M
MC Monitor

Privacy Policy

MC Monitor Privacy Policy — Last updated: June 20, 2026

1. Introduction

1.1. This Privacy Policy explains how MC Monitor ("we", "us", "our"), operated as a sole proprietorship at mc-monitor.app, collects, uses, stores, and protects your personal data. It applies to all users regardless of location.

1.2. This Policy is designed to comply with:

  • EU/EEA General Data Protection Regulation (GDPR) — Regulation 2016/679;
  • California Consumer Privacy Act (CCPA) as amended by the CPRA;
  • Children's Online Privacy Protection Act (COPPA) — 15 U.S.C. § 6501;
  • US state privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, and others);
  • Argentina's Personal Data Protection Law (Ley 25.326) and implementing Decree 1558/2001 and AAIP regulations.

1.3. By using the Platform, you confirm that you have read and understood this Policy.

2. Data Controller

2.1. MC Monitor (sole proprietorship, trading name "MC Monitor") is the data controller for all personal data processed through the Platform.

Contact: [email protected]

Website: https://mc-monitor.app

3. Data We Collect

3.1. Account Registration Data

When you create an account, we collect:

  • Email address (required for all sign-up methods);
  • Display name / username (from your email or OAuth provider);
  • Profile avatar URL (from Google or Discord, if you log in via OAuth — we store the URL only, not the image);
  • Encrypted password hash (email/password sign-up only — we never store your plaintext password);
  • OAuth provider user ID (for Google or Discord sign-in, used only for account matching).

3.2. Activity Data (logged-in users)

  • Voting history: which server you voted for and when;
  • Tag rating history: which tags you liked or disliked on which server, and when;
  • IP copy events: server IPs you have copied (aggregated for ranking; not personally published).

3.3. Technical and Connection Data (all visitors)

  • IP address — processed locally on our servers using the MaxMind GeoLite2 offline database to determine your country. Your IP is never sent to any third party for geolocation;
  • Country — derived from your IP via offline lookup, used for abuse detection;
  • Session identifier — stored server-side, referenced via a single HttpOnly + Secure cookie;
  • Standard web server access logs — IP address, timestamp, requested URL, HTTP status code — retained for security and debugging.

3.4. Payment Data

When you purchase a Promotion, payment details are collected by Stripe, Inc. directly. We receive from Stripe only a transaction confirmation and anonymized reference ID. We never see, store, or process your card number.

3.5. What We Do NOT Collect

  • Precise geolocation;
  • Biometric or health data;
  • Sensitive special-category data (race, religion, sexual orientation, etc.);
  • Individual Minecraft player usernames or UUIDs;
  • Any data through advertising networks, analytics SDKs, or tracking pixels.

4. How We Use Your Data and Legal Bases (GDPR)

We use your data for the following purposes with the corresponding GDPR legal bases:

Purpose Data Used GDPR Legal Basis
Account creation and authentication Email, password hash, OAuth ID, avatar URL Contract — Art. 6(1)(b)
Voting and tag rating features Account data, activity data Contract — Art. 6(1)(b)
Fraud and abuse prevention IP address, account data, activity data Legitimate interest — Art. 6(1)(f)
Country-level geolocation (offline) IP address → Country Legitimate interest — Art. 6(1)(f)
Server promotion order processing Account data, Stripe reference Contract — Art. 6(1)(b)
Security monitoring and access logs IP, timestamps, URLs Legitimate interest — Art. 6(1)(f)
Legal compliance As required Legal obligation — Art. 6(1)(c)
Anonymized server popularity stats Anonymized copy/vote counts Legitimate interest — Art. 6(1)(f)

5. Cookies

5.1. We use one strictly necessary authentication cookie. It:

  • Is marked HttpOnly — JavaScript cannot read it, protecting against XSS;
  • Is marked Secure — transmitted only over HTTPS;
  • Contains only a session reference, not personal data;
  • Is deleted when you log out or your session expires.

5.2. We use no analytics cookies, advertising cookies, social media pixels, fingerprinting, or any other non-essential tracking technology. Full details in our Cookie Policy.

5.3. Because we use only strictly necessary cookies, no cookie consent banner is required under the EU ePrivacy Directive. If we ever add non-essential cookies, we will update this Policy and implement proper consent first.

6. Third-Party Services

6.1. Stripe, Inc. (USA) — processes server promotion payments. Stripe is an independent data controller. See stripe.com/privacy.

6.2. Google LLC — if you sign in with Google, we receive your email, display name, and avatar URL. Google is an independent data controller. See policies.google.com/privacy.

6.3. Discord Inc. — if you sign in with Discord, we receive your email, username, and avatar URL. Discord is an independent data controller. See discord.com/privacy.

6.4. MaxMind GeoLite2 — an offline IP geolocation database running entirely on our servers. No IP address or personal data is transmitted to MaxMind.

6.5. Public Minecraft server monitoring APIs — we aggregate publicly available server status data. No personal user data is shared.

6.6. We do not sell, rent, trade, or share your personal data with data brokers, advertising networks, or marketing companies.

