Privacy Policy

Last updated: March 12, 2026

HypHosting ("we", "us", "our") operates the website at hyphosting.com and the HypHosting iOS app. This policy describes what data we collect, why we collect it, and how we protect it.

1. Data We Collect

Account information

• Email address and username (provided at registration)
• Hashed password (bcrypt — we never store plaintext passwords)
• Billing name and payment details (processed by Stripe; we do not store card numbers)

Server management data

• Minecraft player names and UUIDs (retrieved from the Mojang API to display player information)
• Server configuration, files, and logs you manage through the panel
• Console commands you send to your server

Automatically collected data

• IP address and browser user-agent (for security, rate limiting, and abuse prevention)
• Activity logs (login times, actions performed in the panel)

2. iOS App

The HypHosting iOS app connects to our API at hyphosting.com. The app:

• Stores your authentication token securely in the device Keychain
• Loads Minecraft player head images from mc-heads.net (a third-party avatar service)
• Sends player UUIDs to the Mojang API to resolve player names
• Does not collect analytics, device identifiers, or location data
• Does not contain ads or third-party tracking SDKs

3. How We Use Your Data

• To provide and maintain your game server hosting service
• To authenticate you and protect your account
• To process payments and manage subscriptions (via Stripe)
• To send transactional emails (welcome, payment confirmation, payment failures)
• To detect and prevent abuse, brute-force attacks, and unauthorized access

4. Third-Party Services

We share data with the following services only as needed to operate:

• Stripe (stripe.com) — payment processing. Subject to Stripe's privacy policy.
• Mojang API — player UUID and name lookups. Subject to Microsoft's privacy policy.
• mc-heads.net — player avatar images, loaded client-side.
• Cloudflare — DNS, DDoS protection, and CDN. Subject to Cloudflare's privacy policy.
• Hetzner — server infrastructure hosting in the EU.

5. Data Storage and Security

• All data is stored on servers located in the European Union
• Connections are encrypted with TLS (HTTPS)
• Passwords are hashed with bcrypt
• Authentication uses JWT tokens in httpOnly cookies with CSRF protection
• We apply rate limiting, account lockouts, and bot detection to prevent unauthorized access

6. Data Retention

• Account data is retained while your account is active
• Server data (worlds, configs, backups) is deleted after your subscription ends and any grace period expires
• Security logs (IP addresses, login attempts) are retained for up to 12 months
• Payment records are retained as required by Dutch tax law (7 years)

7. Your Rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict processing of your data

To exercise these rights, email us at [email protected].

8. Cookies

We use only essential cookies:

• mc_jwt — authentication token (httpOnly, secure, SameSite=Lax)
• customer_jwt — customer portal authentication (httpOnly, secure, SameSite=Lax)

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

9. Children

Our service is not directed at children under 16. If you are under 16, you need a parent or guardian's consent to use our service. If we learn that we have collected data from a child under 16 without parental consent, we will delete that data.

10. Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.

11. Contact

For questions about this privacy policy or your data:

Email: [email protected]