Privacy Policy
Version 2026-07-09
1. Who is responsible (controller)
Operator: [legal name] · [postal address] · [contact email]. This block must be completed by the operator before production launch; everything below describes what the RollerHoster software actually does.
2. What we store and why
| Data | Purpose | Legal basis (GDPR Art. 6(1)) |
|---|---|---|
| Username, email, password hash (argon2id) or Google account id | Your account and sign-in | (b) contract |
| TOS/privacy acceptance (timestamp, policy version, method) | Proving your agreement | (c) legal obligation / (f) legitimate interest |
| Session records incl. IP address and browser user-agent | Keeping you signed in; abuse prevention | (b) contract, (f) legitimate interest |
| Server configuration, team memberships, activity feed entries | Operating your game servers | (b) contract |
| Payment transactions and credit ledger | Billing; tax and accounting law | (b) contract, (c) legal obligation |
| Support tickets | Helping you | (b) contract |
| Administrative audit entries incl. the acting admin's IP | Security and accountability of privileged actions | (f) legitimate interest |
| Optional: your linked Hytale account (account/profile UUID, username, an encrypted refresh token) | Authenticating your server against Hytale under your own account | (b) contract — only if you link it |
| Waitlist email (pre-launch signup) | One launch notification | (a) consent |
Passwords are never stored in plaintext. Hytale tokens and server credentials are encrypted at rest. We do not use advertising trackers or analytics cookies; the dashboard keeps your session token in your browser's localStorage only.
3. How long we keep it
| Data | Retention |
|---|---|
| Account data | Until you delete your account |
| Sign-in sessions | Expire automatically (30 days of inactivity by default) and are removed at expiry or logout |
| Activity and admin audit entries | 90 days, then deleted automatically |
| Server performance metrics | Raw: ~25 hours · hourly rollups: 60 days · alerts: 30 days |
| Payment transactions | Kept for statutory accounting periods; on account deletion they are irreversibly de-identified (your user id is replaced by a keyed one-way reference that cannot be recomputed without the operator's secret key) |
| Backups of your servers | Rotated by your keep-count. Deleting a backup or the server immediately triggers deletion of the archive and its off-site copy; if a storage node is unreachable at that moment, the failure is logged and the operator removes the remaining copy as soon as possible |
| Support tickets | Deleted with your account |
| Waitlist email | Until you request removal (see §6) or delete an account registered with the same email |
4. Who receives data (processors and recipients)
- Stripe — payment processing. Receives your email and payment details you enter on Stripe's pages; we never see card numbers.
- Our email delivery provider (SMTP) — receives your email address to deliver verification, recovery and billing messages.
- Cloudflare — DNS for your server's subdomain (no account data, the subdomain only).
- Google — only if you sign in with Google (we receive your Google id, email and name; Google learns you signed in here).
- Hytale / its authentication service — only if you link your Hytale account or run an authenticated server.
- Backup storage host — encrypted-in-transit off-site copies of your server backups, deleted together with the originals.
The operator must list the concrete SMTP and backup-host providers (and their locations / transfer safeguards, e.g. SCCs for non-EEA providers) here.
5. Your game servers and other people's data
Worlds, logs and backups of your server can contain personal data of the players who join it (names, UUIDs, chat). For that data you are the controller and we act as your processor: we store and back it up on your instructions and delete it with your server. See the Terms of Service for the processing terms.
6. Your rights
- Access & portability (Art. 15, 20): Account → "Export my data" downloads everything we hold about you as JSON, with credentials redacted.
- Erasure (Art. 17): Account → "Delete account". Servers must be deleted first (their backups, including off-site copies, go with them); a linked Hytale account is unlinked and its grant revoked at Hytale; transactions are retained de-identified where accounting law requires.
- Rectification (Art. 16): email and password can be changed in Account settings; contact the operator for anything else.
- Waitlist removal:
POST /api/waitlist/remove {"email": "[email protected]"}, or email the operator. - Objection / restriction (Art. 18, 21) and complaints: contact the operator; you may also complain to your local supervisory authority.
7. Changes
Material changes bump the version date above and are announced on the dashboard before they take effect.