The data stored on InfinityFree is GDPR compliant. InfinityFree’s community may not touch the database and they don’t touch the data too. So you may be safe with your data, even if it’s stored in a MySQL database.
[continuation from the old modified post] …the data you store on the database may not be modified by anyone but you. This is a shared hosting; the credentials are not the same as other accounts, but the hackers can’t access your Control Panel because that may violate the Terms of Service. However, I would recommend, if the password is stored as a plain text, to encrypt it with the MD5 hash method to make sure hackers cannot steal them, and for your students to have passwords that have:
InfinityFree owns the domain so I assume have access to the MySQL database i created on there.
Personally i am confident that InfinityFree will never look at my database and steal the students names i store on there. However, to be GDPR compliant i need to see a term or statement from InfinityFree specifically stating that they will not do anything with the data that is stored using their service.
I was hoping i could find that somewhere on their website
iFastNet controls the database servers, so both InfinityFree and iFastNet have basically full access to the contents of your database at any single time. But if you’re worried about that, you should get your own server and run the database on that. Whoever manages the database has access to the data in it, which is important to remember.
That said, I can make the following promises:
We will never look at the contents of your account without a good reason. A “good reason” could be to provide support or check for abuse. We respect the privacy and integrity of people’s websites.
We do not share the contents of your account with anyone else. You have access to your data and InfinityFree and iFastNet staff does. Nobody else gets access (unless the law says otherwise).
That said, am I correct to assume that you’re looking for a Data Processing Agreement, the GDPR legal document which describes what we do with the data you (the Data Controller) have collected? Because neither we nor iFastNet (they control the database servers, so their DPA largely dictates the contents of ours) has provided such an agreement.
I do believe that we process your data and the data you collect on your website website in a GDPR compliant way, I don’t have the legal documents to hand over to guarantee it.