Privacy Policy
Last updated: June 10, 2026
Also see: Terms of Service · Privacy Policy · Cookie Policy
1. Introduction
This Privacy Policy explains how MinecraftServer.Buzz ("we", "us", "our") processes personal data when you use minecraftserver.buzz and related services (the "Service"). It should be read with our Terms of Service and Cookie Policy.
We are the data controller for personal data described here, unless we state that a third party is an independent controller (e.g. listed Minecraft servers you join).
2. Contact
Privacy questions and requests: use our contact page. Include enough detail for us to verify your identity and respond. We aim to reply within one month (extendable by two months for complex requests under GDPR).
3. Who this policy covers
- Visitors browsing the server list and tools.
- Registered users (server owners and players with accounts).
- Paying customers (paid advertising via PayPal).
- People who vote, contact us, or submit ownership claims.
The Service is not directed at children under 13. See Section 14.
4. Personal data we collect
Depending on how you use the Service, we may process:
Account and profile
- Email address, username, password (handled by our auth provider; we do not store plain-text passwords).
- Account metadata (creation date, admin/ban flags where applicable).
Server listings (owner-submitted)
- Server name, descriptions, IP/hostname, ports, tags, version, country, media URLs, Discord/social links, Votifier settings.
- Live data fetched from your server (MOTD, player count, icon, online status).
- Moderation status, admin notes, and ownership/claim records.
Voting
- For logged-in users: account ID linked to vote records.
- For guest votes: Minecraft username, server voted for, date/time, and technical anti-abuse data.
- Aggregated vote counts and public leaderboards (usernames may appear on vote pages).
Payments
- Subscription tier, server linked to purchase, transaction status, PayPal subscription and event IDs, amounts, and timestamps.
- Payment card and bank details are processed by PayPal; we do not receive full card numbers.
Usage, analytics, and logs
- With your consent: Google Analytics data (pages viewed, device/browser, approximate location, referral).
- With your consent: first-party listing events (impressions, listing clicks, IP-copy actions) tied to server IDs, not to your name unless you are logged in.
- Server and security logs (IP address, user agent, timestamps, error data) for operation and abuse prevention.
Communications
- Messages you send via the contact form (name, email, subject, message).
- Transactional emails (welcome, listing approved/rejected, ownership changes, payment-related notices).
- Product emails about listings and growth (e.g. tips, advertising information) where permitted; you can opt out of non-essential marketing.
Claims and uploads
- Ownership claim submissions and proof files uploaded to our storage.
Cookies and local storage
Described in our Cookie Policy, including authentication cookies, consent preferences, optional saved servers (chest), and theme settings.
5. How we use personal data and legal bases (GDPR)
| Purpose | Legal basis |
|---|---|
| Provide accounts, listings, voting, tools, and owner dashboards | Art. 6(1)(b) contract / steps prior to contract |
| Process premium subscriptions and support billing disputes | Art. 6(1)(b) contract; Art. 6(1)(c) legal obligation (tax/accounting) |
| Moderate content, prevent fraud and vote manipulation, secure the Service | Art. 6(1)(f) legitimate interests (security, integrity of rankings) |
| Send transactional emails (approval, rejection, account notices) | Art. 6(1)(b) contract / Art. 6(1)(f) legitimate interests |
| Send optional product/marketing emails to server owners | Art. 6(1)(a) consent or Art. 6(1)(f) soft opt-in where permitted; opt-out anytime |
| Analytics (Google Analytics and listing metrics) | Art. 6(1)(a) consent (via cookie banner) |
| Saved servers chest (browser storage) | Art. 6(1)(a) consent (via cookie preferences) |
| Respond to contact and legal requests | Art. 6(1)(f) legitimate interests / Art. 6(1)(c) legal obligation |
Where we rely on legitimate interests, you may object (see Section 12). We do not use personal data for solely automated decisions that produce legal or similarly significant effects without human review.
6. Who we share data with
We do not sell your personal data. We share data only as needed with:
- Supabase — database, authentication, file storage, edge functions (hosting may be in the EU or US depending on project region). Privacy policy
- PayPal — payment processing and subscription management. Privacy policy
- Google Analytics — website analytics (enabled by default; opt out in Cookie settings). Privacy policy
- Resend (or similar email API) — delivery of transactional and product emails. Privacy policy
- Infrastructure/hosting providers that run our application (e.g. cloud servers where the Next.js app is deployed).
- Authorities, regulators, or courts when required by law or to protect rights and safety.
- Professional advisers (lawyers, accountants) under confidentiality obligations.
Public information: Approved server listings, vote leaderboards (Minecraft usernames), and similar community features are visible to other visitors and may be indexed by search engines.
7. International transfers
Some processors are located outside the European Economic Area (EEA), including in the United States. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, UK IDTA/Addendum, or adequacy decisions. You may request more information about transfers via the contact page.
8. Retention
- Account data: for as long as your account exists, then deleted or anonymised within a reasonable period unless we must retain it for legal claims or obligations.
- Server listings: while published and for a limited backup/archival period after removal.
- Votes: for ranking and audit purposes; guest vote identifiers as needed to enforce vote limits.
- Payment records: as required by tax and commercial law (typically several years).
- Marketing email logs: to honour opt-outs and prove consent.
- Server logs: short to medium term unless needed for security investigations.
- Contact messages: until resolved and for reasonable follow-up, unless longer retention is required.
You may request earlier deletion where we have no overriding legal basis to keep data (see Section 12).
9. Cookies and similar technologies
See our Cookie Policy for details and to manage preferences (footer: "Cookie settings").
10. Marketing communications
We may email registered server owners about the Service (listing tips, growth suggestions, advertising options). You can opt out using the unsubscribe link in those emails or by contacting us. Transactional messages (security, approvals, billing) are not marketing and may still be sent while you have an account or active subscription.
11. Security
We use technical and organisational measures appropriate to the risk (encryption in transit, access controls, RLS on database tables, service-role isolation). No online service is completely secure; please use a strong password and protect your account credentials.
12. Your rights
If you are in the EEA, UK, or Switzerland, you generally have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase data ("right to be forgotten") in certain cases.
- Restrict processing in certain cases.
- Data portability for data you provided, where processing is automated and based on contract or consent.
- Object to processing based on legitimate interests (including profiling).
- Withdraw consent at any time (without affecting prior lawful processing).
- Lodge a complaint with your local supervisory authority.
EEA supervisory authorities: edpb.europa.eu. UK: ico.org.uk.
To exercise rights, contact us via the contact page. We may need to verify your identity.
13. United States and other regions
Depending on your state or country, you may have additional rights (e.g. access, deletion, correction, opt-out of certain sharing). We do not sell personal information as defined by the California Consumer Privacy Act (CCPA/CPRA). Contact us to submit a request; we will not discriminate against you for exercising privacy rights.
14. Children
The Service is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us and we will delete it promptly.
15. Third-party websites and game servers
Listings and tools may link to Discord, Tebex, YouTube, and independent Minecraft servers. Their privacy practices are governed by their own policies. We are not responsible for data collected by third-party servers you choose to join.
16. Changes to this policy
We may update this Privacy Policy. We will post changes on this page and update the date above. Material changes may be communicated on the Service or by email where appropriate. Continued use after the effective date means you acknowledge the update, subject to applicable law.
17. Contact
Privacy enquiries and data subject requests: contact page.