Privacy Policy

Nova86 L.L.C.

Privacy Policy

 

Nova86 L.L.C. (“Nova86,” “we,” “us,” or “our”) operates as a premier web hosting provider, Internet Service Provider (ISP), and network operator offering infrastructure, transit, and colocation services.

We are committed to data minimization and privacy. We collect and process only the limited personal, transactional, and technical information strictly necessary to provide, secure, and maintain our services. This Privacy Policy outlines what information we collect, how we use it, how it may be shared, and the rights you possess under applicable global privacy laws, including the General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), and the Colorado Privacy Act (CPA).

1.  Data We Collect

We collect only the information necessary to fulfill our contractual obligations, comply with applicable laws, and ensure the absolute integrity of our network and services. As a core principle, Nova86 L.L.C. does not collect, process, or sell advertising, behavioral tracking, or marketing data.

A.  Account & Order Data

Collected during service signup, identity verification, or billing operations:

●       Name, email address, and primary contact details.

●       Payment and subscription identifiers (e.g., invoice ID, subscription ID, payment intent).

●       Product or service name, pricing, and billing frequency.

●       Payment history, transaction dates, currency, and amounts.

●       Optional configuration data (e.g., account credits, migration records, resource usage limits).

●       Account creation and service renewal timestamps.

B.  Support & Ticket Data

Collected when you contact our support channels or submit inquiries:

●       Ticket ID, inquiry type, severity level, and timestamps.

●       Customer name, contact email, and related order/service references.

●       Ticket descriptions, attachments, and replies (including staff responses). ● Metadata for internal issue tracking, quality assurance, and resolution.

C.  Network & System Data

Collected automatically to deliver, route, and secure services across our infrastructure (including autonomous system AS393577):

●       IP addresses, assigned ports, connection timestamps, routing telemetry, and protocol details.

●       DNS lookups, hostnames, and network flow metadata.

●       Virtual machine identifiers, resource allocation, storage usage logs, and uptime statistics.

●       Diagnostic data utilized exclusively for infrastructure monitoring, performance optimization, and abuse prevention.

D.  Miscellaneous & Operational Data

Collected to ensure system reliability, security, and compliance:

●       Authentication credentials and API tokens. ● System monitoring logs, uptime metrics, and incident response data.

●       Abuse, spam, or intrusion reports, along with related forensic network information.

●       Data collected to meet strict legal obligations (e.g., accounting, tax compliance, or export control verification).

2.  How We Use the Data

We process your information solely for legitimate business and operational purposes, including:

1.     Service Provisioning: To provision, activate, maintain, and manage hosting, colocation, network transit, and Internet services.

2.     Account Management: To process orders, execute billing, manage renewals, issue refunds, and facilitate service upgrades or downgrades.

3.     Communication: To securely respond to support tickets, dispatch renewal reminders, and notify you of critical infrastructure or service updates.

4.     Fraud and Abuse Prevention: To actively detect unauthorized access, mitigate DDoS activity, and enforce our Acceptable Use Policy (AUP).

5.     Legal and Regulatory Compliance: To satisfy tax, accounting, mandatory data retention, and valid law enforcement requirements.

6.     Service Improvement: To monitor internal performance, detect hardware/software failures, and engineer improvements to service reliability.

We do not sell, rent, or trade your personal data to third parties under any circumstances.

3.  Legal Basis for Processing (GDPR)

For customers located in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), we process personal data under one or more of the following lawful bases:

●       Contractual Necessity: Processing is required to deliver the services you have explicitly requested (e.g., hosting, colocation, or network connectivity).

●       Legal Obligation: Processing is necessary to comply with mandatory accounting, tax, or regulatory compliance requirements.

●       Legitimate Interests: Processing is critical to prevent network abuse, maintain service reliability, protect infrastructure security, and optimize business operations.

●       Consent: For optional features (e.g., non-essential communications or surveys, should they ever be applicable). You may withdraw consent at any time.

4.  Data Retention

We adhere to strict data minimization principles. We retain data only for the minimum duration necessary to fulfill operational, legal, and security purposes.

Data Type

Retention Period

Primary Purpose

Orders & Billing Data

7 years

Legal, tax, and accounting compliance.

Support Tickets

2 years

Troubleshooting, historical reference, and service continuity.

Network & Routing

Logs

90–180 days

Abuse prevention, threat mitigation, and operational analytics.

Authentication Data

Active session +

30 days

Security access control and internal auditing.

Law Enforcement

Logs

As strictly required by law

Compliance with valid subpoenas or court orders.

Upon expiration of the applicable retention period, data is securely purged, permanently deleted, or irreversibly anonymized.

5.  Data Disclosure & Third-Party Sharing

Nova86 L.L.C. may disclose limited information to trusted third parties exclusively under strict, legally bound conditions:

●       Vendors & Processors: Payment gateways (e.g., Stripe), datacenter operators, and core infrastructure providers. These entities are strictly bound by comprehensive Data Processing Agreements (DPAs) and confidentiality clauses.

●       Legal Requests: Information is released only in response to valid, legally binding U.S. legal processes (such as a subpoena, warrant, or court order). Nova86 L.L.C. requires all legal requests to comply fully with applicable privacy and jurisdictional laws.

●       Corporate Events: In the event of a merger, acquisition, reorganization, or asset sale, provided that equivalent privacy protections are maintained by the receiving entity.

●       Abuse Mitigation: Limited network telemetry may be shared with upstream transit providers, peering partners, or CERT/CSIRT teams strictly to investigate, mitigate, and resolve active network abuse or security threats.

