Privacy Policy

Effective date: June 4, 2026

1. Who we are

ServerChest is operated by AlAfaq Al-Alamiah. Our dashboard helps you monitor, back up, and manage your Odoo servers. You can reach us at support@serverchest.com.

2. What we collect

We collect only what is necessary to operate the service: • Account data — email address and a bcrypt-hashed password when you register. • Server metadata — the name and connection status of servers you add to your dashboard. We store API keys as one-way hashes; the plain-text key is shown once and never stored. • Usage data — backup history records (timestamps, duration, size, status) and audit log entries (action type, user, timestamp). • Preferences — your preferred language (English, Arabic, or Turkish). We do not store your backup files. Backups are transferred directly from your server to your own cloud storage account.

3. How we use your data

We use collected data to: • Provide and operate the ServerChest dashboard. • Send transactional emails (backup failure alerts, restore confirmations) in your preferred language. • Maintain audit logs for your own compliance and accountability needs. We do not use your data for advertising. We do not sell your data to third parties.

4. Data storage and security

Your data is stored in a MySQL database hosted on our servers. All communication between your server agent and the ServerChest dashboard is encrypted over WSS (WebSocket Secure). API keys are hashed using a one-way algorithm and cannot be recovered — only reset. Passwords are hashed with bcrypt.

5. Data retention

We retain your account and server data for as long as your account is active. Backup history records are retained for 90 days by default. You may delete your account at any time by contacting support@serverchest.com, after which your data is deleted within 30 days.

6. Third-party services

ServerChest uses the following third-party services: • Email delivery — to send alert and notification emails. • Cloud storage providers (Google Drive, OneDrive, Dropbox, Amazon S3, Backblaze, etc.) — only when you configure a backup destination. We interact with these services on your behalf using credentials you provide; we never store OAuth tokens in recoverable form. We do not use third-party analytics or tracking scripts.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, or delete the personal data we hold about you. To exercise any of these rights, contact us at support@serverchest.com. We will respond within 30 days.

8. Cookies

ServerChest uses a single session cookie to keep you logged in. We do not use tracking, advertising, or analytics cookies.

9. Changes to this policy

We may update this policy from time to time. We will notify registered users by email of any material changes. Continued use of ServerChest after the effective date constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email us at support@serverchest.com.