This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data within our website and the associated CraftProxy service. We process personal data strictly in accordance with the General Data Protection Regulation (GDPR / DSGVO).

1. Data Controller

The responsible party (Controller) for data processing on this website and service within the meaning of the GDPR is:

2. Hosting Infrastructure

Our website and the reverse proxy servers are hosted by an external service provider:

• Prepaid-Hoster.de (Henrik Kramer e.K.)

Personal data collected on this website and through our proxy service is stored on our hoster's servers in Germany.

Data Processing Agreement (DPA): We have concluded a data processing agreement (AVV) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process the personal data of our website visitors and users only based on our instructions and in compliance with the GDPR.

3. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

4. Data Processing when using CraftProxy

a) Website Access (Server Logs)

When you visit our website, the server automatically collects data that your browser transmits to us. This data is temporarily stored in log files to ensure the stable and secure operation of the website (Art. 6(1)(f) GDPR). Collected data includes:

• IP address
• Date and time of the request
• Requested file/URL
• HTTP status code
• Browser type and version
• Operating system

These logs are kept for a maximum of 30 days to detect and mitigate attacks, after which they are automatically deleted or anonymized.

b) The Reverse Proxy Service (Mod & Network)

When the host executes the /host command and players connect to the generated proxy address, our Infrastructure must process certain network data to route the traffic successfully. This processing is strictly necessary for the technical provision of the contractually requested service (Art. 6(1)(b) GDPR) and to prevent network abuse (Art. 6(1)(f) GDPR).

• Processed Data: IP addresses of the host and connecting players, connection timestamps, dropped packets, and basic connection states.
• Storage & Retention: IP addresses are held in memory only for the duration of the active connection to route the packets. Minimal connection logs are kept temporarily (up to 7 days) strictly for debugging and DDoS mitigation purposes. We do not inspect, intercept or store ingame actions, chat messages, or any other in-game data.

5. Contacting us via E-Mail

If you contact us by e-mail, your e-mail including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR). The data will remain with us until you ask us to delete it or the purpose for data storage no longer applies.

6. Cookies and Tracking

We do not track you.

Our website and services do not use cookies, tracking pixels, analytical tools (like Google Analytics), or any third-party marketing services. We strictly collect only the absolute minimum data required to keep the reverse proxy running securely.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access (Art. 15 GDPR): Request information about your stored personal data.
• Right to Rectification (Art. 16 GDPR): Demand the correction of incorrect data.
• Right to Erasure (Art. 17 GDPR): Request the deletion of your data, provided no legal retention obligations exist.
• Right to Restriction of Processing (Art. 18 GDPR): Request limited processing of your data.
• Right to Data Portability (Art. 20 GDPR): Receive your data in a machine-readable format.
• Right to Object (Art. 21 GDPR): Object to data processing based on legitimate interests.

To exercise any of these rights, please contact us at the email address provided in Section 1.

8. Right to Lodge a Complaint

If you believe that the processing of your data violates data protection laws, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR), particularly in the Member State of your habitual residence or the location of the alleged infringement. The competent authority for our headquarters is the Saxon Data Protection Commissioner (Sächsischer Datenschutzbeauftragter).

9. Further Mandatory Information

Protection of Minors

Our service is not specifically directed at children under the age of 16. Should we become aware that we have collected personal data from children under the age of 16 without the consent of their parents or legal guardians, we will take steps to delete this information as quickly as possible.

No Automated Decision-Making & Third-Country Transfers

We do not use automated decision-making or profiling (Art. 22 GDPR). We do not transfer your data to third countries (outside the EU/EEA).