BlogVault is GDPR Ready

Last Updated: June 2026

BlogVault (The Inactiv.com Media Solutions Private Limited) is the company behind BlogVault, MalCare, WP Remote, Airlift, and Migrate Guru. This page describes our GDPR compliance and applies to all of these products.

The General Data Protection Regulation (GDPR) is a European Union regulation (Regulation (EU) 2016/679) that establishes a comprehensive framework for the handling and processing of personal data of individuals within the European Union (EU) and European Economic Area (EEA). It has been applicable since May 25, 2018.

The GDPR gives individuals greater control over their personal data and imposes strict obligations on organisations that collect, process, or store personal data of EU residents.

In addition to the EU GDPR, BlogVault complies with the UK GDPR (as retained in UK law following Brexit).

What Rights Do Data Subjects Have Under GDPR?

The GDPR grants individuals the following rights:

  • Right to be Informed: You have the right to know how your personal data is collected, used, and stored.
  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that inaccurate personal data be corrected or incomplete data be completed.
  • Right to Erasure (“Right to be Forgotten”): You can request permanent deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we use your personal data.
  • Right to Data Portability: You can request your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You can object to certain types of processing, including processing for direct marketing purposes.
  • Rights Relating to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects.

How is BlogVault Compliant with GDPR?

BlogVault is fully committed to GDPR compliance and has implemented comprehensive measures to protect the personal data of our customers and their end users.

Our Commitments

  • Data Minimisation: We collect and process only the personal data that is necessary for the provision of our services. We do not collect data beyond what is required to deliver website backup, security, and management services.
  • Lawful Processing: All personal data processing is conducted on the basis of a valid legal ground under GDPR Article 6, including contractual necessity, legitimate interest, and consent where applicable.
  • Transparency: We maintain clear and accessible privacy documentation. This page, our Privacy Policy, and our Data Processing Agreement (DPA) provide clear information about how personal data is handled.
  • Data Security: We implement industry-standard technical and organisational security measures to protect personal data, including encryption at rest and in transit, multi-factor authentication, role-based access controls, and regular security assessments. Our infrastructure is hosted within the European Union (Germany and Amazon (AWS) EU regions).
  • Sub-Processor Management: We use sub-processors to provide, secure, support, and improve our services — including cloud infrastructure and hosting providers, payment processors, communications and customer support tools, analytics, and AI services. Each sub-processor is contractually bound to provide a level of data protection materially equivalent to that required by GDPR. A current list of our sub-processors is set out in our Data Processing Agreement.
  • We and our sub-processors may process personal data in countries outside the EEA. Where this involves a restricted transfer, we rely on appropriate safeguards such as Standard Contractual Clauses (2021 SCCs), the UK Addendum, the EU-US Data Privacy Framework, or another lawful transfer mechanism. We limit the personal data shared with our AI providers to what is necessary for the relevant function.
  • Breach Notification: In the event of a personal data breach, we notify affected customers without undue delay and within 72 hours of becoming aware of the breach, in line with GDPR Articles 33 and 34.
  • Data Protection by Design and Default: Privacy considerations are integrated into our product development process from the outset, not as an afterthought.

How We Handle Your Data Subject Rights

Right to Access Your Data

You can access your account information at any time through your BlogVault dashboard. If you need a copy of data that is not accessible through your account, you may submit a request to privacy@blogvault.net. We will provide the data in a structured, machine-readable format (such as JSON or CSV) within a reasonable timeframe.

Right to Rectification

You can update your personal information (name, email, contact details) at any time through your BlogVault dashboard. For any corrections that cannot be made through your account, please contact us at privacy@blogvault.net.

Right to Erasure (“Right to be Forgotten”)

You can delete your account and all associated data through your BlogVault dashboard, or by submitting a request to privacy@blogvault.net. Upon receiving a valid erasure request:

  1. We will soft-delete your contact record from our systems.
  2. We will permanently delete your personal data, including profile information, support tickets, and associated records.
  3. We will notify our sub-processors to delete any copies of your personal data.
  4. We will provide written confirmation of deletion where reasonably available.

Note: We may retain certain data for longer periods where required by applicable law (e.g., financial records for tax compliance are retained for 7 years). Such data will be processed solely for the purpose of the legal obligation and will be securely protected from further processing.

Right to Data Portability

You can export your data through your BlogVault dashboard or by requesting an export at privacy@blogvault.net. We will provide your data in a structured, commonly used, machine-readable format (JSON, CSV, or XML) within a reasonable timeframe.

Right to Object to Analytics Processing

If you do not wish for your usage data to be processed for analytics purposes, you may opt out by contacting us at privacy@blogvault.net. We will cease processing your data for analytics within a reasonable timeframe.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Our retention periods are:

Data CategoryRetention Period
Account record (email)Retained for security reasons
Payment recordsRetained for tax compliance
Support ticket data10 Years
Analytics data15 Years
Email delivery logs1 Year

After the applicable retention period expires, your data is securely deleted or anonymised. The table above covers personal data we hold as a data controller (such as your account, billing, and support data). For retention of your website data processed as part of the Services (e.g., backups, security scans), please refer to Sub-Appendix D of our Data Processing Agreement.

Where is Your Data Stored?

BlogVault stores all customer data within the European Union. Our primary data storage locations are:

  • Hetzner data centres in Germany
  • Amazon (AWS) data centres in EU regions
  • Google data centres in EU regions

Access to your data by our support and engineering team may occur from other locations (including India) for the purpose of providing customer support and managing infrastructure. All such access is subject to strict security controls, confidentiality obligations, and appropriate data transfer safeguards (Standard Contractual Clauses or the EU-US Data Privacy Framework).

Cookie and Tracking Notice

BlogVault’s website (blogvault.net) may use cookies and similar tracking technologies. When you visit our website, you may encounter:

  • Essential cookies: Required for the website to function (e.g., session cookies, security cookies).
  • Analytics cookies: Used by our analytics provider to understand how visitors interact with our website.
  • Advertising cookies: Used by third-party advertising platforms to serve relevant advertisements and measure advertising effectiveness. These cookies may track your browsing activity across websites.

We use a cookie consent banner on blogvault.net to obtain your consent before setting non-essential cookies. You can manage your cookie preferences at any time through the banner or by adjusting your browser settings.

For more details about how we use cookies, please contact us at privacy@blogvault.net.

Our Role: Data Controller and Data Processor

BlogVault acts as both a data controller and a data processor:

  • As a Data Controller: When we collect and process your personal data for our own purposes — such as processing payments, providing customer support, and managing your account — BlogVault is the data controller.
  • As a Data Processor: When you use our services to back up, secure, or manage your website and the personal data of your website’s visitors is processed as part of those services — BlogVault acts as a data processor on your behalf.

Data Processing Agreement (DPA)

If GDPR applies to your organization and you need a DPA to satisfy GDPR requirements, BlogVault makes one available at the following URL: https://blogvault.net/blogvault-dpa/

In order for it to be binding, please send the executed document back to privacy@blogvault.net.

Payment Data Security

BlogVault processes payments through Stripe and PayPal, both PCI DSS-certified payment processors. We do not store full payment card numbers or CVV on our systems. For identification purposes, we store only the last four digits of your payment card and the expiration date. All payment transactions are handled securely on Stripe’s and PayPal’s own infrastructure.

Contact Us

If you have any questions about GDPR, our data practices, or your rights, please contact us:

Privacy Contact: BlogVault Privacy Team Email: privacy@blogvault.net

You may also reach out to BlogVault Support for any questions.


This page was last updated in June 2026. We review and update our GDPR documentation regularly to reflect changes in applicable law and our data practices.