Contacts & Access

Confidential Information

This page contains sensitive contact information. Access should be restricted to authorised personnel only. Do not commit actual passwords or API keys to git.

Key Personnel

Management

Director: - Name: Matthew Dinsdale - Role: Director and person with significant control - Contact: admin@mdhosting.co.uk

Infrastructure Providers

Hetzner Online GmbH

Primary Hosting Provider: - Service: Server hosting and infrastructure - Location: Germany (multiple datacentres) - Website: https://www.hetzner.com - Customer Portal: https://console.hetzner.cloud

Contact: - Support: Via customer portal - Emergency: 24/7 support available - Account Details: [Stored securely in password manager]

Servers Hosted: - eu1.cp (CPX31) - Primary hosting server - ns1.mdhosting.co.uk (CX22) - Primary DNS - ns2.mdhosting.co.uk (CX22) - Secondary DNS

Documentation: - Hetzner Cloud API: https://docs.hetzner.cloud/ - Status Page: https://status.hetzner.com/

Data Processing Agreement

Hetzner DPA: - Standard DPA in place for GDPR compliance - Location: EU (Germany) - Data processing records: [Internal documentation]

Service Providers

cPanel/WHM

Control Panel License: - Provider: cPanel, LLC - License Type: cPanel Pro (3 servers) - Website: https://cpanel.net - Support: Via cPanel support portal

License Details: - eu1.cp: cPanel Pro license - ns1/ns2: cPanel DNS Only licenses - Total cost: £40/month (£480/year)

Migration Note: - Planned migration to ApisCP in Q2-Q3 2025 - Will eliminate licensing costs

Domain Registrars

Primary Registrar: - Name: internet.bs (Internet.bs Corp.) - Website: https://www.internet.bs - Services: Domain registration and management - Account: [Account details stored securely] - Support: Via support ticket system

DNS Management: - Hosted on our own DNS servers (ns1/ns2.mdhosting.co.uk) - Nameserver updates managed via internet.bs portal - Domain transfers and renewals through registrar

Payment Processing

Primary Processor - Stripe: - Name: Stripe, Inc. - Website: https://stripe.com - Integration: Via client portal - Security: PCI-DSS Level 1 compliant - Dashboard: https://dashboard.stripe.com - Support: https://support.stripe.com - Status: Active (primary payment method)

Alternative Processor - PayPal: - Name: PayPal Holdings, Inc. - Website: https://www.paypal.com - Integration: Via client portal - Security: PCI-DSS compliant - Status: Active (optional alternative)

Discontinued - GoCardless: - Name: GoCardless Ltd. - Service: Direct Debit processing - Status: Discontinued - no longer in use - Note: All integrations removed from client portal

Payment Data

MDHosting does not store payment card details. All payment processing is handled by Stripe and PayPal as independent PCI-DSS compliant processors.

Blesta Billing Platform

Billing and Client Management: - Provider: Blesta LLC - Website: https://www.blesta.com - Service: Billing automation, client portal, service provisioning - Client Portal: https://mdhosting.co.uk/billing - Location: USA

Features: - Automated recurring billing and invoicing - Client account management - Support ticket system - Payment gateway integration (Stripe, PayPal) - Service provisioning and automation - Multi-currency support

PCI Compliance: - Card tokenization via payment gateways - No raw card data stored in Blesta - Bypasses PCI DSS Level 1 requirements - All card processing handled by Stripe/PayPal

Card Obfuscation: - Customer card details displayed as obfuscated tokens (e.g., •••• •••• •••• 1234) - Only payment gateway tokens stored for recurring billing - Full card numbers never stored in Blesta database - Reduces PCI compliance scope significantly

Data Processing: - Client account information - Billing and invoice records - Service configuration and provisioning data - Support ticket communications

Regulatory Authorities

Information Commissioner's Office (ICO)

UK Data Protection Authority:

Contact Details: Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Phone: 0303 123 1113
Website: https://ico.org.uk
Report Breach: https://ico.org.uk/for-organisations/report-a-breach/

Our Registration: - Registration Number: ZB044018 - Renewal: Annual (check renewal date) - Certificate: Available via ICO website

Companies House

Company Registration Authority: - Website: https://www.gov.uk/government/organisations/companies-house - Our Company: https://find-and-update.company-information.service.gov.uk/company/09796097 - Filing: Annual confirmation statement and accounts

Technical Contacts

Server Access

SSH Access: - Authentication: SSH key only (passwords disabled) - Keys: [Stored securely - never commit to git] - Ports: Non-standard ports (security) - IP Whitelist: [Configured per server]

cPanel/WHM Access: - URLs: Via server hostnames - Credentials: [Stored in password manager] - Two-Factor: [Recommended - to be enabled]

DNS Management

Primary DNS: - Server: ns1.mdhosting.co.uk - Management: Via cPanel DNS interface - Access: Root/WHM access required

