New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Comments
The smallest VPS is really fast.
But the control panel is a bit clumsy.
I hope the best to Seflow .
It's the best option in Italy for the price.
Thank you very much for your opinion and for taking the time to share your feedback.
Regarding the control panel, we confirm your impression. For Virtual Data Center services the new interface is already available. When you click on Virtual Data Center you are automatically redirected to the new panel.
We are gradually integrating the other services as well. The goal is to move everything into a single interface, which will be the new control panel.
I received email that those free credits are below threshold. Should I do something or not?
Hello,
The credit threshold notification can be fully customized from your Client Area under the Credit & Notifications section.
From there, you can:
• Configure the notification thresholds
• Choose the email addresses that should receive alerts
• Enable or disable credit notifications according to your preferences
If you wish to continue using SeFlow Global Cloud, please add funds to your account to replenish the available credit.
If you no longer need the service, please click the "Cancel Service" button from your Client Area. Once the cancellation request is received, we will proceed with the service termination.
Should you need any assistance with the configuration, please let us know.
Hello!
Why I have this massage?
UPDATE_VAULT_SETUP_TOKEN_ERROR: INTERNAL_SERVER_ERROR
And took three times 1$ from my card
The message you received appears to be related to the payment method verification or update process. However, we would like to clarify that it cannot be associated with any charge generated by SeFlow.
SeFlow is an Italian company and all billing operations are handled exclusively in EUR. We do not process payments in USD, nor do we have any mechanism that can automatically charge $1.00 to a customer's card.
Furthermore, the minimum amount that can be added to an account is €10.00, and every top-up must be initiated manually by the customer through the Add Funds section of the Client Area. There is no automatic recharge system that could generate a $1.00 transaction, and such a charge is not technically possible through our billing platform.
For this reason, we recommend checking the transaction details with your bank or card provider to identify the merchant responsible for the authorization. If you can provide the merchant name or additional information shown by your bank, we will be glad to review it with you.
im cofused here. do i need to complete KYC even if i dont want the promotion credit?
Like I said it takes 3 1$ charges to Seflowsrl
And I want it back please
Yes, KYC verification is required for all SeFlow Global Cloud customers, regardless of whether they wish to receive the promotional credit.
The promotional credit is optional, however identity verification is a mandatory requirement to use our services. This policy helps us prevent fraud, reduce abuse of the platform, and maintain a secure environment for all customers.
Therefore, even if you are not interested in receiving the promotional credit, you will still need to complete the KYC verification process in order to continue using the service.
If you need any assistance with the verification process, please let us know.
hello
1- Do you have test IPs per location? Looking glass doesn't seem to display them
2- I disabled the "save for future use", but I got an alert from my bank that Paypal "Merchant tried to save card for future payment" - Not cool.
3- Why is your UI 95% in english, 5% in italian?
Is this deal gone?
Hello,
Thank you for using our services.
https://www.seflow.cloud/network-test.php
Regarding the PayPal notification, we use PayPal's tokenized payment system, which is the current standard method provided directly by PayPal. This behavior is managed by PayPal itself and is not the result of a custom implementation or recent change on our side.
Regarding the language inconsistency within the client area, this appears to be an anomaly. We kindly ask you to open a support ticket so that our technical team can perform the necessary checks and, if required, apply a fix.
We remain at your disposal for any further details.
Kind regards
Happy 6-month customer here. Reliable VPS and top tier support.
I guess I'm not a person.
This follows simply registering as a client.
Needless to say, amazing experience.
Better stay away, who knows what will happen to your servers, data etc. when there's no appeal to automated systems.
"We are sorry to inform you that, based on the information received with your order, our security systems have triggered fraud prevention indicators that do not allow us to process the request.
In accordance with our internal policies, the specific indicators that were activated do not permit a manual review or override of the automated decision. As a result, we are unfortunately unable to proceed with the activation of the service.
We apologize for any inconvenience this may cause and thank you for your understanding.
We remain at your disposal for any further details."
Thank you for taking the time to share your experience. We fully understand your concerns and appreciate the opportunity to clarify how our frauds prevention process works.
Our anti fraud system is significantly more restrictive when a service includes free credit and no payment transaction is involved. In these cases, the system applies a multi level risk assessment designed to protect our infrastructure and prevent abuse.
