Last updated: March 29, 2026
Privacy Policy
Your privacy matters to us. This policy explains what data we collect, how we use it, and the controls you have over your information.
1. Information We Collect
When you create an account we collect your email address and, depending on your sign-in method, your name and profile picture from your OAuth provider (Google or Discord). When you link a Minecraft account we store an encrypted copy of your Microsoft OAuth refresh token, the plaintext token is never stored. We also collect usage data such as bot connection timestamps, server addresses, and in-app chat logs.
2. How We Use Your Information
We use the information we collect to: (a) provide and improve the Service; (b) authenticate you and authorise bot connections on your behalf; (c) process subscription payments via Stripe; (d) send transactional emails (e.g. password resets, billing receipts) via Resend; (e) send optional push notifications about bot status; and (f) investigate abuse and enforce our Terms of Service.
3. Minecraft Credentials
Your Microsoft OAuth refresh tokens are encrypted at rest using AES-256 before being written to our database. Decryption keys are stored separately from the database and are only loaded by our API server at runtime. Plaintext tokens exist only in memory for the duration of the authentication handshake and are never logged or transmitted to third parties.
4. Data Sharing
We do not sell your personal data. We share data only with the following categories of sub-processors who help us deliver the Service: Supabase (database and authentication), Stripe (payment processing), Resend (transactional email), and our cloud infrastructure provider. Each sub-processor is bound by data processing agreements and is prohibited from using your data for their own purposes.
5. Cookies & Tracking
We use only essential session cookies necessary to keep you logged in. We do not use third-party advertising cookies or tracking pixels. Our authentication flow uses HttpOnly, Secure, SameSite cookies managed by Supabase Auth.
6. Data Retention
We retain your account data for as long as your account is active. Bot chat logs are stored as a rolling buffer of the last 10 messages per bot and are overwritten automatically. If you delete your account, all associated data (profile, linked accounts, bot history) is permanently deleted within 30 days, except where we are required by law to retain it longer.
7. Security
We implement industry-standard security measures including encrypted data in transit (TLS 1.2+), encrypted sensitive data at rest (AES-256), row-level security on our database, and least-privilege access controls. Despite these measures, no system is completely secure. You are responsible for keeping your account credentials confidential.
8. Children's Privacy
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13 without parental consent, we will delete that information promptly.
9. Your Rights
Depending on your location, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; and receive a machine-readable copy of your data. To exercise any of these rights, contact us via Discord or at [email protected].
10. International Transfers
Our infrastructure is primarily located in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service you consent to this transfer. We take appropriate steps to ensure your data is treated securely and in accordance with this policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notice at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out via our Discord server or email us at [email protected].
Have questions?
Our team is happy to help clarify anything in these terms.