Yes, you have understood that correctly. To address this loophole in the GPL license, the Affero GPL licence has been created, which considers using the software as part of a website as being a distribution of that software.

Copyright law questions are by definition off topic, and the answers you can get here are by definition untrustworthy.

However, you are basically right: the purpose of copyright is to restrict redistributing things. The author is allowed to do it, others, by default, aren’t. Therefore, the author can’t restrict your freedom to act if you don’t redistribute anything that he has copyright on.

Note that the precise extent of what “redistributing” means (‘give’ it to your backup system? to a friend? to the employees of your company?) would have to be tested in court, like anything related to civil or criminal law, and AFAICT it hasn’t been. (For perspective: where I live, even the fundamental question of whether EULAs are legally binding or not has never been been clearly decided.)

GPL up to version 2 is distribution license, so if GPLv2 is the one used you understand that correctly. Basic idea of GPL is that you have to provide the source code to everyone that you provide with binaries. In your case you don’t provide binaries to anyone but yourself.

However, starting with GPL version 3, there are more restrictions. One of them is optional Affero clause, which closes what they call a “SaaS loophole”. GPLv3 with Affero clause is often referred to as AGPL.

Other restrictions relate to software patents (most likely not your case), tivoization (i.e. distributuion of hardware with unmodificable GPL code, so not your case either), and DRM implementation.

This is exactly the reason why for example Linux kernel is GPLv2 and will never switch to GPLv3.