Legal Framework
Privacy at Joy Services is not treated as a generic checkbox document. It is a core operational commitment that governs how data is collected, processed, protected, stored, transmitted, reviewed, and retained across our infrastructure, support systems, network services, cloud platforms, enterprise environments, and business operations.
This Privacy Policy is written to reflect the realities of modern infrastructure delivery, including customer onboarding, account usage, technical support, routing visibility, security controls, abuse prevention, billing operations, infrastructure monitoring, and platform administration. It explains what information may be processed when you use Joy Services, why that information may be necessary, how we handle it responsibly, and what standards guide our internal practices.
Whether you are a developer, enterprise client, infrastructure operator, hosting customer, partner, or visitor accessing our websites and services, this document is intended to give you a clear understanding of how your information is treated in environments where uptime, trust, security, network visibility, and service reliability matter.
Policy Highlights
Last Updated
22 Apr 2026
The current published version of this Privacy Policy.
Coverage
All Joy Services Platforms
Applies across websites, infrastructure services, customer systems, support channels, and related business operations.
Version
Enterprise Privacy v2
Written for modern cloud, hosting, network, and enterprise use cases.
We design our privacy practices to support operational transparency, lawful processing, service reliability, security enforcement, and responsible data handling across infrastructure environments that require both performance and trust.
This Privacy Policy applies to Joy Services websites, customer dashboards, APIs, cloud control panels, support systems, infrastructure management interfaces, and all related products and services. It is designed to explain how information is handled throughout the lifecycle of account creation, service provisioning, usage, support, monitoring, billing, security enforcement, and service termination. Because Joy Services operates in a distributed infrastructure environment, information may pass through multiple systems, data centers, and network layers as part of ordinary service delivery.
For the purpose of this Privacy Policy, “Personal Data” means information that identifies, describes, relates to, or can reasonably be linked to an individual. Depending on applicable law, such information may include names, email addresses, phone numbers, account identifiers, support communications, IP addresses, login metadata, and device information. In infrastructure and network environments, some technical identifiers that seem operational in nature may still fall within the scope of personal information where they can be linked to a person or an account owner.
“Customer Content” refers to data that customers upload, host, transmit, process, replicate, distribute, or otherwise manage using Joy Services infrastructure. This may include files, backups, virtual machine data, database contents, DNS zones, storage objects, logs generated by customer workloads, and application-level records. “Account Owner” refers to the person or legal entity that establishes the account relationship, accepts the service terms, controls user access, and is responsible for billing and administrative actions.
This Privacy Policy applies regardless of the physical region in which services are deployed or the routing path that network traffic follows. In practice, cloud and network services may operate across multiple jurisdictions depending on peering, transit, resilience design, mitigation events, support workflows, and service location. Continued use of the Services indicates acceptance of the practices described in this Privacy Policy.
Joy Services collects information that is reasonably necessary to establish accounts, deliver cloud and network services, secure the platform, process billing, and support customers. The categories of data collected depend on the type of product or service in use, the level of customer interaction, the method of payment, and the operational characteristics of the environment being deployed. Some information is provided directly by the customer, while other information is generated automatically through normal service usage.
Account data may include name, email address, phone number, company name, billing address, account identifiers, tax-related metadata, and administrative contact details. Billing information may include invoice details, transaction references, taxation records, payment status, subscription events, and plan-level metadata. We may also receive fraud-prevention or payment-validation signals from payment partners as part of ordinary billing security practices. Joy Services does not intentionally design its systems to retain full card data where third-party payment processors are used to complete transactions.
Operational configuration data may include virtual machine settings, assigned IP resources, DNS records, routing preferences, firewall rules, product features enabled by the customer, storage allocation details, backup settings, and service-specific controls. Support data may include email threads, chat messages, support tickets, call notes, attachments, screenshots, and technical details voluntarily provided by the customer during troubleshooting or onboarding.
Authentication and access-related data may include login timestamps, user identifiers, browser or device characteristics, session identifiers, multi-factor authentication status, failed login attempts, and security events. Website and application analytics may include page views, feature usage trends, referral URLs, approximate city-level location, interaction timing, user-agent information, and browser configuration data. Some of this information is collected through cookies, session storage, local storage, or similar technologies used to maintain functionality and improve platform performance.
Joy Services operates a real-time infrastructure environment that depends on constant monitoring of compute, storage, routing, and network conditions. To maintain platform reliability, capacity awareness, service quality, and abuse prevention, we collect and process technical telemetry across several layers of infrastructure. This telemetry is primarily operational and security-focused. It is not collected to build advertising profiles, but to ensure the platform remains stable, traceable, and defensible in a production environment.