No Backdoors: Nova86 L.L.C. does not provide voluntary government access, backdoors, or undocumented access to any customer data or infrastructure.

6.  Data Security

We employ robust, industry-standard administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of your data:

●       Encryption: TLS/SSL encryption for all client communications and data in transit.

●       Access Controls: Strict Role-Based Access Control (RBAC) and mandatory Two-Factor Authentication (2FA) for all internal staff accounts.

●       Physical Security: Biometric and perimeter physical security controls actively maintained at all datacenter facilities.

●       Monitoring: Continuous network monitoring, automated threat filtering, and intrusion detection systems.

●       Auditing: Regular software patching, vulnerability assessments, and security audits.

In the highly unlikely event of a data breach compromising personal information, affected customers will be notified promptly and strictly within the timeframes required by applicable law.

7.  Cookies and Tracking Technologies

Our websites and billing portals use strictly necessary and functional cookies essential for authentication, session management, and basic analytics.

●       Session Cookies: Strictly required for secure login, identity verification, and billing portal access.

●       Preference Cookies: Utilized to save user display settings and dashboard preferences.

●       Analytics Cookies: Used to aggregate anonymized, non-identifiable data to improve user experience and interface functionality.

Users may block or clear cookies via their web browser settings; however, doing so will limit your ability to log in and utilize secure portal features.

8.  Customer Responsibilities (Controller vs. Processor)

Under applicable privacy laws, Nova86 L.L.C. operates strictly as the Data Processor for the content, applications, and databases hosted on our infrastructure by the user. The customer retains the role of Data Controller.

Customers are responsible for:

●       Utilizing strong, unique passwords and actively safeguarding account credentials.

●       Maintaining updated security, firewalls, and patches on any systems or virtual machines hosted with Nova86 L.L.C..

●       Ensuring that any data hosted, transmitted, or stored on our infrastructure complies with all applicable international, federal, and state privacy laws.

●       Strict compliance with our Terms of Service and Acceptable Use Policy.

Nova86 L.L.C. is not legally or financially responsible for data loss, breaches, or compromises resulting from customer misconfiguration, weak credentials, or negligence.

9.  International Data Transfers

Nova86 L.L.C. operates primarily within the United States. If you access our services or host data from outside the U.S., your information will be transferred to, stored, and processed in U.S.-based datacenters and processing facilities.

We ensure that any international transfers of personal data are adequately protected through approved data transfer mechanisms, such as Standard Contractual Clauses (SCCs) or other legally recognized safeguards, ensuring your data receives an equivalent level of protection to that of your home jurisdiction.

10.  Your Privacy Rights

Depending on your jurisdiction, you are entitled to comprehensive data privacy rights.

GDPR Rights (EU/EEA/UK Residents):

●       Right of Access: Request a complete copy of your personal data.

●       Right to Rectification: Request correction of inaccurate or incomplete data.

●       Right to Erasure ("Right to be Forgotten"): Request deletion of personal data when it is no longer needed or is being processed unlawfully.

●       Right to Restriction: Request limited processing of your data in specific legal cases.

●       Right to Data Portability: Request your data in a structured, commonly used, and machine-readable format.

●       Right to Object: Object to data processing based on legitimate interests. U.S. State Privacy Rights (CCPA/CPRA, CPA & Others):

Residents of California, Colorado, and other states with comprehensive privacy laws hold the following rights:

●       Right to Know: Request disclosure of exactly what personal data we collect, use, and share.

●       Right to Access & Portability: Request a secure copy of your personal data.

●       Right to Delete: Request the deletion of your personal data, subject to specific legal and operational exceptions.

●       Right to Opt-Out: While Nova86 L.L.C. does not sell your data, you retain the legal right to opt out of any non-essential data sharing.

●       Right to Non-Discrimination: You will never be denied services, charged different prices, or provided a lower quality of service for exercising your privacy rights. Exercising Your Rights:

To exercise any of the rights listed above, please contact privacy@Nova86.gg. We will acknowledge your request promptly, verify your identity to ensure security, and fulfill the request within 30 days (or as required by specific state/regional laws).

11.  Law Enforcement & Legal Requests

All legal notices and formal Service of Process must be directed to our registered agent on file in the State of Colorado:

Thomas Haggard

RE: Nova86 L.L.C.

2519 S Sheilds St STE 1K #167

Fort Collins, CO 80526

United States

To be considered valid, requests must:

●       Clearly identify the issuing agency, the legal authority under which the request is made, and the associated case number.

●       Include the specific data requested, target identifiers (e.g., IP address, account name), and an exact timeframe.

●       Be formally signed and properly served under U.S. law.

Nova86 L.L.C. reserves the right to challenge overly broad or legally deficient requests. Where legally permissible, we will attempt to notify affected customers of the request prior to disclosure. Nova86 Internet will not release private data without due legal process.

12.  Policy Updates

We reserve the right to update or modify this Privacy Policy to reflect operational, technical, or legal changes. The most current and active version will always be available on our website at https://Nova86.gg. Your continued use of our network and services after any such changes constitutes your formal acceptance of the updated policy.

13.  Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please reach out to the appropriate operational department:

●       Privacy & Data Requests: privacy@Nova86.gg

●       Abuse & Security Incidents: abuse@Nova86.gg

●       Legal & Law Enforcement Inquiries: legal@Nova86.gg

●       Network Operations (NOC): noc@Nova86.gg

●       Customer Support: support@Nova86.gg

●       Other/Misc: hello@Nova86.gg