ServerOps.ggLegalPrivacy Policy

Privacy Policy

What data we collect, why we collect it, who we share it with, and how to exercise your data-protection rights.

EffectiveMAY 25, 2026
CategoryDATA
EntityServerOps.gg

This Privacy Policy explains how ServerOps.gg ("ServerOps", "we", "us", or "our") handles personal data in connection with the Services. It should be read together with our Terms of Service. Capitalized terms that are not defined here have the meaning given in the Terms.

About this policy

This policy covers the personal data we handle when you visit our websites, create an account, and use the Services. It does not cover third-party services that you choose to connect or link to, which have their own privacy practices.

Because the Services let you collect and store information about your own users, we play two different roles depending on the data in question. The next section explains which role applies.

Our role: controller and processor

For the data we need to run our business, such as your account, login, billing, and how you use the Services, we are the controller. This policy describes how we handle that data.

For the data you and your users put into the products, such as files in Media, events in Logs, records in Cases, and submissions in Apps, including information about your players, applicants, and community members ("End-User Data"), you are the controller and we act as a processor that handles it on your behalf. Our commitments when we process End-User Data are set out under "Processing on behalf of operators" below and in the Terms of Service. If you are an end user of a community that uses ServerOps, the operator of that community, not ServerOps, is responsible for that data, and you should direct privacy requests to them.

Data we collect

We collect the following categories of personal data:

  • Account and identity data: your name, email address, username or handle, password (stored only as a secure hash), profile details, and your acceptance of our legal terms.
  • Authentication and connection data: information needed to sign you in and keep your account secure, including two-factor settings, and, if you sign in with or link a third-party account such as a gaming or chat platform, the basic profile information that provider shares with us.
  • Workspace and organization data: the workspaces you create or join, your role and permissions within them, team members and invitations, projects, and access tokens.
  • Billing and payment data: your plan, subscriptions, and billing history. Card payments are handled by our payment processor; we do not receive or store full card numbers. We keep a billing customer reference and a limited card fingerprint that we use only to prevent fraud and abuse.
  • Content and product data: the files, logs, records, form submissions, and other content that you and your users upload, store, or generate through the Services. This includes End-User Data, for which you are the controller.
  • Usage, device, and diagnostic data: how you interact with the Services, log and event data, your IP address and the approximate location derived from it, browser and device information, and error and performance diagnostics.
  • Safety and abuse-prevention data: signals we use to detect and stop abuse, such as records of automated content scans, abuse and copyright reports, sign-up and rate-limit signals, and checks against disposable-email and abuse lists.
  • Communications and support data: messages you send us, support requests, and your contact and marketing preferences.

How and why we use it

We use personal data to:

  • Provide, maintain, and operate the Services and your account.
  • Authenticate you, keep the Services and your account secure, and prevent, detect, and investigate fraud, abuse, and violations of our terms. This includes automated scanning of uploaded content for illegal material, including child sexual abuse material, which we report to the National Center for Missing and Exploited Children and to law enforcement as required by law.
  • Process payments, manage subscriptions, and send billing and transactional messages.
  • Communicate with you. Service messages, such as security, billing, and legal notices, are part of using the Services and cannot be opted out of. We may also send product news and updates; you can unsubscribe from these at any time using the link in the email or your account settings.
  • Understand and improve the Services, fix problems, and develop new features.
  • Comply with our legal obligations and enforce our agreements, including responding to lawful requests and protecting our rights, our users, and the public.

If you are in the EU, the UK, or another region with similar laws, we rely on the following legal bases: performance of our contract with you, our legitimate interests in running and securing the Services, your consent where we ask for it, and compliance with legal obligations.

Cookies

We currently use only essential cookies: a session cookie that keeps you signed in, a cookie that remembers your consent and preferences, and a short-lived bot-management cookie set by our security and content-delivery provider to tell human visitors from automated traffic. These are necessary for the Services to work.

We do not use analytics or advertising cookies, and we do not track you across other websites. You can review and manage cookie categories in the preferences center. If we introduce analytics or marketing cookies in the future, we will update this policy and add them to the consent options before they are used.

