Legal

Privacy Policy

Last updated 5 June 2026

viabandwidth is an infrastructure-intelligence directory operated by Steven Higashi, a sole trader registered in France under SIREN 842 245 599, 8 Rue Masson, 69001 Lyon. This policy explains what personal data the service processes, why, the legal bases it relies on, how long it is kept, and the rights you have over it. For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”), the data controller is Steven Higashi, reachable at [email protected].

1. The two kinds of data we handle

Directory data about organisations.viabandwidth maintains a directory of infrastructure providers, including data centre operators, carriers, colocation, bare-metal, and GPU companies. The records are built from public sources, such as regional internet registry allocations, peering databases, operators’ own published websites, and corporate registries, and they describe businesses, not individuals. Where a record includes a contact route, we hold and publish only role-based business contacts, meaning a sales or business-development inbox, a sales phone line, and the organisation’s public website. We deliberately do not collect, store for display, or reveal personal email addresses, personal or direct-dial phone numbers, or residential addresses.

Customer account data. When you create an account, buy credits, or contact us, we process the data you give us: your name, email address, the company you represent, billing identity and address where invoicing requires it, and a record of the credits you have purchased and the directory reveals you have unlocked.

2. Why we process it, and our legal bases

Operating the directory of business and role-based contact data, on the basis of legitimate interest (Article 6(1)(f)) in providing a business-to-business procurement tool. We have weighed this against the interests of the organisations listed, limited the data to role-based business routes, and offer a straightforward opt-out (see section 6).
Providing your account and the credit-reveal service, on the basis of performance of a contract with you (Article 6(1)(b)).
Issuing and retaining invoices, on the basis of compliance with a legal obligation under tax and accounting law (Article 6(1)(c)).
Securing the service and preventing abuse or scraping, on the basis of legitimate interest (Article 6(1)(f)) in protecting the platform and its data.

3. Information collected automatically

To keep the service secure and working, we process a small amount of technical data when you visit, such as your IP address and basic request logs. We use it only to keep you signed in, to prevent abuse and scraping, and to diagnose faults. We do not use it for advertising or cross-site tracking.

4. The credit-reveal feature

Searching and filtering the directory is open. Unlocking an organisation’s contact route costs one credit. What a reveal returns is limited by design to the role-based business contacts described in section 1, meaning a sales or business-development inbox, a sales phone line, and the public website. Personal data of named individuals is never placed behind, or released by, the reveal. Revealed contacts may be used only for legitimate business outreach; reselling, redistributing, or using them for unsolicited bulk marketing is prohibited by our Terms of Service and Acceptable Use Policy and may breach the GDPR and ePrivacy rules that apply to you as the sender.

5. Retention

Account and credit records are kept for the life of the commercial relationship and for the period that tax and accounting law requires afterwards, then deleted on request once those obligations lapse. Directory records are kept while the organisation remains an active part of the infrastructure landscape, and are updated or removed on request. Support and contact messages are kept only as long as needed to deal with the matter and a reasonable period afterwards.

6. Sharing and international transfers

We do not sell personal data. We share it only with the service providers needed to run the platform, namely hosting, email delivery, and payment processing through Stripe, each acting under contract on our instructions. Stripe processes your payment details directly as part of taking your payment; we do not receive or store your full card number. Some of this infrastructure is operated from outside the European Economic Area; where personal data is transferred to a country the European Commission has not found adequate, we rely on Standard Contractual Clauses or another mechanism permitted under Chapter V of the GDPR. The list of providers and safeguards can be requested at the contact address below.

7. Your rights

viabandwidth is operated from France and processes personal data in accordance with the GDPR, the French Data Protection Act (Loi Informatique et Libertés), and equivalent laws that may apply to you, including the UK Data Protection Act and the California Consumer Privacy Act. Whatever your jurisdiction, you have the right to access the data we hold about you, to have it corrected or erased, to restrict or object to its processing, to data portability, and to withdraw consent where processing relies on it.

If you are listed in the directoryand want your organisation’s record corrected or removed, email the address below and it will be actioned. An objection to legitimate-interest processing is honoured unless we have a compelling overriding ground.

You also have the right to lodge a complaint with a supervisory authority. In France that is the Commission nationale de l’informatique et des libertés (CNIL), cnil.fr. People elsewhere in the EEA can contact their national authority, and people in the United Kingdom can contact the Information Commissioner’s Office. To exercise any right, email the address below and identify your request clearly so we can respond within one month, as the GDPR requires.

8. Cookies

The service uses a small number of strictly necessary cookies and equivalent local storage to keep you signed in, remember your acceptance of these notices, and secure the platform. These do not require consent. We do not use advertising or cross-site tracking cookies. If that ever changes we will ask for your consent first through the banner shown on your visit.

9. Children

viabandwidth is a tool for infrastructure professionals and is not directed at children under sixteen. We do not knowingly process their personal data, and any account found to belong to a minor is removed on discovery.

10. Changes and contact

We may update this policy as the service evolves. The “last updated” date above marks the current version, and material changes will be highlighted on the site. Questions, requests, or concerns about privacy, including directory opt-outs, can be sent to [email protected]. The operator is Steven Higashi.