Network telemetry may include flow-level metadata such as source and destination IP addresses, source and destination ports, protocols, timestamps, packet counts, byte counts, routing changes, rate-limit events, and anomaly signals. Where applicable, Joy Services may process traffic characteristics similar to NetFlow, sFlow, sampled packet statistics, BGP session events, route advertisements, prefix validation outcomes, DDoS fingerprints, challenge-response decisions, and mitigation logs. This information helps us detect attacks, prevent abuse, troubleshoot network issues, and optimize capacity planning.
Infrastructure telemetry may also include CPU usage, memory consumption, interface counters, device health, storage latency, virtualization host status, process availability, API response codes, cluster health, and service-level event records. In some cases, this data is correlated with account or resource identifiers so that incidents can be isolated to the correct environment, node, tenant, or product area. Such correlation is necessary for support, diagnostics, and abuse response.
Because modern infrastructure depends on dynamic routing, peering behavior, transit paths, and distributed system visibility, telemetry may be collected in multiple locations and retained for reasonable periods aligned to security and operational needs. This monitoring allows Joy Services to identify instability, maintain performance, investigate attacks, and apply targeted protective actions where required to preserve network integrity.
Customer Content is controlled by the customer. Joy Services processes such data only to the extent necessary to provide the Services, maintain operational continuity, protect infrastructure, assist with support requests, or comply with applicable law. In most scenarios, Joy Services acts as a service provider or processor with respect to Customer Content, while the customer remains the party that determines the purpose and lawful basis of storing or processing such data within workloads, applications, databases, object storage, virtual machines, and network-connected systems.
Joy Services does not use Customer Content for advertising models, resale, or unrelated commercial profiling. Access to Customer Content is restricted internally and is generally limited to events where such access is required for incident handling, customer-authorized troubleshooting, fraud detection, abuse investigation, migration assistance, or legal compliance. Where feasible, access is limited to the minimum necessary scope, and such access may be logged or reviewed as part of normal internal control practices.
Customers remain responsible for ensuring they have sufficient rights and legal basis to store, transmit, or process any personal data, confidential records, or regulated information they place on the platform. This includes responsibility for notices, consent collection where required, retention choices, data minimization, encryption decisions, and workload-level compliance with laws that apply to their own business or end users. Joy Services provides infrastructure and operational safeguards, but does not assume responsibility for how customers themselves collect or legally justify the data they choose to process.
If Customer Content is deleted, corrupted, misconfigured, exposed by customer action, or rendered inaccessible due to application-level issues inside a customer-managed environment, the resulting consequences remain subject to the customer’s own operational controls and backup strategy. The privacy treatment of Customer Content is therefore closely connected to customer responsibility for secure architecture, lawful processing, and appropriate administrative management.
Joy Services uses collected information to operate and improve infrastructure services, maintain customer accounts, deliver requested products, secure the environment, process billing, and communicate important service-related information. Information handling is designed to be tied to identifiable operational purposes rather than broad or undefined internal use. In practical terms, we use data because a modern cloud and network platform cannot function safely or reliably without identity controls, resource mapping, billing records, support traces, analytics, and abuse detection.
Account and profile information is used to create and maintain customer relationships, verify ownership, manage user roles, send notices, and provide authenticated access to services. Billing information is used to generate invoices, collect payment, issue receipts, assess overdue accounts, apply taxes where required, and maintain internal accounting records. Technical configuration data is used to provision compute, storage, networking, DNS, and related service components according to the customer’s requests or saved product settings.
Security and operational data is used to detect fraud, investigate incidents, identify malicious behavior, enforce acceptable use policies, maintain routing stability, optimize capacity, and preserve platform integrity during abnormal conditions. Support communications and attached records are used to troubleshoot reported issues, track service history, and improve the accuracy and speed of technical assistance. Analytics and interaction data may also be used to improve user experience, identify broken workflows, refine interface behavior, and prioritize engineering improvements.
Joy Services may also use information to send essential administrative notices, maintenance alerts, policy changes, incident advisories, abuse notifications, payment reminders, and service lifecycle communications. We may use optional consent-based channels for newsletters, promotional material, or feature announcements where such communications are legally permissible and where unsubscribe options are available.
Depending on the region and applicable law, Joy Services relies on one or more legal bases for the collection and processing of information. The most common basis is contractual necessity. When a customer signs up for or uses the Services, we must process account information, access events, technical metadata, billing information, and certain operational data in order to provision and maintain the requested services. Without this processing, the Services could not be delivered in a functional or supportable manner.
