loothost
Start

Legal

Policies for using loothost

Plain-language policy pages for service terms, privacy, and acceptable use.

Privacy Policy

Last updated 2026-06-10

This Privacy Policy explains how Davos Dev LLC (“loothost”, “we”, “us”) collects, uses, and shares information in connection with the loothost managed Minecraft hosting service (the “Service”).

1. Information we collect

  • Account information. The email address you use to create an account, and basic profile details you choose to provide.
  • Billing information. Payments are processed by Stripe. We do not store full card numbers; Stripe handles payment data under its own privacy policy. We retain billing metadata such as your plan, subscription status, and invoices.
  • Server configuration and world data. The configuration, settings, and world data of the servers you run are stored on our nodes and in backups in Cloudflare R2.
  • Connection and network data. IP addresses and connection metadata associated with your use of the Service and with connections to your servers, used to operate the Service and to detect and prevent abuse.
  • Diagnostics and error telemetry. We use Sentry to collect error and performance telemetry to keep the Service reliable.
  • Analytics. If enabled, we may collect aggregate usage analytics about how the website is used.

2. How we use information

We use information to provide, maintain, secure, and improve the Service; to process payments and manage subscriptions; to communicate with you about your account and the Service; to detect, prevent, and respond to abuse, security incidents, and violations of our Acceptable Use Policy; and to comply with legal obligations.

3. Legal basis for processing

If you are in the European Economic Area or the United Kingdom, we process your personal information on one or more of the following legal bases:

  • Performance of a contract. To create and operate your account, provision and run your servers, and process payments under our Terms of Service.
  • Legitimate interests. To secure the Service, detect and prevent abuse, keep the Service reliable, and improve it, where these interests are not overridden by your rights.
  • Legal obligation. To comply with applicable law, including tax and accounting requirements and lawful requests from authorities.
  • Consent. Where we ask for it, such as for any optional analytics. You may withdraw consent at any time, without affecting processing that already took place.

4. Sub-processors and service providers

We share information with the following providers, who process data on our behalf to operate the Service:

  • Stripe. Payment processing.
  • Hetzner. Server infrastructure (hosting nodes).
  • Cloudflare. DNS, network, and edge services.
  • Cloudflare R2. Backup storage.
  • Resend. Transactional email.
  • Sentry. Error and performance telemetry.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

5. Your rights (GDPR / CCPA)

Depending on where you live, you may have the right to access, correct, or delete the personal information we hold about you, and to object to or restrict certain processing. You can download a copy of your personal data at any time from your profile page. To make any other request, including deletion, contact us at [email protected]; export and deletion requests are honored within thirty (30) days. We will respond as required by applicable law. You may also have the right to lodge a complaint with your local data-protection authority. (Self-service account deletion is planned; until then, deletion requests are handled manually.)

6. Cookies

We use cookies and similar technologies that are necessary to operate the website, for example, to keep you signed in and to remember your theme preference. We do not use non-essential or analytics cookies. If that changes, we will update this Policy and present a cookie-consent banner before setting any such cookie.

7. Data retention

We retain personal information for as long as your account is active and as needed to provide the Service. Specific categories are retained as follows:

  • Account information. For as long as your account is active; deleted on account closure, subject to the exceptions below.
  • Billing records. Invoices and transaction records are retained as required for tax, accounting, and legal purposes, typically up to seven (7) years.
  • Server world data and backups. Retained for thirty (30) days after your subscription is cancelled or lapses, then permanently deleted, consistent with the grace period described in our Terms of Service.
  • Connection and network logs. Retained for a limited period for security and abuse-prevention purposes, typically up to ninety (90) days.
  • Error and performance telemetry (Sentry). Retained according to our configured retention in Sentry, typically up to ninety (90) days.

We may retain information for longer where required to comply with legal obligations, resolve disputes, or enforce our agreements.

8. Security

We use reasonable technical and organizational measures to protect information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify affected users and the relevant supervisory authorities without undue delay and within the timeframes required by applicable law.

9. International data transfers

We operate from, and use service providers in, multiple countries. In particular, server and world data is hosted on infrastructure in the European Union (Hetzner, in Germany), while other providers, such as Stripe, Cloudflare, Cloudflare R2, Resend, and Sentry, may process data in the United States or other countries. As a result, your information may be transferred to, and processed in, a country other than the one you live in, where data-protection laws may differ from those in your jurisdiction.

Where these transfers are subject to data-protection law, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or another lawful transfer mechanism, to protect your information.

10. Children

The Service is not directed to children under the age at which, under applicable law, a person can consent to the processing of their personal data, and we do not knowingly collect such data. You must be at least 13 years old to use the Service. If you are between 13 and the age of majority where you live, you may use the Service only with the involvement of a parent or guardian. If we learn that we have collected personal data from a child under 13, we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time and will communicate material changes through the Service or by email.

12. Contact

Questions about this Policy or your information may be sent to [email protected] (Davos Dev LLC).