Effective Date: [16/04/2026]
Last Updated: [16/04/2026]
RedSwitches Pte Ltd. (“RedSwitches”, “we”, “us”, “our”) is committed to protecting the personal data of our customers and website visitors. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and your rights in relation to it.
RedSwitches is a bare-metal cloud infrastructure provider incorporated in Singapore. We provide dedicated physical servers, network connectivity, and power infrastructure to businesses and individuals worldwide. We do not access, monitor, moderate, or control the content or data that clients store or process on their servers.
This Privacy Policy applies to personal data collected through our website (redswitches.com), our customer portal, our support channels, and in connection with the provision of our services. It does not apply to data that clients store on their servers — clients are solely responsible for the personal data they process on the infrastructure we provide.
Please read this Privacy Policy carefully. By using our website or services, you acknowledge that you have read and understood this policy.
The data controller responsible for your personal data is:
RedSwitches Pte Ltd.
[Registered Address]
Singapore
For matters relating to this Privacy Policy, you may contact us at:
RedSwitches acts as a data controller for personal data collected in connection with account registration, billing, support, and website usage.
RedSwitches acts as a data processor (and, under Singapore’s PDPA, a “data intermediary”) for any personal data that clients store or process on their dedicated servers. In that capacity, our Data Processing Agreement (DPA) — available separately — governs our obligations to clients as data controllers.
We collect only the personal data that is necessary for the purposes described in this Privacy Policy. The categories of personal data we collect are:
When you register for a RedSwitches account, we collect:
Payments are processed by our third-party payment providers: Stripe (credit/debit cards and bank transfers) and Cryptomus (cryptocurrency payments). We do not store full card numbers, CVV codes, or equivalent sensitive payment credentials on our systems. We retain transaction references, amounts, dates, and payment method type (e.g., last 4 digits of a card) for billing and accounting purposes.
For cryptocurrency payments, we receive transaction hashes, wallet references, and confirmation details as provided by Cryptomus.
In the course of providing services and operating our infrastructure, we collect:
When you contact us through our support channels, we collect:
When you visit redswitches.com, we collect data through cookies and similar technologies, including:
Please refer to our Cookie Policy (available on our website) for detailed information about the cookies we use and how to manage your preferences.
We use your personal data for the following purposes:
To provision and operate your bare-metal server services, manage your account, authenticate your access to the customer portal, send service-related communications (including invoices, renewal notices, service alerts, and maintenance notifications), and respond to support requests.
Legal basis (GDPR): Contract performance (Article 6(1)(b))
To process payments, issue invoices, maintain financial records, and manage credit control and collections.
Legal basis (GDPR): Contract performance (Article 6(1)(b)); Legal obligation (Article 6(1)©) for financial record retention
To detect, investigate, and respond to abuse, fraud, unauthorized access, DDoS attacks, and other threats to the security and integrity of our infrastructure and the services provided to other clients. This includes analysis of network traffic patterns, IP reputation checks, and review of access logs.
Legal basis (GDPR): Legitimate interests (Article 6(1)(f)) — our legitimate interest in protecting the security and integrity of our infrastructure and our clients’ services
To comply with applicable legal obligations, including financial record-keeping requirements, data protection obligations, and responding to lawful requests from law enforcement agencies, courts, or regulatory authorities. See our Law Enforcement Request Policy for further information on how we handle such requests.
Legal basis (GDPR): Legal obligation (Article 6(1)©); Legitimate interests (Article 6(1)(f))
To understand how our website and services are used, improve our offerings, monitor performance, and conduct internal analytics. Where we use cookies or similar technologies for non-essential analytics purposes, we do so on the basis of your consent.
Legal basis (GDPR): Legitimate interests (Article 6(1)(f)) for aggregated/anonymised analytics; Consent (Article 6(1)(a)) for non-essential cookies
If you have opted in, to send you promotional communications about RedSwitches products, services, and offers. You may withdraw your consent at any time by using the unsubscribe link in any marketing email or by contacting [email protected].
