Privacy Policy
Effective date: 2026-06-07 · Applies to: mc.lnk24.co
1. Who we are
Minecraft Platform is operated by [Company Name — configure in Admin → Settings → Legal], located at [Company Address — configure in Admin → Settings → Legal].
As the operator of this platform (“we”, “us”, “our”), we are the data controller responsible for your personal information under the GDPR, UK GDPR, and equivalent regulations.
2. Information we collect
2.1 Account information
When you register or use an admin account we collect: your email address, a hashed password (never stored in plain text), your IP address at login, and role information. We do not collect payment information directly.
2.2 Usage data
When you use the platform or visit public server pages, we may collect: browser type, device type, referring URL, pages visited, timestamps, and server interaction events (e.g. voting, joining). This may be collected via analytics cookies if you consent.
2.3 Technical data
Server logs retain IP addresses for a limited time to detect abuse, manage rate limits, and diagnose errors. This is a legitimate interest under GDPR Article 6(1)(f).
2.4 Cookies and tracking
We use cookies as described in our Cookie Policy. We only set non-essential cookies after you give explicit consent via the cookie banner.
3. How we use your information
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide and secure admin account access | Contract / Legitimate interest |
| Send password-reset and security emails | Contract |
| Detect and prevent abuse, fraud, attacks | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Analyse usage to improve the platform (if consented) | Consent |
| Marketing and promotions (if consented) | Consent |
We do not use your personal information for automated individual decision-making or profiling that produces legal or similarly significant effects.
4. Sharing your information
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
We may share data with:
- Infrastructure providers (e.g. VPS hosts, database services) acting as processors under a data processing agreement.
- Analytics providers (only when you consent to analytics cookies).
- Law enforcement or regulators when legally required to do so.
Any third-party processors are required by contract to handle your data in accordance with GDPR standards.
5. Data retention
| Data type | Retention period |
|---|---|
| Account credentials | Until account deletion + 30 days |
| Server logs / IP addresses | 30 days |
| Cookie consent records | 12 months |
| Audit logs | 12 months |
After the retention period expires, data is securely deleted or anonymised.
6. Your rights
6.1 GDPR rights (EEA / UK)
If you are located in the European Economic Area or the United Kingdom, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure (“right to be forgotten”) — request deletion of your data where there is no legal ground for retention.
- Restriction — ask us to limit processing in certain circumstances.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise these rights, contact us at [privacy@example.com — configure in Admin → Settings → Legal]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
6.2 CCPA rights (California)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA / CPRA):
- Right to Know — request disclosure of the categories and specific pieces of personal information collected, used, disclosed, or sold about you in the past 12 months.
- Right to Delete — request deletion of your personal information, subject to certain exceptions.
- Right to Correct — request correction of inaccurate personal information.
- Right to Opt-Out — opt out of the “sale” or “sharing” of your personal information. We do not sell personal information. We do not share personal information with third parties for cross-context behavioural advertising unless you consent to marketing cookies.
- Right to Limit Use of Sensitive Personal Information — we collect only email address and hashed passwords, which are not used beyond the purposes for which they were provided.
- Right to Non-Discrimination — you will not receive discriminatory treatment for exercising your privacy rights.
To submit a CCPA request, contact [privacy@example.com — configure in Admin → Settings → Legal]. We will verify your identity and respond within 45 days (extendable by 45 days where reasonably necessary).
7. Security (SOC 2 alignment)
We implement administrative, technical, and physical safeguards to protect your information, aligned with SOC 2 Trust Service Criteria:
- Passwords are hashed using Argon2id with a per-user salt.
- All traffic is encrypted in transit using TLS 1.2+ via automatic HTTPS.
- Session tokens are cryptographically random and stored server-side.
- Multi-factor authentication (TOTP) is available and can be required by administrators.
- Database access is restricted; credentials are never exposed in client code or logs.
- API rate limiting and intrusion detection are applied to all endpoints.
- Audit logs record all privileged actions with timestamps and actor identity.
While we take all reasonable steps to protect your data, no system is 100% secure. Please use a strong, unique password and enable MFA.
8. International transfers
If your data is transferred outside the EEA or UK (for example, to infrastructure hosted in the United States), we ensure an adequate level of protection via Standard Contractual Clauses (SCCs) or equivalent safeguards recognised by the relevant supervisory authority.
9. Children's privacy
This platform is not directed to children under 13 (or 16 in EEA countries where the Member State has raised the digital consent age). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us immediately and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced via a banner on the platform or email notification to registered users. The “effective date” at the top of this page will be updated accordingly. Continued use of the platform after changes constitutes acceptance of the revised policy.
11. Contact
For privacy-related enquiries, rights requests, or complaints:
- Email: [privacy@example.com — configure in Admin → Settings → Legal]
- General contact: [contact@example.com — configure in Admin → Settings → Legal]
- Post: [Company Name — configure in Admin → Settings → Legal], [Company Address — configure in Admin → Settings → Legal]