Privacy Policy

Virtual Webmaster Services – Client Privacy Policy

Last updated: Dec 15, 2025

1. Our Privacy Philosophy

At Virtual Webmaster Services, our guiding principle is simple:

The less we know about you and your projects, the safer it is for both of us.

We design our services and internal processes to minimise the collection, storage and sharing of information about you. Wherever possible:

  • We avoid storing any personal information about you on public‑facing web servers.
  • We store only the minimum information required to provide the services you request, meet basic legal/financial obligations, and keep our systems secure.
  • In many cases, we do not need to know your real name. Pseudonyms are acceptable unless legal or billing requirements make real details necessary (e.g. invoices, tax records).

2. Scope of this Policy

This policy applies to:

  • All consulting, coaching, lab and development services offered by Virtual Webmaster Services.
  • All information you provide to us directly (e.g. via forms, email, Matrix secure consulting rooms, calls) in the context of these services.

It does not apply to:

  • Third‑party services you use independently (e.g. your own hosting provider, payment processor, communication tools), which are governed by their own policies.
  • Public information you publish on your own websites or platforms.

3. Information We Collect

We aim to operate on a need‑to‑know basis. Depending on the service, we may collect:

  • Basic contact details (minimal)
    • A preferred name or pseudonym
    • A contact method (e.g. email, Matrix handle or similar)
    • Time zone or region (for scheduling only)
  • Billing information
    • Information required by our payment processor (Stripe) to process payments and meet KYC/AML obligations
    • Basic details for invoices / receipts if legally required (e.g. business name, billing address)
  • Project‑related information (as little as possible)
    • High‑level descriptions of your goals and constraints
    • Technical details needed to design or troubleshoot solutions
    • Limited access credentials, where absolutely necessary, to perform agreed work

Wherever feasible, we encourage you to:

  • Redact or pseudonymise sensitive details.
  • Avoid sending more information than is genuinely needed for the task.

4. How and Why We Use Your Information

We use the information we collect only for:

  • Delivering our services
    • Responding to enquiries
    • Performing consulting, coaching, labs and development work
    • Providing reports, recommendations and follow‑up support
  • Administration & communication
    • Scheduling calls and sessions
    • Managing payments and invoices
    • Responding to support or clarification requests
  • Legal, accounting & security obligations
    • Basic financial record‑keeping as required by law
    • Protecting against abuse, fraud and misuse of our services

For every piece of information we request, we will explain:

  1. Why we need it.
  2. How it will be used.
  3. Any privacy implications we are aware of.

If you are uncomfortable with a request, we will discuss alternatives or workarounds where possible.

5. Data Minimisation & Storage

We actively practice data minimisation:

  • We collect only what is necessary for a clearly defined purpose.
  • We retain data only for as long as needed to provide the service, meet legal obligations, or protect against abuse.
  • We avoid storing sensitive personal or project information on public‑facing web servers wherever possible.
  • Where feasible, we prefer to store information client‑side (on your systems) and access it only when needed.

We use a combination of:

  • Local, access‑controlled storage for operational notes and project materials.
  • Privacy‑focused communication infrastructure (Matrix) for consulting rooms.
  • Limited third‑party systems (e.g. Stripe for billing), chosen with privacy in mind.

6. Security Practices

While no system is perfectly secure, we take reasonable technical and organisational measures to protect the information we do hold, including:

  • Limiting access to client information to those who need it to perform their work.
  • Using strong authentication and encryption where appropriate.
  • Regularly updating and hardening systems under our control.
  • Avoiding unnecessary third‑party integrations and telemetry.

We will never deliberately sell or rent your personal information to data brokers or advertisers.

7. Payments & Financial Information

We accept a full range of payments via Stripe and also support alternative payments, including crypto and privacy coins.

