Skip to content
Legal

Privacy Policy

Last updated:

What we store

  • Your email address (for the account, sign-in links, and transactional email).
  • Stripe customer ID and payment-intent IDs — never card details.
  • Order history, server config (game, region, slots, server name), and an audit log of provisioning + admin actions on each order.
  • Server VM IP addresses and the dashboard tokens that grant access to the per-server controls.

What we don't store

  • Card numbers — payment is processed entirely by Stripe.
  • In-game chat, logs, or player-side data. The game server's world disk is yours alone for the rental window; on hibernate we snapshot the disk verbatim and on rental end we delete the VM and (after the recovery-snapshot retention window) delete the snapshot too.
  • Behavioral profiling, ad-network identifiers across sites, cross-site retargeting cookies, or social-media trackers. The two analytics products we DO use are listed under Sub-processors below — both are scoped narrowly to first-party measurement (conversion attribution + on-site session insights), not external profiling.

Sub-processors

We rely on these third parties to deliver the service. They each have their own privacy practices linked below; data shared is the minimum needed for the listed function.

  • Stripe — payments, refunds, and the customer billing portal. Stripe receives your email + payment details directly.
  • Resend — transactional email (sign-in links, credentials, hibernate notices, refund confirmations).
  • Hetzner Cloud — the game-server VM itself, located in the region you select at checkout (US East Ashburn or EU Helsinki today).
  • Cloudflare — DNS, edge proxy / WAF, and aggregate RUM telemetry on page-load timing. No personal data beyond IP address (used for routing + abuse prevention) is shared.
  • Google Ads(since iter 173) — conversion tracking only, via the gtag.js loader on every page. When you complete a paid order, your browser fires a single conversion event to Google Ads with a transaction-id (the order id) and the order amount. No browsing history, no cross-site profile, no retargeting cookie. The Click ID (gclid) from a Google Ads click is stored on the matching Order row so we can run offline conversion uploads (see Google's privacy practices).
  • Microsoft Clarity(since iter 209) — on-site session insights: anonymized session recordings, click heatmaps, and scroll-depth aggregates we use to find friction in the checkout funnel. Form inputs are masked by default (we never see what you type into the password field, the configure form's server name, etc.). Sessions are retained by Clarity for ~13 months and Clarity respects Do-Not-Track headers — visitors with DNT enabled aren't recorded. See Microsoft's privacy statement.

Web servers, application logic, and the order database run on infrastructure we operate directly — not on a third-party PaaS.

How long we keep things

  • Active orders: for the duration of the rental.
  • Expired orders + snapshots: the order row is retained as part of our financial audit trail; the VM snapshot is kept for 90 days post-expiry so you can restore, then deleted.
  • Account email: retained until you request deletion (see below).
  • Audit / Event logs: retained indefinitely for security and incident review.

Your rights

Depending on your jurisdiction (GDPR for EU residents, CCPA for California, plus comparable laws elsewhere), you have rights to access, correct, port, or delete your personal data. To exercise them:

What happens on account deletion

When you request deletion:

  • Active rentals are cancelled and their VMs destroyed.
  • Personal data (email, name, Stripe customer reference) is removed from your User row.
  • Past order records required by financial-audit and tax law are retained pseudonymously — the email field is replaced with a one-way hash so the order history is preserved without identifying you.
  • Stripe charge records are governed by Stripe's retention policy and we can't delete those on their side; you can request deletion directly via the Stripe Customer Portal.

Contact

Questions or concerns about this policy: contact us or email [email protected].