Some links on this page are affiliate links. If you buy, we may earn a commission — at no extra cost to you.
Home / Privacy Policy
How tuto.digital collects, uses and protects your information — written in plain language. No legalese, no surprises.
tuto.digital · EditorialEffective June 11, 2026~6 min read
This policy describes what data we collect, why, and what control you have over it. tuto.digital is operated from the Turkish Republic of Northern Cyprus (TRNC) and runs with strictly necessary cookies only — no analytics cookies, no third-party trackers, no ad networks. We follow GDPR (EU) and CCPA (California) as our minimum bar for readers everywhere.
If you don’t read another section, read this one:
We use the data above for these specific purposes, and no others:
When you click a link to a merchant (Hostinger, NordVPN, etc.), three things happen:
?ref=tutodigital) appended.The affiliate cookie is set by the merchant, not by us. It costs you nothing — the commission comes from the merchant’s marketing budget, not from a markup on your purchase.
If you’d rather purchase without us being credited, type the merchant’s name into a new browser tab instead of clicking our link. No data leaves our site in that case.
tuto.digital sets only strictly necessary cookies — the kind that don’t require consent under GDPR/ePrivacy. There is no consent banner because we have nothing to ask consent for.
That’s the entire list. We do not set:
If you block all cookies in your browser, the only thing you lose is your saved language and theme preference — the site still works.
We share data only with the processors below, each bound by a Data Processing Agreement (DPA):
We do not sell your data. We do not share data with advertisers, data brokers, or any third party outside this list. We do not use Google Analytics or any equivalent.
tuto.digital is operated from the Turkish Republic of Northern Cyprus (TRNC). Your data is stored on WPX Hosting infrastructure in the United Kingdom, which the European Commission has recognised as offering an adequate level of data protection (Decision 2021/1772). Cloudflare processes request metadata in the United States under the EU–US Data Privacy Framework (Decision 2023/1795). Affiliate networks (Impact, ShareASale, CJ) operate under Standard Contractual Clauses (2021/914 module 2) where they are not yet DPF-certified. No transfers occur to any country without an adequacy decision or supplementary safeguards.
Regardless of where you live, you have these rights:
To exercise any of these, use the contact form. We respond within 30 days, free of charge.
tuto.digital is intended for adult readers (16+). We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it immediately.
We may update this policy occasionally — for example, when changing a hosting provider or adding a merchant partner. If we ever introduce a new analytics or tracking tool, this policy will say so before it goes live, and we will publish a notice at the top of the homepage for 30 days.
The version history is published transparently — write to us if you’d like to see a previous version.
Reach us via the contact page — a human responds within 48 hours. For formal GDPR/CCPA requests, expect a 30-day legal response window.
Beyond the editorial site, we offer Tuto Apps — tools that set up self-hosted software inside your own cloud account (e.g. DigitalOcean). The first is Tuto VPN; more will follow (hosting, mail and other self-hosted services), and this same section covers all of them, because they share one privacy model — unusual, and in your favor.
The core idea: it’s your server, not ours.
When you deploy anything with a Tuto App, the server is created in your cloud account, billed to you by your provider, and controlled by you. We are not in the data path. Whatever runs on that server — a VPN, a website, a mail service — its traffic and its content flow between your devices and your server, never through Tuto’s infrastructure.
What we store:
What we never see or store:
What your cloud provider sees: your relationship with DigitalOcean (or another provider) is governed by their privacy policy — they bill you, they see their own infrastructure logs. That was true before Tuto and stays true with it.
Data deletion: removing a server deletes its metadata from our records. Revoking the OAuth token and deleting your servers leaves us with nothing that identifies you.