Legal basis (GDPR): Consent (Article 6(1)(a))
For individuals in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):
| Purpose | Legal Basis | GDPR Article |
|---|---|---|
| Service delivery and account management | Performance of a contract | Art. 6(1)(b) |
| Billing and payment processing | Performance of a contract | Art. 6(1)(b) |
| Financial record retention | Legal obligation | Art. 6(1)© |
| Abuse prevention and network security | Legitimate interests | Art. 6(1)(f) |
| Responding to law enforcement requests | Legal obligation / Legitimate interests | Art. 6(1)© / 6(1)(f) |
| Internal analytics and service improvement | Legitimate interests | Art. 6(1)(f) |
| Non-essential cookies and tracking | Consent | Art. 6(1)(a) |
| Marketing communications | Consent | Art. 6(1)(a) |
Where we rely on legitimate interests as a legal basis, we have assessed that our interests are not overridden by your rights and interests. You have the right to object to processing based on legitimate interests — see Section 9 below.
Where we rely on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
We do not sell your personal data to third parties. We share personal data only as described below:
We share billing data with our payment processors — Stripe and Cryptomus — to process transactions. These processors are bound by their own privacy policies and applicable data protection law. They act as independent data controllers or processors for their own fraud prevention and financial compliance purposes.
We share limited operational data (such as network and access-related information) with the data center operators and colocation partners who host our hardware infrastructure. These providers operate under contractual data protection obligations and act as sub-processors where applicable.
We may disclose personal data to law enforcement agencies, courts, regulators, or other government authorities where:
We will endeavour to notify affected clients of legal requests where permitted by law. For more detail, please refer to our Law Enforcement Request Policy published on our website.
We will not voluntarily provide personal data to law enforcement beyond what is legally required.
We engage certain trusted third-party service providers to support our operations (e.g., customer support platforms, email delivery services, monitoring tools). These providers process personal data only on our instructions and are contractually bound by appropriate data protection obligations.
In the event of a merger, acquisition, asset sale, or restructuring, personal data may be transferred to a successor entity, subject to equivalent privacy protections.
We may share personal data with other parties where you have given your explicit consent.
7.1 RedSwitches operates globally, with data centers in multiple countries including the Netherlands (Amsterdam), the United States, Singapore, and other locations. In providing our services, personal data may be transferred between these jurisdictions.
7.2 Our company is incorporated in Singapore. For clients in the European Economic Area (EEA), transfers of personal data to Singapore or to other countries without an EU adequacy decision are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission (2021 EU SCCs), incorporated into our Data Processing Agreement.
7.3 We maintain a Transfer Impact Assessment (TIA) to document our analysis of the legal framework in recipient countries and the adequacy of the protections provided by SCCs in the context of those jurisdictions. Singapore’s PDPA provides meaningful data protection without mechanisms for mass government surveillance of the type that has undermined adequacy assessments for other jurisdictions.
7.4 For transfers of personal data in other directions, we rely on appropriate safeguards including contractual protections and our data processing agreements with sub-processors.
7.5 You may request a copy of the relevant transfer safeguards by contacting [email protected].
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by law.
| Data Category | Retention Period |
|---|---|
| Account data (name, email, contact details) | Duration of active service relationship |
| Billing and financial records | 5 years after service termination (per Singapore Companies Act / IRAS requirements) |
| Support and communication records | 3 years after resolution of the relevant matter |
| Website logs and access logs | 90 days (rolling) |
| Marketing consent records | Until consent is withdrawn, plus 1 year for record-keeping |
| Server/client data on bare-metal servers | Wiped immediately upon service termination (secure drive erasure) |
8.1 Upon termination of a service, the dedicated server and its storage are securely wiped using industry-standard data erasure procedures. Deletion certificates are available upon request. RedSwitches retains no copies of client data stored on servers following service termination.
