Privacy Policy

This policy explains what data we collect when you use Gamesrv, why we collect it, how we use it, and the rights you have over it. We follow the GDPR regardless of where you are located.

1. Who we are

Gamesrv is operated by Pukogames. We are the data controller for personal data processed through the service. Contact: hello@pukogames.com.

2. Data we collect

We collect the minimum data needed to run the service:

• Account data: email, name, password hash (for email sign-in) or OAuth profile (Google, Microsoft, Discord).
• Billing data: Stripe customer ID and payment method metadata (card brand, last 4 digits, expiry). Full card details are held by Stripe, not by us.
• Server metadata: server names, game choices, configuration, mod lists. We do NOT inspect the contents of your game worlds.
• Operational logs: HTTP request logs, server events, error reports. Retained up to 30 days.
• Cookies: a single session cookie for authentication. No ad tracking, no analytics cookies.

3. How we use your data

• To provide the service: provisioning servers, processing payments, sending transactional emails.
• To secure the service: detecting abuse, investigating incidents, enforcing our Terms.
• To comply with law: responding to legitimate legal requests, keeping tax and billing records as required.

We do not sell your data. We do not use it for advertising or profiling.

4. Legal basis (GDPR)

• Contract: processing necessary to deliver the service you signed up for.
• Legitimate interest: security logging, abuse prevention, product improvement.
• Legal obligation: invoicing, tax records.

5. Third-party processors

We share data with the following processors, each under a contract that limits their use:

• Stripe (payments) — card details, customer metadata.
• OAuth providers (Google, Microsoft, Discord) — only when you choose to sign in with one.
• Mod sources (Modrinth, Thunderstore, Factorio Portal, uMod, GitHub) — your server downloads mods from these directly when you enable them. Mod request traffic is proxied through our API and does not carry your identity.

We do not use third-party analytics or advertising platforms.

6. Data location and transfers

Our servers are located in France (EU). Game server data stays on our infrastructure. Stripe and the OAuth providers may process data outside the EU under their own GDPR-compliant safeguards (Standard Contractual Clauses).

7. Retention

• Account data: kept while your account is active, deleted within 30 days of account closure.
• Game server data: deleted when you delete the server or close your account.
• Billing records: retained for 10 years to meet tax obligations.
• Operational logs: up to 30 days.

8. Your rights

Under the GDPR, you have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (“right to be forgotten”) — subject to legal retention obligations.
• Export your data in a portable format.
• Object to processing based on legitimate interest.
• Lodge a complaint with a data protection authority (in France: the CNIL).

To exercise any right, email hello@pukogames.com. We respond within 30 days.

9. Security

We protect your data with industry-standard measures: encrypted connections (TLS), hashed passwords, least-privilege access, isolated server environments, and regular security reviews. No system is perfectly secure — if we become aware of a breach affecting your data we will notify you within 72 hours as required by the GDPR.

10. Children

Gamesrv is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

11. Changes to this policy

Material changes will be notified by email or dashboard notice at least 14 days before they take effect.

12. Contact

Questions about privacy? Email hello@pukogames.com.