There are three possible outcomes.
Automatic approval
If the verification process does not detect any risk indicators, the free credit is assigned automatically and the service is activated without any manual intervention.
Warning status
If the system identifies elements that require additional verification, the order is placed in a warning state. In this scenario, a manual review is possible and we may request documentation or additional information to verify the accuracy of the provided data before making a final decision.
Hard block
In a limited number of cases, the system identifies one or more high risk patterns that, under our internal security policies and applicable Italian regulations, require the request to be rejected immediately.
When this occurs, the decision cannot be overridden manually.
The detected patterns are not limited to inaccurate customer information. They may also include factors such as previous fraudulent or abusive activity associated with a specific network, device, technical fingerprint, or other security indicators. For security reasons, we cannot disclose the specific rules or indicators that triggered the decision, as doing so would compromise the effectiveness of our fraud prevention systems.
We also fully understand and respect every customer's desire to protect their privacy.
However, we would like to point out that, under Italian law, the purchase of online services requires that all personal information provided during registration is accurate and truthful. Furthermore, the address and identity information associated with the order must be valid and verifiable.
For this reason, we are required to accept only orders containing genuine personal information. This is not only an internal company policy, but also a legal and regulatory obligation that we must comply with when providing our services.
We appreciate your understanding and thank you for your interest in our services.
Kind regards
@seflow I provided accurate, truthful, valid and verifiable personal information.
There was no will to verify said information.
Your business, your rules, but don't be surprised if people aren't happy when the communication is:
Hello,
Thank you for your feedback.
In your specific case, I would like to clarify that the trigger which placed your order into the blocked state was not related to your personal information. Based on our review, the personal details you provided appear to be consistent.
We understand that this process can be frustrating, especially for users who place a high value on privacy.
However, for free accounts it is essential for us to keep the risk of fraud as close to zero as possible. Our priority is to provide the highest possible level of service to our legitimate customers.
To achieve this, we must ensure that our IP address ranges remain clean and are not associated with fraudulent users, abusive activities, or connections originating from sources such as public VPNs or other IP addresses with a history of malicious or unlawful behavior.
Our customers rely on us to provide a trustworthy platform and high quality network resources. Protecting the reputation of our infrastructure is therefore a higher priority than maximizing the number of new accounts.
We fully appreciate that this approach may make it more difficult, or in some cases impossible, for users who prefer to use false identity information or public VPN services for privacy reasons. Nevertheless, preserving the integrity of our network and ensuring the best possible experience for our existing and future customers will always take precedence over increasing the total number of users.
I am fairly sure this is illegal unless you are certified to handle such documents.
Hello @William ,
Yes, we are fully authorized to perform identity verification for our services.
We have a dedicated Anti Fraud and Identity Verification team responsible for handling identity checks in compliance with applicable laws and data protection regulations.
Our company also provides services such as certified email (PEC), electronic signatures, certified platform, etc. (we offert various trusted services) and other regulated services that require strict identity verification procedures. For this reason, our staff operates under documented procedures and regulatory requirements governing the processing and verification of identity documents.
As previously stated, any identity documents submitted solely for verification purposes are permanently deleted from our systems once the verification process has been successfully completed, in accordance with our data retention policies.
We take both security and user privacy very seriously.
You're right, it's illegal. But it doesn't matter if they are certified or not. It needs to be required by law, thus legal obligation or they need to ask for consent. I doubt there is such a law that specifically requires a "selfie holding a valid identity document".
Also, imagine the arrogance of their "Cookie Policy", listing a pixel tracker as "necessary" as we all know "The website cannot function properly without these cookies."
I meant more like the picture of the ID is specially protected, not just by GDPR, there is a reason identity verify services are extremely scrutinised.
Holding it up is now not that strange overall and legal as its not like you HAVE to, you WANT a service so you follow their terms.
Seflow operates under GDPR so that's why I was more specific. No matter how scrutinized they are those services are often breached and data leaks anyway.
As to GDPR, like I said I doubt the law requires a selfie holding an identity document. For example, if the law requires just some specific textual info this would fail the minimisation principle.
Things do not work that way under GDPR. What in essence is a "blackmail", that is "either give us your data or we refuse to provide you the service" clearly fails the consent requirement as "consent" given under such terms is not valid consent.