We also process information based on legitimate interests. These interests include maintaining infrastructure security, preventing spam and fraud, detecting attacks, analyzing service health, monitoring abuse patterns, improving reliability, and protecting the platform, our customers, and other third parties from harm. Where we rely on legitimate interests, we do so with the expectation that such processing is proportionate, connected to a real operational need, and not overridden by fundamental user rights in the relevant context.
Consent may be used as the legal basis for optional processing activities, such as certain marketing communications, preference-driven cookies, or non-essential analytics features where required by law. When consent is the basis, users may generally withdraw it through the available controls, portal preferences, browser settings, or unsubscribe mechanisms. Withdrawal of consent does not affect processing that was lawfully carried out before such withdrawal.
In some cases, Joy Services processes information to comply with legal obligations, such as tax record retention, lawful disclosure requirements, anti-fraud controls, accounting duties, and legally mandated response procedures. These obligations may vary by jurisdiction and may continue beyond the active life of an account where recordkeeping is required by law.
Joy Services does not sell personal data in the ordinary course of business. However, information may be shared with carefully selected third parties where such sharing is necessary to operate, secure, support, or legally manage the Services. This includes service providers who assist with payment processing, invoice delivery, support platforms, analytics tooling, communications systems, fraud prevention, ticket handling, infrastructure observability, and customer notification workflows.
In network and interconnection environments, limited technical metadata may be exchanged with peers, transit providers, mitigation partners, carriers, or infrastructure vendors where required for routing coordination, service activation, incident response, abuse handling, or DDoS defense. Such sharing is generally technical in nature and is intended to maintain service continuity, trace activity, validate reachability, coordinate mitigation, or protect the wider network from harm.
Information may also be disclosed if required by applicable law, valid legal process, court order, regulatory request, or lawful governmental instruction. Where legally permitted, Joy Services may seek to narrow overbroad requests or require appropriate authority before disclosure. We may also disclose information where reasonably necessary to investigate fraud, enforce policies, protect the rights and security of Joy Services or other users, or respond to emergencies involving potential harm.
In the event of a merger, acquisition, restructuring, financing transaction, or sale of assets, relevant data may be transferred as part of the transaction, subject to confidentiality obligations and applicable privacy safeguards. Any such disclosure would be made in the context of continued business operations and not for unrelated external monetization.
Joy Services uses cookies, local storage, and similar technologies to maintain sessions, protect account access, remember user preferences, improve platform usability, and understand how pages and features are performing. Some of these technologies are strictly necessary for the customer portal and website to function correctly. For example, session cookies may be used to keep users logged in securely, protect against cross-site request forgery, preserve authenticated workflows, and maintain preference state across page transitions.
Preference-oriented storage may be used to remember items such as theme mode, dashboard layout, language settings, interface state, consent choices, and temporary navigation behavior. Analytics cookies or scripts may be used to measure page usage, detect broken interactions, understand feature adoption, and improve the user experience over time. Such analytics are intended to support product quality, performance tuning, and interface improvements rather than broad advertising or cross-site consumer profiling.
Users can often manage cookies and similar technologies through browser settings, cookie banners, consent tools, or account preferences where such controls are made available. Disabling all cookies may reduce site functionality, interrupt authenticated sessions, or prevent certain portal actions from working properly. Some strictly necessary cookies cannot be disabled without affecting the core operation of the service interface.
Where required by law, Joy Services may request consent before placing non-essential analytics or preference technologies. If consent rules apply in a given jurisdiction, the service interface or website may provide additional notice regarding these controls. Continued use of required portal functions may still involve baseline technical storage necessary to deliver the service securely.
Joy Services retains information only for as long as reasonably necessary to provide the Services, maintain security, satisfy legal obligations, resolve disputes, protect against abuse, and enforce agreements. The exact retention period depends on the category of data, the operational context, the type of service being used, and any legal or regulatory recordkeeping requirements that apply to the business relationship. Not all data is retained for the same duration, because billing records, audit traces, authentication events, and customer-generated content each serve different purposes.
Billing and accounting records may be retained for the duration required by tax, audit, and statutory compliance frameworks. Security logs and operational telemetry may be kept for reasonable periods needed to investigate incidents, maintain historical visibility, analyze abuse patterns, confirm service events, or support forensic review. Support records may also be retained for service continuity, product improvement, dispute resolution, or documentation of important operational decisions.
Customer Content may be deleted after account closure, cancellation, expiry of retention periods, or execution of customer-initiated deletion actions, subject to backup windows, service-level retention policies, safety hold periods, or legal requirements that may temporarily delay irreversible deletion. In some environments, residual data may remain in encrypted backups or disaster recovery systems for a limited time until such media rotates out according to internal retention schedules.
