Updated Terms of Service

We have updated our Web Hosting Terms of Service once again to make them easier to read as well as to add some policies surrounding the use of donation forms and e-commerce on our server infrastructure. Donation forms and e-commerce websites are allowed, but special consideration must be given to how our clients process and store credit card & bank account data.

The PCI Security Standards Council makes it very clear that a website should not store cardholder data unless absolutely necessary (please see https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf for more information). As a result, and due to our own concern of keeping user data secure, we have outline the following guidelines:

1. You agree to use, at minimum, 256 bit encryption on any login pages, and any pages that require a user login. Pages that process any credit cards or bank account & routing numbers must be protected behind a user login.
2. There are some cases when websites want to store credit card or bank account / routing numbers locally. This is not allowed (on our shared servers)! If you want to store this type of information on your website, you will need to purchase a Managed VPS Solution, and provide reasonable justification.
   1. Note that some payment processing services may ask you to store sensitive information such as credit cards & bank account / routing numbers in a report. This is an irresponsible requirement, and we will not allow this type of report to be saved. The only exception to this reporting requirement is when all but the last 4 numbers are replaced with a generic placeholder (an "x" for example).
   2. Any credit card data that is stored should be stored in an encrypted format.

Should you have any questions or concerns, please don't hesitate to contact us.

Best Regards,

David White