Privacy Policy

1. Introduction

Sapling IT Solutions Limited (trading as "Minerack", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our free Minecraft server hosting services.

This policy applies to all users of our services, regardless of how you access them. By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

Our Commitment

We are committed to transparency about how we collect and use your data, and we will always comply with applicable data protection laws, including UK GDPR and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our services, we may collect:

Account Information: Username, email address, password (encrypted)
Profile Information: Display name, avatar, preferences
Server Data: Minecraft server configurations, world files, plugin settings
Communication Data: Support tickets, forum posts, feedback
Payment Information: For premium services (processed by third-party payment providers)

2.2 Information We Collect Automatically

When you use our services, we automatically collect:

Data Type	Description	Purpose
Usage Data	Pages visited, features used, time spent, server activity	Service improvement, analytics
Technical Data	IP address, browser type, device information, operating system	Security, troubleshooting, optimization
Server Logs	Server start/stop times, error logs, resource usage	Service monitoring, support
Cookies	Session cookies, preference cookies, analytics cookies	Authentication, personalization, analytics

2.3 Information from Third Parties

We may receive information from:

Social Media Logins: If you log in using Discord, Google, or other providers
Analytics Services: Anonymous usage statistics from Google Analytics
Security Services: Threat intelligence and fraud prevention data

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

Creating and managing your account
Providing Minecraft server hosting services
Processing your server configurations and data
Enabling communication features (forums, support)
Facilitating file uploads and downloads

3.2 Service Improvement

Analyzing usage patterns to improve our services
Developing new features and functionality
Optimizing server performance and resource allocation
Conducting research and analytics

3.3 Communication

Sending service-related notifications and updates
Responding to your inquiries and support requests
Sending marketing communications (with consent)
Providing important security and policy updates

3.4 Security and Compliance

Protecting against fraud, abuse, and security threats
Enforcing our Terms of Service and policies
Complying with legal obligations and requests
Monitoring for prohibited content or activities

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

Legal Basis	Data Processing Activities
Contract Performance	Account creation, service provision, server hosting, support
Legitimate Interests	Service improvement, security, analytics, fraud prevention
Consent	Marketing communications, optional cookies, newsletter
Legal Obligation	Compliance with laws, court orders, regulatory requirements

Where we rely on legitimate interests, we have assessed that our interests do not override your fundamental rights and freedoms.

5. Sharing Your Information

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

5.1 Service Providers

We work with trusted third-party service providers who help us operate our services:

Cloud Infrastructure: Server hosting and data storage providers
Payment Processors: Stripe, PayPal for premium service payments
Communication Tools: Email delivery services, support ticket systems
Analytics Services: Google Analytics (anonymized data only)
Security Services: DDoS protection, fraud prevention tools

These providers are contractually required to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

Court orders or legal proceedings
Requests from law enforcement or regulatory authorities
National security requirements
Protection of our rights, property, or safety
Prevention of fraud or illegal activities

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you of any such change and ensure the new entity provides equivalent privacy protection.

5.4 Public Information

Some information may be publicly visible:

Public forum posts and comments
Public server listings (if you choose to list your server publicly)
Username and public profile information

6. Data Retention

6.1 Retention Periods

We retain your personal information for different periods depending on the type of data:

Data Type	Retention Period	Reason
Account Information	While account is active + 2 years	Service provision, legal compliance
Server Data	While account is active + 30 days	Service provision, data recovery
Usage Logs	12 months	Service improvement, security
Support Communications	3 years	Customer service, legal compliance
Financial Records	7 years	Tax and accounting requirements

6.2 Deletion Process

When retention periods expire or when you request deletion:

Data is securely deleted from our systems
Backups are purged according to our schedule
Third-party processors are notified to delete data
Anonymous or aggregated data may be retained for analytics

Data Recovery Notice

Once data is deleted, it cannot be recovered. We recommend backing up important server data before account deletion.

7. Data Security

We implement comprehensive security measures to protect your personal information:

7.1 Technical Safeguards

Encryption: All data is encrypted in transit and at rest using industry-standard protocols
Access Controls: Role-based access with multi-factor authentication required
Network Security: Firewalls, intrusion detection, and DDoS protection
Regular Updates: Security patches applied promptly across all systems
Monitoring: 24/7 security monitoring and incident response procedures

7.2 Operational Safeguards

Staff Training: Regular security and privacy training for all employees
Background Checks: Security screening for personnel with data access
Incident Response: Documented procedures for security breaches
Regular Audits: Internal and external security assessments

7.3 Your Security Responsibilities

You can help protect your account by:

Using a strong, unique password
Enabling two-factor authentication if available
Keeping your contact information up to date
Reporting suspicious activity immediately
Logging out of shared computers

Security Incident Notification

In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by law.

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you, including details about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data in certain circumstances (subject to legal requirements).

