Your questions are answered in chapter 4.11 of their privacy policy.
This is why you got flagged:
To minimize our business risk and to prevent the misuse of our services, we carry out a check based on general risk factors when new customer accounts are registered.
Our system makes a prediction about how likely it is that you will meet your contractual payment obligations and use our services responsibly. The result of this preliminary check may influence whether we enter into a contractual relationship with you. During the assessment, the data you provide as well as technical characteristics are processed. This data is compared with our previous experience and evaluated with the help of an external service provider for risk analysis.
And this is how they minimize risk of leaking your PII:
If verification is carried out by iDenfy, your data will be stored for two months.
In all other cases, the data will be deleted immediately after the verification is completed.
None of the articles in the policy are a reasonable ground for asking an identity document to prove that I can fulfill the financial obligation of… Five euros.
Hetzner is not a bank. Moreover, they cannot guarantee that the third party vendor will take great caution to protect my identity. Hetzner does not own the KYC process.
I appreciate that you pointed me to the policy, but if I cannot pay with a German credit cart, using a German ISP as a resident of Germany without uploading my identity doc then I take my business somewhere else.
They might not be a bank but there is a risk to the company if you, for example, start spreading malware or spam using their infrastructure. I assume that is the main reason why they want to properly verify your identity which in my opinion is fair enough. Anyway, other providers are available and I think the Fediverse and self-hosting in general are already too reliant on Hetzner alone.
Your questions are answered in chapter 4.11 of their privacy policy.
This is why you got flagged:
And this is how they minimize risk of leaking your PII:
None of the articles in the policy are a reasonable ground for asking an identity document to prove that I can fulfill the financial obligation of… Five euros.
Hetzner is not a bank. Moreover, they cannot guarantee that the third party vendor will take great caution to protect my identity. Hetzner does not own the KYC process.
I appreciate that you pointed me to the policy, but if I cannot pay with a German credit cart, using a German ISP as a resident of Germany without uploading my identity doc then I take my business somewhere else.
They might not be a bank but there is a risk to the company if you, for example, start spreading malware or spam using their infrastructure. I assume that is the main reason why they want to properly verify your identity which in my opinion is fair enough. Anyway, other providers are available and I think the Fediverse and self-hosting in general are already too reliant on Hetzner alone.