Privacy Policy

Last updated: March 26, 2026

Overview

AltoHost ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

Data We Collect

Account Information

When you register, we collect your name, email address, and a hashed version of your password. We never store plaintext passwords.

Usage Data

We collect aggregate usage metrics including connection counts, message counts, and bandwidth usage per app. This data is used for plan enforcement and analytics displayed in your dashboard.

Connection Logs

We may log connection events (connect, disconnect, subscribe, unsubscribe) for debugging and security purposes. These logs are retained for a limited period.

Message Content

AltoHost is a real-time message transport layer. We do not persistently store the content of messages sent through channels. Messages are delivered to subscribers and not retained after delivery.

How We Use Your Data

  • To provide and maintain the Service
  • To authenticate your identity and authorize API access
  • To enforce plan limits and prevent abuse
  • To display usage analytics in your dashboard
  • To communicate important service updates
  • To respond to support requests

Data Security

We protect your data with:

  • TLS encryption on all connections
  • HMAC-SHA256 signed channel authentication
  • Bcrypt password hashing
  • HTTP-only session cookies
  • Server-side API key and secret management
  • Firewall and intrusion prevention on our infrastructure

Cookies

We use a single HTTP-only session cookie for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics.

Third-Party Services

We use the following third-party services:

  • Neon — PostgreSQL database hosting (stores account and app data)
  • Vercel — Hosts our marketing website

We do not sell your data to third parties.

Data Retention

Account data is retained as long as your account is active. Upon account deletion, all associated data (apps, API keys, usage records) is permanently deleted. Connection logs are retained for up to 30 days.

Your Rights

You have the right to:

  • Access your account data via the dashboard or API
  • Update or correct your account information
  • Delete your account and all associated data
  • Export your app configuration and API keys
  • Request information about what data we hold

Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance.

Contact

Questions about privacy? Contact us at privacy@altohost.com.