How we share data

We do not sell your personal data, and we do not share it for cross-context behavioural advertising. We disclose personal data only in these situations:

  • Service providers and subprocessors: vendors that help us run the Services, such as hosting and storage, payment processing, email delivery, and security. They may process personal data only on our instructions and under contract. Our current subprocessors are listed at /legal/subprocessors.
  • At your direction: when you choose to connect a third-party service, share content, or otherwise instruct us to disclose data.
  • Legal and safety: when we believe disclosure is required by law or legal process, or is reasonably necessary to protect the rights, safety, or property of ServerOps, our users, or the public, including in connection with abuse and copyright matters.
  • Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction, subject to this policy.

Processing on behalf of operators

When we process End-User Data on your behalf as your processor, we will: process it only on your documented instructions and as needed to provide the Services; keep it confidential; apply appropriate technical and organizational security measures; use subprocessors only under written terms consistent with this policy, with the current list published at /legal/subprocessors; assist you, taking into account the nature of the processing, in responding to requests from your end users and in meeting your security and breach-notification obligations; and return or delete End-User Data when our agreement ends, except where we must retain it by law.

These commitments supplement the Terms of Service. Enterprise and custom customers may enter into a separate data processing agreement with us where one is required.

International transfers

We are based in the United States, and we and our service providers may process personal data in the United States and other countries whose data-protection laws may differ from those where you live. Where we transfer personal data from the EU, the UK, or Switzerland to a country without an adequacy decision, we use appropriate safeguards, such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, together with additional measures where needed.

How long we keep data

We keep personal data for as long as your account is active and for as long as we need it for the purposes described in this policy. When you delete your account, we schedule it for permanent deletion after a short grace period of about 14 days, during which the deletion can still be reversed. After that, your personal data is purged, except as described next.

Backups expire on a rolling basis. Content and product data are kept for as long as you keep them and according to any retention period you configure for a product. We keep some records longer where we need them to meet legal obligations, resolve disputes, or enforce our agreements, including abuse, copyright, and safety records. We may keep aggregated or anonymized data that no longer identifies you.

Your rights and choices

Depending on where you live, you may have some or all of the following rights over your personal data. If you are in the EU or the UK, these include the rights to access, correct, delete, and receive a copy of your data, to restrict or object to certain processing, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local data-protection supervisory authority.

If you are a California resident, or live in another US state with a privacy law, these include the rights to know what personal data we hold, to access and delete it, to correct it, and to opt out of the sale or sharing of personal data. We do not sell or share personal data for advertising, and we will not discriminate against you for exercising your rights.

You can access and export much of your data, update your details, and delete your account from your account settings. To make any other request, email us at [email protected]. We will verify your identity before acting and respond within the time the law requires. If your request concerns End-User Data held by a community that uses ServerOps, contact that operator, who is the controller of that data.

Children's privacy

The Services are not directed to children, and you must be at least 13 years old, or the minimum age of digital consent in your country if it is higher, to create an account. We do not knowingly collect personal data directly from children for our own purposes. If you use the Services to collect data about your end users, you are responsible for meeting any obligations that apply to children's data, including obtaining any required parental consent and giving the necessary notices.

Security

We use technical and organizational measures designed to protect personal data, including encryption in transit and at rest, access controls, and support for two-factor authentication on your account. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Where the law requires it, we will notify you and the relevant authorities of a personal-data breach.

Changes to this policy

We may update this policy from time to time. If we make a material change, we will give you reasonable notice, for example by email or through the Services. The "Effective" date on this document reflects the current version, and your continued use of the Services after an update takes effect means you accept the updated policy.

Contact

ServerOps.gg is the controller of the personal data described in this policy for which we are responsible. For privacy questions or to exercise your rights, contact us at [email protected]. Full registration details of the operating entity are being finalized and will be published here.

Controller
ServerOps.gg
Privacy contact
[email protected]
Post
[registered office address]
Terms of ServiceAll policiesDMCA & Copyright Policy