Secondary DNS: - Server: ns2.mdhosting.co.uk - Configuration: Synchronised from primary - Fallback: Automatic if primary fails

Future (PowerDNS): - Hidden master architecture planned - API-driven management - DNSSEC support - Target: Q2 2025

Monitoring and Alerts

Current Monitoring: - cPanel server status monitoring - Manual monitoring and checks - Client reports of issues

Planned (Wazuh SIEM): - Automated security monitoring - Real-time alerting - Log aggregation and analysis - Target deployment: Q1 2025

Alert Contacts: - Email: admin@mdhosting.co.uk - SMS: [To be configured] - Dashboard: [Wazuh dashboard when deployed]

Emergency Procedures

Incident Response Team

Primary Contact: - Matthew Dinsdale (Director) - Email: admin@mdhosting.co.uk

Escalation: 1. Check support ticket system 2. Email admin@mdhosting.co.uk (priority support) 3. Emergency: Email marked URGENT

Service Outages

Hetzner Issues: 1. Check Hetzner status page: https://status.hetzner.com/ 2. Log into Hetzner console 3. Contact Hetzner support if needed 4. Notify affected clients

cPanel Issues: 1. Check cPanel status: https://status.cpanel.net/ 2. Review server logs 3. Contact cPanel support if needed 4. Consider temporary workarounds

Security Incidents: 1. Follow incident response procedures 2. Isolate affected systems if needed 3. Preserve evidence and logs 4. Notify ICO if data breach (within 72 hours) 5. Document all actions taken

See Incident Response for detailed procedures.

Data Breach Notification

ICO Contact: - Report via: https://ico.org.uk/for-organisations/report-a-breach/ - Phone: 0303 123 1113 - Timeline: Within 72 hours of discovery

Client Notification: - Direct communication to affected clients - Email templates: [To be prepared] - Follow GDPR notification requirements

See GDPR Compliance for breach procedures.

Client Communication

Support Channels

Primary: - Email: admin@mdhosting.co.uk (24/7 monitored) - Ticket System: https://mdhosting.co.uk/billing (client portal)

Response Times: - Critical: <1 hour - High Priority: <4 hours - Standard: <24 hours (business days)

Client Portal

Access: - URL: https://mdhosting.co.uk/billing - Features: Account management, billing, support tickets - Authentication: Username/password (client-specific)

Vendor Management

Active Vendors

Vendor	Service	Contact Method	Priority
Hetzner	Infrastructure hosting	Customer portal	Critical
cPanel	Control panel licenses	Support portal	High
Blesta	Billing/client portal	Support portal	High
Stripe	Payment processing (primary)	Dashboard/support	High
PayPal	Payment processing (alt)	Dashboard/support	Medium
internet.bs	Domain registration	Support tickets	Medium
Let's Encrypt	SSL certificates	Automated	Low

Vendor Review Schedule

Quarterly Review: - Cost analysis - Service quality assessment - Contract renewal dates - Alternative vendor research

Annual Review: - Complete vendor assessment - Contract negotiations - Cost optimisation opportunities - Service level agreement review

Security Information

Password Management

Never Commit Passwords

Passwords, API keys, and access credentials must NEVER be committed to git repositories. Use secure password managers only.

Password Storage: - Chrome Password Manager: Primary storage for web credentials - iOS/iCloud Keychain: Mobile and macOS credential sync - Access: Restricted to authorised personnel only - Backup: Automatic sync via Google/Apple cloud services

Internal Credentials Stored: - Server root passwords - cPanel/WHM access credentials - Hetzner Cloud console access - Domain registrar (internet.bs) login - Payment processor (Stripe, PayPal) dashboard access - DNS management credentials

Client Password Policy:

Client Access Security

We NEVER store client passwords. When access to client accounts is required:

Before Work: Change password to temporary secure password
During Work: Use temporary password for necessary access
After Work: Force password reset via client panel
Client Action: Client sets their own new password

This ensures we never have long-term access to client accounts and maintains security best practices.

API Keys and Tokens

Hetzner Cloud API: - Token: [Stored securely] - Permissions: [Scope documented] - Rotation: [Schedule to be defined]

cPanel API: - Tokens: [Generated per use] - Permissions: Limited scope - Rotation: Regular rotation recommended

Two-Factor Authentication

Enabled On: - [To be configured across services]

Backup Codes: - [Stored securely in password manager]

Documentation Maintenance

Review Schedule: - Monthly: Contact details verification - Quarterly: Vendor information update - Annually: Complete contact audit

Update Process: 1. Verify all contact information current 2. Test emergency contact procedures 3. Update vendor contracts and terms 4. Review and update escalation procedures 5. Ensure secure credential storage

Last Reviewed: January 2025 Next Review: April 2025

Related Documentation: - GDPR Compliance - Incident Response - Security Overview - Infrastructure Overview

This document contains sensitive information and should be kept confidential.