7. Data Retention

We retain your personal data for the following periods:

Data Type Retention Period
Account data (email, password hash, OAuth ID, avatar) Until account is deleted
Activity data (votes, tag ratings, IP copy events) Until account is deleted
All personal data on account deletion DELETED IMMEDIATELY AND PERMANENTLY
Web server access logs 30 days, then anonymized or purged
Stripe transaction references As required by applicable financial/tax law
Anonymized server statistics Retained indefinitely (not linked to any individual)

When you delete your account via account settings, all personal data is permanently removed from our active databases immediately. Anonymized aggregate statistics (e.g., total votes per server) may remain as they cannot identify you.

8. Data Security

8.1. We implement the following measures to protect your data:

  • HTTPS/TLS encryption for all data in transit;
  • Bcrypt or equivalent algorithm for password hashing;
  • HttpOnly + Secure flags on all session cookies;
  • Offline IP geolocation — no IP data leaves our servers for geolocation;
  • Access controls restricting database access to authorized processes only.

8.2. No internet-based system is 100% secure. In the event of a personal data breach posing risk to your rights, we will notify the relevant supervisory authority as required by GDPR Article 33 and, where required, notify affected users without undue delay.

8.3. Nothing in this section limits your rights under applicable consumer protection laws, including but not limited to Argentine Ley 24.240 and EU Directive 2019/770/EU.

9. International Data Transfers

9.1. Your data may be processed on servers outside your country, including in the United States.

9.2. For EU/EEA transfers: we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914) or other GDPR-compliant safeguards for transfers to countries without an adequacy decision.

9.3. For Argentine users: international transfers comply with Ley 25.326 Article 12 and Disposición AAIP 4/2019. We transfer data to countries providing adequate protection or under equivalent contractual safeguards.

9.4. Nothing in this section limits your rights under applicable consumer protection laws.

10. Your Privacy Rights

10.1. Rights for All Users

  • Access: view your data via your account dashboard;
  • Correction: update inaccurate data in your account settings;
  • Deletion: permanently delete your account and all personal data via account settings (immediate);
  • Contact us: email [email protected] for any privacy concern.

10.2. EU/EEA Users — GDPR Rights

In addition to Section 10.1, EU/EEA residents have the right to:

  • Data portability (Art. 20): receive your data in a structured, machine-readable format;
  • Restriction of processing (Art. 18): limit how we use your data in certain circumstances;
  • Object to processing (Art. 21): object to processing based on legitimate interests;
  • Withdraw consent (Art. 7): where we rely on consent, withdraw it at any time;
  • Lodge a complaint: with your local Data Protection Authority — see edpb.europa.eu/about-edpb/board/members_en.

To exercise these rights, email [email protected]. We respond within 30 days (extendable by 2 months for complex requests, with notice).

10.3. California Users — CCPA/CPRA Rights

  • Right to Know: request the categories and specific pieces of personal information we hold about you;
  • Right to Delete: request deletion (subject to legal exceptions);
  • Right to Correct: request correction of inaccurate personal information;
  • Right to Opt-Out of Sale/Sharing: we do NOT sell or share personal information — no opt-out needed;
  • Right to Non-Discrimination: we will not treat you differently for exercising your rights.

Categories of personal information collected: Identifiers (email, IP, OAuth ID); Commercial information (promotion purchase history); Internet activity (votes, tag ratings, copy events, access logs).

To exercise rights, email [email protected]. We respond within 45 days (extendable by 45 days with notice).

10.4. Other US State Privacy Rights

Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon, Montana, and other states with comprehensive privacy laws have rights substantially similar to Section 10.3. We honor them for all US residents. Contact [email protected].

We do not engage in targeted advertising, sale of personal data, or profiling for significant automated decisions under any US state privacy law.

10.5. Argentine Users — Ley 25.326 Rights

AVISO LEGAL OBLIGATORIO: La AGENCIA DE ACCESO A LA INFORMACIÓN PÚBLICA, en su carácter de Órgano de Control de la Ley N° 25.326, tiene la atribución de atender las denuncias y reclamos que interpongan quienes resulten afectados en sus derechos por incumplimiento de las normas vigentes en materia de protección de datos personales.

Argentine residents have the following rights under Ley 25.326:

  • Access (Art. 14): request, free of charge, full information about data we hold about you. We respond within 10 business days. This right may be exercised every 6 months, or at any time with legitimate cause;
  • Rectification (Art. 16): request correction of inaccurate, incomplete, or outdated data — we respond within 5 business days;
  • Deletion (Art. 16): request deletion of data no longer necessary, unlawfully processed, or where processing is unjustified;
  • Confidentiality (Art. 10): your data will not be disclosed to unauthorized parties.

To exercise these rights, email [email protected]. We respond within 5 business days.

To file a complaint with the supervisory authority:

Agencia de Acceso a la Información Pública (AAIP)

Address: Sarmiento 1118, 5th Floor, Buenos Aires, Argentina

Website: https://www.argentina.gob.ar/aaip

11. Children's Privacy (COPPA)

11.1. The Platform is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If we learn we have inadvertently done so, we will delete that data promptly.

11.2. If you are a parent or guardian and believe your child under 13 has created an account, contact us immediately at [email protected].

11.3. For Argentine users: minors under 18 require parental or guardian authorization to register, as described in our Terms of Service.

12. Changes to This Policy

12.1. We may update this Policy at any time. Changes take effect when published at mc-monitor.app/privacy. Your continued use after publication constitutes acceptance. If you disagree, you must stop using the Platform and may delete your account.