Security at Host Little
How we protect your site, your data, and your customers' trust. Concrete practices — not marketing claims.
Encryption in transit and at rest
Every site is served over HTTPS with free SSL, auto-renewed. TLS 1.2+ only.
Customer databases and off-site backups are encrypted at rest.
Backups
Daily snapshots of every WordPress site and App Hosting database, encrypted and stored off-site.
Retention is 30 days. Restores are a support request away — we do them for you.
Magic-link sign-in. No passwords stored.
We don't store passwords for customer accounts. Sign-in uses a one-time link sent to your email.
Nothing to guess, leak, or reuse. No forgotten-password flows to phish.
Isolation and access control
Each customer's WordPress site and App Hosting services run in their own containers with their own databases.
Host Little staff access is limited to platform engineers and logged.
Where your data lives
US East and US West datacenters, fronted by Cloudflare for DDoS protection and edge caching.
We don't sell or share customer data with third parties beyond the vendors required to run the platform (Stripe for billing, Resend and Amazon SES for email delivery, Cloudflare for DNS and CDN).
Incident response
If something affects your site or data, we tell you — via email and the portal — within 72 hours of confirmation.
Status updates during active incidents are published on our status page.
Data deletion
Cancel anytime from the portal. After cancellation we retain your data for 30 days so you can restore service, then it's deleted from production.
Backups age out under the retention schedule above.
Data Processing Agreement
DPAs are available for Business and Agency plans on request.
Email us and we'll send you the current template.
What we don't claim
We don't publish a signed SLA, a SOC 2 report, or a certified uptime number. We target high availability and we alert on outage, but we won't invent a percentage we can't independently prove. If that's a blocker for your compliance program, email [email protected] and we'll tell you what we can and can't support honestly.