Keep your business running through any disruption. Continuous replication and automated failover ensure industry-leading RPO/RTO across our Dubai, Fujairah, and Vienna data centers.
Security
Privacy and Data Protection
Bamboozle Web Services is committed to protecting the privacy and security of your data. This page summarizes how we handle, store, and protect your data and where to find our full legal documentation.
What data we collect
We collect data in two ways. As a data controller, we collect account information you provide such as your name, email address, and billing details to provide our services. As a data processor, we handle the data you store on our infrastructure on your behalf — we do not access this data except to provide the service or where required by law.
For full details see our Privacy Policy.
Payment card data
Bamboozle Web Services does not store, process, or transmit payment card numbers on our systems. All payment processing is handled by our PCI-DSS certified third-party payment processor. We store only a tokenized reference to your payment method. Our data centers are PCI-DSS certified — see Certifications and Reports.
Employee access to your data
Bamboozle employees do not have access to the content of your virtual machines, storage, or other resources unless you explicitly grant permission for support purposes. Access to production systems is:
- Restricted to employees with a legitimate operational need
- Controlled by role-based access with the principle of least privilege
- Protected by multi-factor authentication
- Fully logged and auditable
- Subject to regular access reviews
Where your data is stored
Your data is stored in the region you select when provisioning services. Bamboozle does not transfer your data to other regions without your consent. Our UAE-based regions keep your data within the United Arab Emirates, supporting data residency requirements applicable to businesses operating in the UAE and broader Middle East.
GDPR
We support customers who need to comply with the General Data Protection Regulation (GDPR). Our Data Processing Agreement (DPA) outlines our obligations as a data processor and incorporates Standard Contractual Clauses for international data transfers. By accepting our Terms of Service you automatically accept our DPA — no separate signature is required.
For GDPR-specific questions, see our GDPR FAQ or contact [email protected].
Data retention and deletion
We retain your account data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations. When you delete resources, data is removed from active systems promptly. Storage media is securely destroyed when decommissioned with certificates of destruction provided by our colocation partners.
To request deletion of your account and associated personal data, log in to the control panel and submit a support ticket, or contact [email protected].
Security incident notification
In the event of a security incident affecting your data, we will notify you without undue delay in accordance with applicable law and our contractual obligations. Notifications will be sent to the email address on your account. We will provide details of the nature of the incident, the data affected, and the steps we have taken or are taking to address it.
Legal documents
Contact Us
For privacy enquiries contact [email protected]. For security concerns contact [email protected].