RavenousMC
Deploy

Privacy Policy

Effective 2026-01-01

This policy explains what data RavenousMC collects, how we use it, and your rights regarding it. We try to collect as little as possible.

What we collect

Account data

  • Email address — for sign-in and billing notifications.
  • Name + billing address — required by Stripe for tax calculation and invoice issuance.
  • Timezone — auto-detected from your browser so scheduled backups run at the right local time.
  • IP address + user agent — logged with each sign-in for fraud detection; retained 90 days.

Server data

  • World files, plugins, mods, configs, and player data you upload to your servers. We treat this as YOUR data; we do not read it, mine it, or share it.
  • Server metrics (CPU, RAM, network, player count, TPS) collected for the dashboard. Stored 30 days then automatically pruned.
  • Backup archives, encrypted at rest, retained per your plan's retention setting.

Payment data

Stripe processes all payments. We never see your card number — Stripe sends us only a customer reference and invoice details. Stripe's own privacy policy applies to that processing.

How we use your data

  • Operate the service: provision servers, charge for them, send billing emails.
  • Detect abuse: rate-limit sign-ins, flag suspicious activity.
  • Improve the product: aggregate, anonymised usage stats. We never sell or share individually identifiable data.

How we share your data

We share data only with:

  • Stripe — for payment processing and tax calculation.
  • Cloudflare — DNS, DDoS protection, and CDN for the marketing site.
  • Mojang/Microsoft — when your server authenticates connecting players (Mojang receives the player's UUID, not your account data).
  • Law enforcement — only when required by valid legal process. We will challenge overbroad requests.

We do not sell your data. We do not run ad targeting on it.

Retention

  • Account: until you delete it. Soft-deleted accounts retain billing history for tax/audit purposes.
  • Sign-in logs: 90 days.
  • Server metrics: 30 days, then pruned.
  • Backup archives: per your plan's retention; deleted when you cancel the server.
  • Invoices: 7 years (US tax law requirement).

Your rights

  • Access: request a copy of the data we hold about you.
  • Correction: edit any profile field from the panel; contact us for anything else.
  • Deletion: delete your account from the panel. Billing records may be retained per the above.
  • Portability: download your world data + backups at any time from the panel.

Email [email protected] to exercise any of these.

Security

Sessions use signed cookies with SameSite=Strict. Passwords use passwordless magic-code email (no password to leak). Stored secrets (RCON passwords, API tokens) are encrypted at rest with AES-256-GCM. TOTP two-factor authentication available for every account.

International data transfers

Our servers are located in the United States. By using the service you consent to your data being processed in the US.

Changes to this policy

Updates will be announced via email at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

Contact

Privacy questions: [email protected].