Privacy Policy
We believe privacy is straightforward, not complicated. This policy explains exactly what data HostingGarage collects, why, how it is used, and what your rights are — written in plain English.
Who We Are
HostingGarage (hostinggarage.in) is a free website health checker and hosting comparison platform operated by an individual based in Bengaluru, Karnataka, India.
HostingGarage provides four free diagnostic tools — SSL checker, DNS checker, website uptime checker, and website speed test — along with hosting comparison pages and a hosting performance report card. Some hosting comparison pages contain affiliate links as disclosed in our Affiliate Disclosure.
For the purposes of the General Data Protection Regulation (GDPR), HostingGarage is the data controller for personal data collected through this website. For the purposes of India’s Digital Personal Data Protection Act 2023 (DPDPA), HostingGarage is the data fiduciary.
Location: Bengaluru, Karnataka, India
Contact: privacy@hostinggarage.in
Website: https://hostinggarage.in
What Data We Collect and Why
HostingGarage collects the minimum data necessary to operate the service. The table below lists every category of data we collect, why we collect it, and the legal basis for doing so.
| Data | Why collected | Source | Stored? | Legal basis |
|---|---|---|---|---|
| Domain names | To run the requested SSL, DNS, uptime, or speed check | User input | Temporarily cached only — not stored permanently | Legitimate interest / Contract performance |
| IP address | Security, rate limiting, abuse prevention | Automatic — server logs | Server logs — 30 days | Legitimate interest |
| Browser type and device | Analytics — understanding how the site is used | Automatic — Google Analytics | Google Analytics — 26 months | Consent |
| Pages visited, time on page | Analytics — improving tools and content | Automatic — Google Analytics | Google Analytics — 26 months | Consent |
| Geographic location (city/country) | Analytics — understanding our India audience | Derived from IP — Google Analytics | Google Analytics — 26 months | Consent |
| Email address | SSL certificate expiry reminders — one email 30 days before expiry | User input — SSL checker reminder form | Until reminder is sent or user unsubscribes | Consent |
| Referrer URL | Understanding which sources send visitors to the site | Automatic — server logs, Google Analytics | Google Analytics — 26 months | Consent / Legitimate interest |
How Our Tools Handle Your Data
Each tool operates differently in terms of what happens to the domain you enter. This section explains the exact data flow for each tool — including whether your domain stays on our server or is sent to a third party.
Third-Party Services We Use
HostingGarage uses the following third-party services. Each service has its own privacy policy and data processing practices. Where a service processes data on our behalf, it acts as a data processor under GDPR and a data processor / consent manager under India’s DPDPA.
Affiliate Links and Commercial Relationships
Some pages on HostingGarage contain affiliate links to hosting providers. When you click an affiliate link and make a purchase, HostingGarage earns a commission from the hosting company at no extra cost to you. This commission is how the site is funded and what pays for the hosting plans we use for testing.
Current affiliate relationships: Kinsta, Cloudways, Hostinger, HostArmada, ChemiCloud, and MilesWeb. BigRock is included in our performance data but has no affiliate relationship with HostingGarage.
When you click an affiliate link, the hosting company may set a tracking cookie in your browser to attribute the referral. These cookies are set by the hosting company, not by HostingGarage. The relevant hosting company’s privacy policy governs how that cookie data is used.
Legal Basis for Processing Your Data
Under GDPR and India’s DPDPA, we must have a legal basis for each type of data processing. The table below explains the basis we rely on for each processing activity.
| Processing activity | Legal basis (GDPR) | Legal basis (India DPDPA) |
|---|---|---|
| Running SSL, DNS, uptime, and speed checks on submitted domains | Article 6(1)(b) — Performance of a contract / service requested by the user | Section 7(a) — Consent given at point of tool use |
| Server access logs (IP address, timestamps) | Article 6(1)(f) — Legitimate interest (security, abuse prevention) | Section 7(d) — Legitimate use for security purposes |
| Google Analytics (browsing behaviour) | Article 6(1)(a) — Consent | Section 7(a) — Consent via cookie banner |
| Email addresses for SSL expiry reminders | Article 6(1)(a) — Explicit consent at point of submission | Section 7(a) — Explicit consent |
| Sending domain to Google PageSpeed API (speed test) | Article 6(1)(b) — Performance of service requested | Section 7(a) — Consent at point of tool use |
| DNS propagation checks via Google/Cloudflare DNS | Article 6(1)(b) — Performance of service requested | Section 7(a) — Consent at point of tool use |
Legitimate interest assessments: Where we rely on legitimate interest as our legal basis, we have conducted a balancing test confirming that our interest does not override your fundamental rights and freedoms. Server access logs for security purposes represent a legitimate interest that is narrow, proportionate, and does not override user privacy rights.
How Long We Keep Your Data
We retain data only for as long as necessary to fulfil the purpose for which it was collected. The table below shows retention periods for each data type.
| Data type | Retention period | Reason |
|---|---|---|
| Domain names (tool queries) | SSL: up to 1 hour cache. DNS/Status: session only. Not stored in any database. | Performance optimisation — cached results prevent duplicate server load |
| Server access logs (IP, user agent, timestamp) | 30 days | Security, abuse prevention, and debugging. Deleted automatically by server rotation. |
| Google Analytics data | 26 months (Google default setting) | Understanding long-term usage trends. Configurable in Google Analytics account settings. |
| Email addresses (SSL reminders) | Until the reminder email is sent, or until you unsubscribe — whichever comes first. Maximum 12 months. | Fulfilling the reminder service you requested |
| Cookie consent records | 12 months from consent date | Proof of consent as required by GDPR Article 7(1) |
When data is no longer required for its stated purpose and no legal obligation requires us to retain it, it is deleted or anonymised. You may request deletion of your personal data at any time — see Section 10 for your rights.
International Data Transfers
HostingGarage is based in India and all primary tool infrastructure runs on our Hostinger Mumbai server. However, some data transfers to the United States occur when you use certain tools.
| Transfer | Destination | Data transferred | Safeguard |
|---|---|---|---|
| Google Analytics | Google LLC, USA | Browsing behaviour, anonymised IP, device data | Standard Contractual Clauses (EU) · Google’s DPDP commitment (India) |
| Google PageSpeed API (speed test) | Google LLC, USA | Domain name submitted for speed testing | Google APIs Terms of Service · SCCs for EU users |
| Google DNS-over-HTTPS (DNS checker) | Google LLC, USA | Domain name, DNS record type | Google’s Privacy Policy · Minimal data, no persistent storage |
| Cloudflare DNS-over-HTTPS (DNS checker) | Cloudflare Inc., USA | Domain name, DNS record type | Cloudflare Privacy Policy · SCCs for EU users · Minimal data |
| HetrixTools monitoring | HetrixTools infrastructure | HostingGarage’s own test site URLs only — no user data | No user personal data transferred |
For EU and UK visitors: Data transfers to the United States are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, as implemented by Google and Cloudflare in their respective data processing agreements.
For Indian visitors: Cross-border data transfers to the USA are subject to the Digital Personal Data Protection Act 2023. We transfer data only to processors (Google, Cloudflare) that have made adequate commitments regarding data protection as recognised by or consistent with the DPDPA framework. The primary infrastructure for all tools remains in India (Hostinger Mumbai).
Your Rights
Depending on where you are located, you have specific rights over your personal data. These rights are provided under GDPR (EU/UK), India’s DPDPA 2023, and CCPA (California). We honour all applicable rights regardless of your location.
Children’s Privacy
HostingGarage is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe that your child has submitted personal data to this site, please contact us at privacy@hostinggarage.in and we will delete the data promptly.
Under India’s Digital Personal Data Protection Act 2023 (DPDPA), special protections apply to data of children under 18. We do not process data of minors and do not offer services directed at children.
Changes to This Privacy Policy
We may update this privacy policy when our practices change, when we add or remove third-party services, or when applicable law requires updates. When we make changes, we update the “Last reviewed” date at the top of this page.
For significant changes that materially affect how we process your data — such as adding a new third-party service that receives personal data — we will provide more prominent notice, either via a banner on the site or by email if we hold your email address.
Continued use of the site after an update constitutes acceptance of the updated policy. If you do not agree with any changes, you should stop using the site and may request deletion of your data by contacting us.
| Version | Date | Change summary |
|---|---|---|
| 1.0 | 1 January 2026 | Initial policy — covers all tools and services at launch |
Contact, Complaints, and Supervisory Authorities
If you have any question about this privacy policy, want to exercise a right, or want to make a complaint about how we handle your data, please contact us using the details below. We will respond within 30 days.
India: Data Protection Board of India (under DPDPA 2023) — meity.gov.in
EU residents: Your national data protection authority — edpb.europa.eu
UK residents: Information Commissioner’s Office — ico.org.uk
California residents: California Attorney General — oag.ca.gov/privacy/ccpa