Security at Host Little
How we protect your site, your data, and your customers' trust. Concrete practices — not marketing claims.
Encryption in transit and at rest
Every site is served over HTTPS with free SSL, auto-renewed. TLS 1.2+ only.
Customer databases and stored secrets are encrypted at rest.
Restore support
Support-assisted recovery paths are included for hosted sites, apps, and managed databases.
Restores are a support request away — we do them with you.
Magic-link sign-in. No passwords stored.
We don't store passwords for customer accounts. Sign-in uses a one-time link sent to your email.
Nothing to guess, leak, or reuse. No forgotten-password flows to phish.
Isolation and access control
Each customer's WordPress site and App Hosting services run in their own containers with their own databases.
Host Little staff access is limited to platform engineers and logged.
Where your data lives
US East and US West datacenters, fronted by Host Little Edge for DDoS protection and edge caching.
We don't sell or share customer data with third parties beyond the vendors required to run the platform (Stripe for billing, Resend for email delivery, Cloudflare for DNS and CDN).
Incident response
If something affects your site or data, we tell you — via email and the portal — within 72 hours of confirmation.
Status updates during active incidents are published on /status and sent directly to affected customers.
Data deletion
Cancel anytime from the portal. After cancellation we retain your data for 30 days so you can restore service, then it's deleted from production.
Restore points age out under the retention schedule above.
Data Processing Agreement
DPAs are available for Growth and Agency plans on request.
Email us and we'll send you the current template.
What we don't claim
We don't publish a signed SLA, a SOC 2 report, or a certified uptime number. We target high availability and we alert on outage, but we won't invent a percentage we can't independently prove. If that's a blocker for your compliance program, email [email protected] and we'll tell you what we can and can't support honestly.