptocurrency Payments

We retain your data for the following periods:

• Account Data - retained until you request account deletion
• Session Data - automatically deleted after 2 hours of inactivity
• Invoices and Billing Records - retained for 10 years as required by German tax law
• Support Tickets - retained for 3 years after resolution

Under the GDPR, you have the following rights:

• Right to Access - request a copy of your personal data
• Right to Rectification - request correction of inaccurate data
• Right to Erasure - request deletion of your data ("right to be forgotten")
• Right to Restriction - request limitation of processing of your data
• Right to Data Portability - receive your data in a machine-readable format (JSON or CSV)
• Right to Object - object to processing of your data
• Right to Withdraw Consent - withdraw consent at any time
• Right to Lodge a Complaint - file a complaint with a supervisory authority

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

We implement appropriate technical and organizational measures to protect your data:

• All data transmitted over HTTPS/TLS encryption
• Passwords hashed using bcrypt algorithm
• Two-factor authentication available for all accounts
• Regular security assessments and software updates
• Data stored in EU-based data centers

We use the following third-party services to operate our platform. Each service processes data as described below:

• Postmark - Transactional email delivery. Processes: email address, name. Location: USA (EU SCCs in place).
• Cloudflare Turnstile - Bot protection during registration. Processes: IP address, browser data. Location: Global (EU SCCs in place).
• Internet.bs - Domain registration services. Processes: contact information for WHOIS. Location: Bahamas.
• Cryptomus - Cryptocurrency payment processing. Processes: transaction data. Location: Lithuania (EU).

Your personal data is primarily stored and processed within the European Economic Area (EEA). However, some of our third-party service providers may process data outside the EEA.

When data is transferred outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) - approved by the European Commission
• Adequacy Decisions - where the destination country ensures adequate protection
• Data Processing Agreements - with all third-party processors

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age.

If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with their data, please contact us at [email protected].

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay if the breach is likely to result in high risk
• Document all breaches and the remedial actions taken

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: