This document is about how Redstoner.com, further referred to as "Redstoner", "we" or "the company", collects and uses any users, further referred to as "you" or "the player", your information in regards to providing a Minecraft server, website with forums, as well as possible additional digital goods (for example, but not limited to a teamspeak server, mail server and other game servers), further referred to as "the service".
To provide the service to you, we collect data, some of which qualifies as Personally Identifiable Information (PII) under the GDPR. This section describes which data we store, the following ones describe why we store it, how we story it, and how we use it.
Data relating to the Minecraft server:
- Your Mojang UUID, as well as all usernames you ever used on any accounts
- All IP addresses you use to connect to the server with
- Your E-Mail address, and a flag indicating if you have confirmed ownership (optional)
- All actions you take on the server, identified by your UUID or username at the time, including but not limited to:
- Chat messages
- World interactions
- Several pieces of data regarding plugin/module functionality. This includes, but is not limited to:
- Your in game rank
- User settings
- Your donation history
- A hash of your password (optional)
Data relating to the website (all of this is only required if you want to use the forums):
- Your mojang UUID, as well as the last username you used to connect to the Minecraft server with
- A user defined username
- A hash of your passwords
- The last IP address you used to connect to the forums with
- Your in game rank
- The time when you registered your account, as well as the last time you logged in
- Your E-Mail address, and a flag indicating if you have confirmed ownership (only visible to you and staff)
- A GPG key used to encrypt E-Mail traffic from the server (optional, visible to administrators only)
- A user defined Profile description (optional, public)
- Your Twitter account name (optional, public)
- Your Skype name (optional, visible to registered users only)
- Your YouTube account ID (optional, public)
- User settings
- Everything you post on the forums. This means threads, as well as replies (optional)
Additional info about server logs:
- All Minecraft server logs are kept indefinitely
- All website access logs are kept for seven (7) days
Fields marked with (optional) are provided by the user and are not required to use the server. They exist and are stored for convenience reasons, or, in case of posts, to provide the forums service.
How we store data, and who can access it:
- Any data relating to the Minecraft server except user settings, can be viewed by any staff member (rank moderator or above) at any time, after they have logged in using a 2FA process
- Any data relating to the website except user settings, can be viewed by any staff member (rank moderator or above) at any time, after they have logged in using a 2FA process. All fields marked with (public) are visible to everyone at any given time.
All data is stored on a machine located near Regensburg, Germany. A total of four (4) administrators has access to the machine at any given time. The login is done through a 2FA process. After the login, most data can be viewed, except a user's world interactions, some user settings and the user's password hashes (more on this later). Those require an additional password, currently known to two (2) administrators only.
We create daily backups of all data on an offsite machine. The backups are transmitted through an encrypted connection, and are encrypted with a key known to only one (1) administrator.
All of your passwords are treated with a grain of salt. Quite literally. Every password we ever get our hands on will be salted, before we hash it (this basically is a one-way encryption), then store it together with your E-Mail address in our database. No matter what we do, it is impossible for us to recover your password if you lose it. If you do so, you can contact us to request a password reset, in which case we will force-override your password to a new, randomly generated password that we will pass on to you.
Please note: A Redstoner staff member will never ask you for your E-Mail address, password, website token, or any PII. If we request verification from you, this will be done by requiring to echo back a message through your Minecraft account, a special place on the forums that is only visible to staff, or the already known email address.
Official E-Mails will ALWAYS be sent by a redstoner.com sender address. If you receive suspicious mails or spam, please inform us using the "Ask staff" subforum, or through email@example.com
How long we store data, and why we do it:
- Your donation history (10 years, required by german laws)
- World interactions (at most 60 days, this is used to identify harmful actions on the server)
- User settings (indefinitely, used to provide a customizable experience, required to run the service)
- Your Mojang UUID, in game names, and IP addresses (indefinitely, used to identify users, required to run the server)
- Chat messages and commands, server logs (indefinitely, this is used to keep track of harmful actions on the server)
- Website access logs (7 days, used for identifying harmful access, also used to do account verification in some unique cases)
How to obtain a copy of your data, or request deletion:
There is no automated process for this (yet). Currently, you can contact firstname.lastname@example.org with your registered E-Mail address, and request a download of your data (this will come with a giant .json file), or deletion of all data we collected. Please note that, for security reasons, we can only offer you your data in an encrypted form. Please provide a public key in the request, or provide a key using the website.
Who we share your data with:
It's really that simple.
If you got any questions about this document, feel free to ask them by contacting us per E-Mail. If you think that some info on this page is missing, or written in a hard to understand way - or if you think that there should be changes made to how we treat data on our server, once again feel free to drop us an E-Mail.
Additionally, we are currently working on turning most of your data into pseudonymised data by hashing all identifiers. This will have no effect on the security measures we already take to protect your data, however, this will ensure that only if the identifying part is already known, you can access the remaining data. It prevents reverse searches to categorize users based on settings, while still allowing to generate statistics, or finding specific data if and only if the user identifying token is already known. This process is currently in the works and not required by any data protection laws, but it's a goal we strive to achieve.