Right to Restrict Processing

Request that we limit how we process your data in certain circumstances.

Data Portability

Request your data in a structured, machine-readable format to transfer to another service.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

8.1 Exercising Your Rights

To exercise any of these rights:

Contact our Data Protection Officer at [email protected]
Use the data management tools in your account dashboard
Submit a request through our support system

8.2 Response Times

We will respond to your request:

Within 1 month of receiving a valid request
Within 3 months for complex requests (we'll explain any delay)
Free of charge unless the request is manifestly unfounded or excessive

8.3 Right to Complain

If you're not satisfied with how we handle your data, you can lodge a complaint with:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

9. Cookies and Tracking

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies to enhance your experience and provide our services effectively.

9.2 Types of Cookies We Use

Cookie Type	Purpose	Duration	Required
Essential Cookies	Authentication, security, basic functionality	Session/1 year	Yes
Preference Cookies	Remember settings, language, theme	1 year	No
Analytics Cookies	Usage statistics, performance monitoring	2 years	No
Marketing Cookies	Personalized content, advertising	1 year	No

9.3 Managing Cookies

You can control cookies through:

Cookie Banner: Manage preferences when you first visit
Account Settings: Update cookie preferences anytime
Browser Settings: Block or delete cookies directly

Essential Cookies Notice

Disabling essential cookies may prevent core features from working properly, such as logging in or accessing your dashboard.

9.4 Third-Party Tracking

We use these third-party services that may set cookies:

Google Analytics: Website usage analytics (anonymized)
Cloudflare: Security and performance optimization
Social Media: Embedded content from Discord, Twitter, etc.

10. Children's Privacy

10.1 Age Requirements

Our services are designed for users aged 13 and above. We do not knowingly collect personal information from children under 13 without parental consent.

10.2 Parental Controls

For users aged 13-17:

We encourage parental involvement in account creation
Parents can request access to or deletion of their child's data
We provide additional privacy protections for younger users
Server content is monitored for age-appropriate material

10.3 What to Do If You're Under 13

If you are under 13:

Ask a parent or guardian to create an account for you
Do not provide personal information without parental permission
Use our services only under adult supervision

Parental Rights

Parents and guardians have the right to review, modify, or delete their child's personal information. Contact us at [email protected] for assistance.

11. International Transfers

11.1 Data Storage Locations

Your data may be stored and processed in:

United Kingdom: Primary data centers and offices
European Union: Backup and redundancy systems
Other Countries: Third-party service providers with adequate protection

11.2 Transfer Safeguards

When transferring data outside the UK/EU, we ensure protection through:

Adequacy Decisions: Transfers to countries with adequate data protection
Standard Contractual Clauses: EU-approved contract terms
Certification Schemes: Privacy Shield successors or equivalent
Corporate Rules: Internal policies for multinational transfers

11.3 Your Rights Regarding Transfers

You have the right to:

Know where your data is being processed
Object to transfers to specific countries
Request details about safeguards in place
Obtain copies of transfer agreements

12. Changes to This Policy

12.1 Policy Updates

We may update this Privacy Policy to reflect:

Changes in our data processing activities
New legal requirements or regulations
Improvements to our services or security measures
Feedback from users or regulators

12.2 Notification of Changes

When we make significant changes, we will:

Update the "Last Updated" date at the top of this policy
Send email notifications to registered users
Display prominent notices on our website
Provide at least 30 days' notice for material changes

12.3 Your Options

If you disagree with policy changes:

You can object to the changes before they take effect
You may withdraw consent for optional processing
You can close your account if you no longer agree
Your rights under previous versions remain protected

13. Contact Information

13.1 Data Protection Officer

Our Data Protection Officer oversees privacy compliance and handles data protection inquiries:

Email: [email protected]
Response Time: Within 48 hours for urgent matters
Languages: English (other languages upon request)

13.2 Privacy Team

For general privacy questions and requests:

Email: [email protected]
Support Portal: Available through your account dashboard
Response Time: Within 5 business days

13.3 Company Information

Sapling IT Solutions Limited
Trading as: Minerack
Company Registration: [To be inserted]
Registered Address: [To be inserted]
Email: [email protected]

13.4 Regulatory Authority

You can also contact our supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Additional Information

Privacy by Design

We implement privacy by design principles in all our systems and processes, ensuring data protection is built into our services from the ground up rather than added as an afterthought.

Regular Reviews

We conduct annual reviews of our privacy practices, data processing activities, and this Privacy Policy to ensure continued compliance with applicable laws and best practices.

Employee Training

All employees receive regular training on data protection, privacy laws, and our internal policies to ensure your personal information is handled appropriately at all times.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for any new processing activities that may pose high risks to your privacy, implementing additional safeguards where necessary.

Data Controller

Table of Contents