SeFlow requests identity verification only in a limited number of cases where our fraud prevention systems identify an order as high risk. This is not a standard requirement for every customer.
Our verification process is based on our legitimate interest in preventing fraud, abuse of our infrastructure and damage to other customers, in accordance with Article 6(1)(f) GDPR. We collect only the information necessary to complete that verification and protect it under strict security procedures.
SeFlow is part of the Aruba Group, which operates regulated trust services including Certified Email (PEC), electronic signatures and digital identity solutions. Identity verification and secure handling of personal data are therefore core competencies within our organization.
We fully understand the GDPR principles of necessity and data minimisation. For this reason, identity verification is requested only when justified by the risk profile of the order, not as a blanket requirement for all customers.
In this thread you make it sound like you are processing this based on Article 6(1)(c), legal obligation. Now that this is settled Article 6(1)(f), legitimate interest, will not do. You also need to meet one of the conditions of Article 9(2) since selfies are biometric data, that is special categories of data.
Only thing under Article 9(2) that remotely makes sense is consent. But as is explained in my previous post, you don't collect valid consent. What you need to do in this case is provide an alternative, less intrusive method for people who do not consent to such processing.
Catch 22. This is considered high risk processing. Even if we assume you collect valid consent and provide an alternative method, this would still not be enough. You would have to demonstrate that this approach is the least intrusive method to acheive your goal, otherwise this will fail necessity and proportionality principle.
This is a clear violation of GDPR Article 22. Users have the right not to be subjected solely to automated decision making. They have the right to dispute this and you are required to provide meaningful human review and also meaningful explanation of logic used behind those decisons.
Don't think so... among other things.
Thank you for your feedback.
We appreciate the discussion. However, we respectfully disagree with several of your conclusions.
Our fraud prevention procedures have been designed together with our legal and compliance functions and are based on applicable Italian and European data protection law. Identity verification is requested only in a limited number of cases where our fraud detection systems identify a materially elevated risk. It is not a standard requirement for every customer.
Regarding the submitted photograph, our process is intended to perform a manual verification that the applicant matches the identity document provided. We do not use submitted photographs to perform automated facial recognition or to create biometric templates.
As for Article 22 GDPR, we do not consider our fraud prevention framework to constitute unlawful solely automated decision making as interpreted in your post.
We understand that different legal interpretations exist. Should a competent supervisory authority or court provide guidance requiring changes to our procedures, we will of course comply, as we always do.
Our objective remains the same. Protecting our infrastructure, our customers and legitimate users from fraud while complying with applicable law.
Art 22 has 4 paragraphs and you didn't read the second one 😂
I didn't even say it is in my post.
I also didn't say you do that.
Regarding Article 22. I have clearly referenced your statements where you explicitly admitted it by saying "When this occurs, the decision cannot be overridden manually."
I did read it. It's not enough just to read it but you need to know how to interpret it properly. Example, when you go to a private clinic and you order screening to see if you have inherited some genetic desease, clearly processing of special categories of data is necessary in this case as it can't be done without it. That's what "necessary" means. It does't mean "we put in in the contract because we feel we need this" or whatever other excuse you can come up with.
On the other hand for the provisioning of a VPS server biometric data is clearly not necessary.
that is why it is not required, and only used as an anti-fraud/KYC measure... you know, complying KYC/AML laws is also a requirement, and if the automatic system flags your account as potentially fraudulent, they do have a legal requirement to verify you are who you say you are
selfies are not new either, first time someone asked me for a selfie ID was OVH over a decade ago...
Those might be separate issues. You pointed to Article 22(2)(a) so I gave examples what necessary means in this context.
The issue with seflow and article 22. is with the "hard block" where "system identifies one or more high risk patterns" and "When this occurs, the decision cannot be overridden manually." It's clearly an automated decision without the possiblity of a meaningful review where the individual is denied service.
I think I explained this pretty well that it needs proper consent, etc., among other things.
If it's a legal requirement seflow needs to specify Article 6(1)(c) as a legal basis. But they specified Article 6(1)(f). For biometric data like selfies article 9(2) also applies and both legal basis from article 6 and an exception from article 9 is required at the same time.