Privacy Policy

Last Updated: February 2026

Your privacy is not just a policy; it is our primary product feature. Whitehirst is designed to minimize data collection and maximize your sovereignty.

1. Data Location & Sovereignty

All virtual workstations and associated storage volumes are hosted physically in Nuremberg, Germany.

Whitehirst Ltd. is a registered company in the United Kingdom. We operate under the jurisdiction of England & Wales. We are not a US subsidiary, and your data is not subject to the US CLOUD Act.

2. No AI Training (Zero Retention)

Your workstation is a private enclave. We strictly do not use your data, code, or usage patterns to train Artificial Intelligence models.

Active Removal of Copilot: We actively surgically remove Microsoft "Copilot", "Recall", and AI integration services from the operating system image before provisioning. We block the relevant network endpoints at the firewall level. Your code remains your intellectual property and is never ingested by third-party LLMs.

3. Data We Collect

We collect only what is strictly necessary to provide the service:

Account Information: Email address for login and billing invoices.
Billing Data: Payment details are processed securely by Stripe. We do not store your credit card numbers on our servers.
Operational Logs: We log instance creation, destruction, and state changes (Start/Stop) to calculate your bill.

4. Data We Do NOT Collect

Unlike standard Windows installations, our custom OS build has aggressive privacy modifications:

No Backdoors / OS Isolation: We do not install management agents (like Intune or Azure Arc) that would allow us to remotely view your screen or file system. Once you change your Administrator password, we physically cannot access your operating system environment, even if we wanted to.
No OS Telemetry: We have disabled the Connected User Experiences and Telemetry services.
No Ad Tracking: Advertising IDs and consumer tracking features are removed at the registry level.
No Usage Monitoring: We do not inspect the contents of your C: drive or monitor the software you run inside your workstation.

5. Data Retention

If you delete a workstation instance (or a Day Pass expires), the underlying disk is securely wiped by our infrastructure provider (Hetzner). Once deleted, data cannot be recovered.

6. GDPR Rights

As a UK/EU citizen, you have the right to request access to, correction of, or deletion of your personal data. To exercise these rights, please contact privacy@whitehirst.com.