ServerF.Hosting Privacy Policy

Last Updated: September 2025

Your privacy is important to us. This Privacy Policy explains how ServerF.Hosting ("we," "us," or "our") collects, uses, and safeguards information when you use our services. By accessing or using our services, you agree to the practices described in this policy. This policy is designed to comply with the General Data Protection Regulation (GDPR), as our services are governed by the laws of Germany.

1. Data Controller and Contact Information

The Data Controller responsible for the processing of your personal data is ServerF.Hosting.

If you have any questions about this Privacy Policy or your data rights, please contact us on our Discord Server.

2. Information We Collect and Legal Basis (GDPR)

We adhere to a policy of limited data collection. We collect data primarily for service provision, billing, and necessary security functions. The types of data collected and the corresponding legal basis are:

  • Account Data: We collect necessary login credentials (e.g., unique user ID created upon sign-in via Firebase or third-party authentication) to manage your server instances and account settings.
    Legal Basis: Contractual Necessity (Art. 6(1)(b) GDPR) for providing the hosting service you requested.
  • Billing and Transaction Data: When you purchase a paid service, we process non-sensitive payment information, such as the transaction ID, date, amount, and the PayPal email address or name used for the transaction. We do not store or process your credit card numbers.
    Legal Basis: Contractual Necessity and Legal Obligation (Art. 6(1)(c) GDPR) for accounting and tax purposes.
  • Usage Data & Technical Data (Limited Analytics): This includes non-personally identifiable data like usage patterns, feature interactions, anonymized IP addresses, browser type, and server performance metrics, used for monitoring stability and resource allocation.
    Legal Basis: Legitimate Interests (Art. 6(1)(f) GDPR) in ensuring the security, functionality, and performance of our service.

3. Cookies and Tracking Technologies

We use minimal tracking technologies, specifically essential session cookies and local storage, necessary for authentication (keeping you logged in) and service functionality (e.g., remembering your preferred server region). We do not use advertising or extensive analytical cookies that require prior consent under GDPR.

  • Essential Cookies: These cookies are strictly necessary to provide you with services available through our website and cannot be refused. They are essential for the operation of the service.
  • Local Storage: We use local storage for non-sensitive, functional data that enhances your user experience and service performance.

4. Data Retention

We retain your information only for as long as necessary to provide you with the service and for legitimate and essential business purposes, such as maintaining the performance of the service, complying with our legal obligations, and resolving disputes.

  • Service Data: Account and server-related data are retained until you request termination or until automatic deletion occurs due to non-payment (as outlined in the Terms of Service).
  • Billing Records: Transaction records are retained for the period required by German tax and commercial laws (typically 6 to 10 years).

5. Third-Party Services and Data Sharing

We utilize third-party processors to operate and enhance our platform. We do not sell your personal data to any third parties.

  • Payment Processor (PayPal): Used for secure transaction processing. PayPal processes your payment details directly.
  • Platform Tools: Our services may integrate with Firebase (authentication, database), Supabase (database, backend), and Discord (community). When you use our services, these third parties may process data on our behalf.

We have entered into Data Processing Agreements (DPAs) with all critical third-party processors to ensure they adhere to GDPR standards. We encourage you to review their respective privacy policies.

6. International Data Transfers

As some of our third-party processors (e.g., Firebase, Supabase) are located outside the European Union (EU) or European Economic Area (EEA), the processing of your data involves a transfer of data outside of Germany. We ensure that these transfers are protected and compliant with the GDPR. We primarily rely on the implementation of Standard Contractual Clauses (SCCs) approved by the European Commission, and supplementary technical and organizational measures, to safeguard your data transferred internationally.

7. Your Data Protection Rights (GDPR)

Under the GDPR, you have the following rights concerning your personal data:

  • Right of Access: The right to request copies of your personal data.
  • Right to Rectification: The right to request correction of any data you believe is inaccurate or incomplete.
  • Right to Erasure (Right to be Forgotten): The right to request that we erase your personal data under certain conditions (e.g., when the data is no longer necessary for the purposes for which it was collected).
  • Right to Restrict Processing: The right to request that we restrict the processing of your personal data under certain conditions.
  • Right to Object to Processing: The right to object to our processing of your personal data, particularly where the processing is based on legitimate interests.
  • Right to Data Portability: The right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a Supervisory Authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe our processing of your personal data violates the GDPR.

To exercise any of these rights, please contact us using the contact details provided in Section 1.

8. Data Security

We employ commercially reasonable measures to protect your information from unauthorized access, alteration, disclosure, or destruction. This includes utilizing SSL encryption and internal security controls. While we strive to protect your data, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. You acknowledge this inherent risk.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We advise you to review this policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact Us

If you have any questions, please contact us on our Discord Server.