Requests for deletion may be subject to identity verification and operational limitations. Certain records cannot be immediately erased where they are required to maintain financial compliance, defend legal claims, prevent repeated abuse, or preserve the integrity of fraud and security controls. Retention decisions are made with reference to service continuity, lawful obligations, and practical infrastructure realities.
Joy Services applies administrative, technical, and organizational safeguards intended to protect information against unauthorized access, misuse, disclosure, alteration, and destruction. These safeguards are designed with the realities of modern cloud and network operations in mind, where service integrity depends on layered controls across customer interfaces, virtualization platforms, storage systems, API gateways, and transit or peering environments.
Security measures may include role-based access control, least-privilege principles, segmentation, logging, anomaly detection, credential verification, secure communications, review of privileged actions, session management, abuse detection pipelines, and mitigation tooling for network-level threats. Where supported and appropriate, encryption may be used in transit, and internal service controls may be designed to reduce unnecessary data exposure during support or operational workflows.
We continuously monitor for suspicious activity, service anomalies, exploit attempts, unusual access behavior, and patterns associated with DDoS attacks, malware operations, credential abuse, or exploitation campaigns. During emergencies, Joy Services may apply targeted mitigation measures, restrict access, null-route traffic, rotate internal systems, or alter service behavior to preserve overall platform stability and protect impacted customers or third parties.
No method of transmission, storage, or distributed processing can be guaranteed to be completely secure. For that reason, customer cooperation remains important. Customers are expected to secure their credentials, use strong authentication practices, limit unnecessary account access, patch their own workloads, and adopt appropriate backup and application security measures within the resources they control.
While Joy Services provides infrastructure safeguards and platform-level controls, customers remain responsible for the security and lawful handling of the data, workloads, and users they manage within their own environments. This includes responsibility for access governance, data hygiene, operating system hardening, application-layer controls, patching schedules, encryption decisions, firewall policies, SSH key handling, credential rotation, endpoint security, and appropriate administrative oversight of all users who are granted access to an account or deployed services.
Customers should use strong passwords, enable multi-factor authentication where available, review account access regularly, remove unused users, and avoid sharing credentials across multiple people. Customers are also responsible for their own retention choices, backup policies, legal notices to their users, incident reporting obligations under laws that apply to them, and classification of the information they store or process in the Services. If a customer chooses to process sensitive, confidential, or regulated data, the customer is responsible for determining whether the chosen architecture and controls are appropriate for that purpose.
Joy Services cannot prevent every privacy or security issue arising from insecure customer behavior, weak application design, exposed management interfaces, unmaintained software, customer-side malware, or compromised endpoint devices. The shared-responsibility nature of cloud and network services means privacy outcomes depend not only on provider controls but also on customer decisions and operational discipline.
Customers are encouraged to implement internal policies, audit access frequently, and ensure their own downstream users or clients understand the privacy implications of the services they are using. Where customers act as controllers of third-party data, they remain responsible for compliance with applicable laws governing those relationships.
Depending on the jurisdiction that applies to you, you may have rights relating to the personal data Joy Services holds about you. These rights may include the right to request access to your personal data, request correction of inaccurate information, request deletion in appropriate circumstances, object to certain types of processing, request restriction of processing, or request a copy of data in a portable format where such rights are legally recognized. The availability and scope of these rights vary by law and by the context in which the data is processed.
Many account-level details may be updated directly through the customer portal where functionality is available. Marketing communications that are not essential to service operation may generally be opted out of using unsubscribe controls or account preferences. Cookie choices may also be adjusted through browser controls or consent interfaces where such mechanisms are provided. For privacy requests that cannot be handled directly through the portal, users may contact Joy Services using the designated support or privacy communication channels.
Before fulfilling certain requests, Joy Services may require verification of identity or account authority in order to prevent unauthorized disclosure or deletion. We may also decline, delay, or narrow a request where the law permits us to do so, including where the request affects the rights of others, conflicts with legal obligations, interferes with abuse prevention, or cannot be fulfilled without compromising system integrity or security controls.
Some information may need to be retained even after a privacy request is made, particularly where retention is required for billing, legal compliance, fraud prevention, dispute defense, security review, or recordkeeping obligations. Privacy rights are therefore applied in a manner that respects both individual rights and the practical obligations of operating a secure infrastructure platform.
Need more clarity?
Whether you're deploying infrastructure, scaling workloads, or optimizing network performance, our team is available to assist with architecture decisions, deployment guidance, and service clarification across all Joy Services offerings.
Availability
Engineering assistance available around the clock for infrastructure and network issues.
Response
Priority response times based on service level and deployment type.
Infrastructure
Distributed presence across major IX and data centers for reliability.
Network
Direct peering, IX connectivity, and optimized routing paths.