  • Stripe payments & KYC
    • Card and mainstream payments are processed via Stripe.
    • Stripe may require certain personal or business information to comply with KYC/AML and financial regulations.
    • We do not store and do not have direct access to your full financial details (such as full card numbers). These are handled and stored by Stripe under their own security and privacy policies.
    • Our integration with Stripe is designed to collect only minimal necessary information to process your payment and meet legal obligations.
  • Alternative payments (Crypto & privacy coins)
    • We can accept a range of alternative payments, including cryptocurrencies and privacy coins, subject to technical feasibility and risk assessment.
    • For these methods, we still aim to collect only minimal identifying information necessary to attribute payments correctly and comply with any applicable law.

For details on how Stripe handles your data, please refer to Stripe’s own privacy policy.

8. Your Responsibilities & Use of Our Services

We require that all clients:

  • Do not use our services for activities that:
    • Harm, exploit, deceive, scam or defraud others; or
    • Violate the rights and freedoms of others, including those related to the 12 Principles (if you publish these separately, you can reference or link to them).

By using our services, you agree:

  • To act in good faith and within the law.
  • Not to involve us, knowingly or unknowingly, in activities that are malicious, abusive, exploitative or otherwise unlawful.

If we become aware, or have reasonable grounds to suspect, that our services are being used for nefarious purposes, we reserve the right to:

  • Immediately suspend or terminate the relevant services, and
  • Decline any further engagement, without refund where misuse is clear and proven.

9. Your Choices & Control

You have control over how much you share:

  • You may use a pseudonym instead of your real name, unless legal or billing requirements prevent this.
  • You may decline to answer certain questions; we will explain any impact this may have on our ability to deliver the service.
  • You may request that we delete or anonymise certain information, subject to:
    • Legal record‑keeping requirements (e.g. invoices), and
    • Our need to maintain basic records to protect against abuse or repeat misuse.

For any such requests, contact us using your usual communication channel with a clear description of what you’d like changed or removed.

10. Communications, Consulting Rooms & Logs

Our primary consulting and coaching spaces are hosted on a Matrix server, which we consider a gold standard for private, end‑to‑end‑capable communication.

  • Matrix consulting rooms
    • Consulting and coaching conversations typically occur in private Matrix rooms created specifically for your project or engagement.
    • These rooms are designed to minimise unnecessary metadata and to keep discussions encrypted in transit.
    • We use Matrix‑based rooms as our default “secure consulting room” environment.
  • Logs and message history
    • We retain message history in Matrix rooms only as long as reasonably necessary to:
      • Maintain continuity of your project or coaching,
      • Refer back to agreed decisions and technical details, and
      • Meet minimal legal and security obligations.
    • We do not perform hidden behavioural tracking or analytics inside these rooms beyond what is technically necessary for security and basic performance.
    • Where technically feasible and appropriate, we can discuss shorter retention periods or periodic clean‑ups for particularly sensitive projects.
  • Calls, recordings and screen shares
    • If specific logging or recording (e.g. call recordings, screen‑share capture) would be useful, we will:
      • Ask for your explicit consent, and
      • Explain why it’s being recorded, how it will be stored, and for how long.

We favour end‑to‑end encrypted channels and privacy‑respecting tools by default.

11. Third‑Party Services & Data Sharing

We aim to minimise the use of third‑party services. Where they are necessary (for example, Stripe for payments, hosting providers, or communication infrastructure):

  • We select them with privacy in mind, where options exist.
  • We share only the minimum data necessary to use those services.
  • Your data with those providers is also governed by their own privacy policies.

We do not share your information with third parties except:

  • Where it is required to deliver the service (e.g. payment processing with Stripe),
  • Where we are legally compelled to do so (e.g. a lawful order from a competent authority), or
  • Where it is necessary to investigate or respond to abuse, fraud or misuse of our services.

12. Changes to This Policy

We may update this policy from time to time to reflect:

  • Changes in our services,
  • Changes in law, or
  • Improvements to our privacy practices.

When we do:

  • We will update the “Last updated” date at the top.
  • For significant changes that affect existing clients, we will provide a notice via our usual communication channels.

Continuing to use our services after a policy update means you accept the updated version.

13. Questions & Contact

If you have questions or concerns about this policy, or if you want to:

  • Understand what information we hold about you,
  • Request corrections, deletions or additional protections, or
  • Clarify any part of this document,