We take great effort to keep your website and data private and confidential. Our servers, applications and databases are all very secure. We encrypt passwords stored in our databases. However, there are some real world considerations you should take into account, where your privacy is not absolute.
We allow you to manage your website from anywhere in the world, which means anyone can potentially edit your website and access your data, if they have access to your username and password. You should chose a secure username and password.
Often our users don't select complex passwords for their email accounts, and those email accounts get accessed by hackers, and then those email addresses are used to send spam. We can't stop that happening, we can only encourage you to select more complex passwords and quickly detect and block any accounts that appear to be sending high volumes of emails.
Also, from time to time, government agencies may contact us requesting copies of your confidential data. Yes it does happen. If the request is both reasonable and legal, we are obligated to comply with the request, or face jail time ourselves if we don't. If your industry is subject to quota management, or you are are engaging in potentially illegal activity, or your business has been subject to complaints under investigation with the commerce commission, then please understand that we will comply with those reasonable and legal requests, and that those requests will override a businesses perceived right to privacy.
We are not interested in hosting websites that break laws, that spread hate, that trade in illicit materials, or that attempt to defraud the general public. We also don't allow websites that promote gambling or pyramid marketing schemes. We believe in free speech, and will take a reasonable approach to asking a government agency to provide appropriate warrant. However, it won't be us going to court or jail to defend your content.
A recent dispute over ownership of a charity website made us reassess our consideration of who really owns a charity website. From our perspective, the charity organisation owns the website, not the person who designed it, nor the person who last maintained it. It's the organisations website, and the organisation can agree to assume control over the website, dismissing any past person who had that role. Committee members come and go, so do volunteers who setup websites also come and go. Experience has taught us that we need to reasonable in how we respond to those who claim to be the new secretary or chairperson or whatever of such organisations, as often the old members have died, disappeared, or otherwise left their role. We will make reasonable efforts to ascertain the role of the new contact person, and give them management access to the website. However if there is a dispute between members of a committee as to who is in charge of the website, we may take the website control away until the conflict is resolved. This safeguards the website from malicious activity.
We often get called up asking to provide a credit reference for our customers. Our customers never warn us in advance, and we don't want to cause anyone trouble. Our policy on providing credit references is to either say you have a good credit history, or to say that we require authorisation from our customer to release this information.
When you transfer ownership of your website to a new person, you also need to update your domain registrant records.
The owner of a domain name is actually the registrant, this may not be the person who is "in control" of the domain via our system. If the registrant requests control of their domain name, and they can provite ample evidence that they are the registrant named in the whois, then we are obligated to obey their wishes. Disputes may arrise where a web designer or other party is holding control of the domain until payment is received. You are not allowed to do that, and you would need to secure payment from your customer by some other means. A web designer may hold onto a web design, but not the domain name. A web designer may only hold on to a web design if they created the website and have always paid for the hosting and/or only a short time elapsed. If the end customer has been paying for their web hosting, then we would consider the end customer is the correct party to deal with.
We also take great care around processing domain change of registrant requests. We have no way to identify if the people signing a document are legitimate signatories, but we do look at the other details of website ownership. So it is normal for us to process the change if a business is simply correcting mistakes, or if the new domain registrant details match the new website owner details. Please always update your website contact details first, then send in your change of registrant form.
Note, it is very common that some websites have changed hands more than once without domain registrant forms being updated... Please make sure you complete this important step when changing ownership. It is less of an issue, if the domain is in the name of a LTD company, and the business is sold as a going concern.
There are subtle differences when a business owner changes. In some cases a business requires the billing history to remain as a going concern. In other cases, the old owner would like us to start a fresh user account. Sometimes user logins contain more than one business. Please be explicity clear when you contact us to change ownership of a website if you want the new owner to have a new login. Our preference is a new login.
Please note that email can be restored subject to a support fee for up to several months later. It is possible for new owners to have old email addresses reinstated. If you don't want your old personal email reinstated, please make a clear statement to this effect so that we can put a note on your account not to action such a request.
Also consider the issue of partnership disputes. This could be a personal relationship that has ended, or a business relationship. If we recognise both parties as directors, we will probably act on eithers wishes. You should let us know asap if this is your situation, so that we can take greater care around account modifications. You can also request that access is rescinded from both parties until a clear management mandate is determined.
You may request staff or contractors in your business be given access to your website. This may include web designers. Please consider that those people will continue to have access until you rescind the access. When a staff member or website designer who is linked to a website makes a reasonable request, we will normally act upon their direction, especially if their login would have allowed them to perform the action themselves.
For online payments we use industry standard SSL connections, and/or payment gateways which provide the same SSL secure data transmission. You can also use SSL mode for your email access and/or FTP access.
You can also have SSL certificates added to your own website, but they do have a setup cost, and require a higher hosting plan.
We provide a number of different backups, both incremental time based backups, and offsite/offline backups. These allow us to restore a website to a point in time. Fees do apply for complex site restorations. However, the benefit of our backups, is that we can typically unwind any mistakes around website ownership disputes.
If a webpage was previously public, and then you hide it, it can remain visible on google. This is because google remembers all URLs it has ever visited, and the only way to stop that is to delete the page/file, and create a new one with a different URL and filename.
When you link a PDF file or similar binary file to an email, or hidden web page, the file is potentially accessible by the public. It is simply hidden by the obscurity of it's filename or URL, but as soon as anyone knows about the file, they can share it with others. This is no different than them making a copy of the file once you first provide it to them. So long as you don't publish the file URL, the public should not be able to access it.
Posted: Tuesday 5 April 2016