8.2 Financial and tax records are retained in accordance with Singapore legal requirements (the Companies Act and Inland Revenue Authority of Singapore requirements), typically 5 years.
8.3 Where retention beyond the standard periods is required due to ongoing legal proceedings, regulatory investigations, or contractual obligations, we will retain relevant data only for the duration of that requirement.
If you are located in the European Economic Area, you have the following rights under the GDPR in relation to your personal data:
Right of Access (Art. 15): You may request a copy of the personal data we hold about you and information about how we process it.
Right to Rectification (Art. 16): You may request that we correct inaccurate or incomplete personal data.
Right to Erasure (Art. 17): You may request deletion of your personal data in certain circumstances (e.g., where data is no longer necessary for its original purpose, or where you withdraw consent and there is no other legal basis for processing).
Right to Data Portability (Art. 20): You may request that we provide your personal data to you or to another controller in a structured, commonly used, machine-readable format, where processing is based on contract or consent.
Right to Restriction of Processing (Art. 18): You may request that we restrict the processing of your personal data in certain circumstances.
Right to Object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). You may also contact the supervisory authority in your country of residence.
To exercise any of these rights, contact us at: [email protected]
We will respond to requests within 30 days (or within 72 hours for urgent requests where required by law). We may need to verify your identity before processing your request.
If you are located in Singapore, or your personal data is processed in connection with Singapore law, you have the following rights under the Personal Data Protection Act 2012 (as amended 2020):
Right of Access: You may request access to the personal data we hold about you and information about how it has been used or disclosed in the past year.
Right to Correction: You may request that we correct personal data that you believe is inaccurate, incomplete, misleading, or not up to date. We will correct data unless there is a legal reason we are unable to do so and will, where appropriate, send the corrected data to organisations to which we have previously disclosed your data.
Right to Withdraw Consent: You may withdraw consent for the collection, use, or disclosure of your personal data at any time, subject to legal or contractual restrictions. Note that withdrawing consent may affect our ability to continue providing services.
Data Protection Officer (DPO): RedSwitches has appointed a Data Protection Officer as required under the PDPA. The DPO’s contact details are published on our website and available upon request. You may direct PDPA-related queries and requests to:
We aim to respond to access and correction requests within 30 calendar days. Complex requests may require up to 60 days; we will notify you if additional time is needed.
You may also contact the Personal Data Protection Commission (PDPC) at pdpc.gov.sg if you believe your PDPA rights have not been respected.
Our website uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, and analyse website traffic.
We use the following categories of cookies:
For detailed information about the cookies we use, how long they last, and how to manage your preferences, please refer to our Cookie Policy, available on our website. You may update your cookie preferences at any time through our cookie consent manager.
Our services are not directed at, and are not intended for use by, individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected personal data from a minor, please contact us at [email protected] and we will promptly delete it.
RedSwitches implements appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. Our security measures include:
No security measure is guaranteed to be impenetrable. In the event of a data breach affecting your personal data, we will notify you and applicable regulatory authorities in accordance with applicable law and the timelines described in our DPA (where relevant).
To report a security concern, please contact: [email protected]
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law.
When we make material changes, we will notify you by:
The “Last Updated” date at the top of this policy reflects when it was most recently revised. We encourage you to review this policy periodically. Continued use of our services after the effective date of any changes constitutes acceptance of the updated policy.
For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact us at:
Privacy Enquiries:
[email protected]
Data Protection Officer:
RedSwitches Pte Ltd.
[Address]
Singapore
Email: [email protected]
(DPO contact details are also published on our website in compliance with PDPA requirements.)
Legal:
[email protected]
For abuse-related matters: [email protected]
For security-related matters: [email protected]
This Privacy Policy is governed by the laws of the Republic of Singapore, without prejudice to any mandatory rights you have under the law of your country of residence.