Privacy Policy

Last updated: January 1, 2025

1. Introduction

VaultForge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our game server hosting services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Email address, password (hashed), account creation date
  • Billing Information: Payment details processed through Stripe (we do not store credit card information)
  • Server Configuration: Server names, game preferences, mod selections
  • Communication Data: Support tickets, emails, and other communications

2.2 Technical Information

We automatically collect certain technical information:

  • Usage Data: Server usage statistics, connection logs, performance metrics
  • Device Information: IP address, browser type, operating system
  • Cookies and Tracking: Session cookies, analytics cookies (with consent)

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Provision: To provide and maintain our hosting services
  • Account Management: To manage your account and provide customer support
  • Billing: To process payments and manage subscriptions
  • Communication: To send service updates, support responses, and important notices
  • Security: To protect against fraud, abuse, and security threats
  • Improvement: To analyze usage patterns and improve our services
  • Legal Compliance: To comply with applicable laws and regulations

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interests: Security, fraud prevention, service improvement
  • Consent: Marketing communications, analytics cookies
  • Legal Obligation: Compliance with applicable laws

5. Information Sharing and Disclosure

5.1 Third-Party Services

We share information with the following third-party services:

  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • SendGrid: Email delivery services (subject to SendGrid's privacy policy)
  • Hetzner Cloud: Server infrastructure (subject to Hetzner's privacy policy)
  • Uptime Kuma: Server monitoring services

5.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal processes or government requests
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users
  • Investigate fraud or security issues

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Audits: Security assessments and vulnerability testing
  • Incident Response: Procedures for handling security breaches
  • Staff Training: Regular privacy and security training for employees

7. Data Retention

We retain your personal information for the following periods:

  • Account Data: Until account deletion or 3 years of inactivity
  • Billing Records: 7 years for tax and accounting purposes
  • Server Logs: 90 days for security and troubleshooting
  • Support Communications: 3 years for service improvement
  • Analytics Data: 26 months (anonymized after 14 months)

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision Making: Human review of automated decisions

To exercise these rights, contact us at [email protected]

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with third-party processors
  • Adequacy decisions by the European Commission
  • Certification schemes and codes of conduct

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Required for basic website functionality
  • Analytics Cookies: Help us understand website usage (with consent)
  • Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through our cookie banner or browser settings. See our Cookie Policy for more details.

11. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Sending an email to your registered email address
  • Posting a notice on our website
  • Updating the "Last updated" date at the top of this policy

Your continued use of our services after such changes constitutes acceptance of the updated policy.

13. Data Protection Officer

For privacy-related inquiries, you can contact our Data Protection Officer at:

14. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

15. Contact Information

If you have any questions about this Privacy Policy, please contact us at: