Privacy
Policy.
The Short Version
Sentinel Hosting ("we", "us", "our") operates the game server hosting platform at this website. This policy describes what personal data we collect when you use our services, how we use it, who we share it with, and what rights you have over it.
We collect only what we need to run your servers and process payments. We do not sell your data, serve you ads, or share your information with parties who have no legitimate role in delivering our service.
Data We Collect
We collect only what you provide directly and what is necessary to operate your servers. We do not track browsing behaviour, collect usage analytics, or record device/technical metadata.
| Category | What it includes | Why we collect it |
|---|---|---|
| Account data | Email address, display name, OAuth identifiers (Discord, GitHub, Google) | Authentication, account management, communications |
| Payment data | A Stripe customer ID is stored on your account. All payment card data is held exclusively by Stripe — we never see or store card numbers, CVVs, or full billing details. | Processing subscriptions and invoices via Stripe |
| Server data | Server name, game, region, server specs (RAM, CPU, storage), installed mods | Provisioning and operating your server |
| Error events | Application errors and stack traces when the service fails | Diagnosing and fixing bugs |
| Support data | Messages and tickets you submit to our support team | Resolving issues, quality assurance |
We do not collect the contents of your game server (player chat, world data, uploaded files) unless you explicitly share them with us during a support request.
How We Use Your Data
We use your data exclusively to operate and improve the platform. Specifically:
Service delivery — Provisioning game servers, processing payments, sending billing receipts, and delivering email notifications about your subscription (renewals, payment failures, upgrades).
Account management — Authenticating you, linking OAuth providers, managing your profile, and enforcing security policies.
Communications — Sending transactional emails you directly trigger (order confirmation, payment receipts, cancellation confirmation). We do not send marketing email unless you opt in separately.
Security & fraud prevention — Detecting abuse, enforcing rate limits, and protecting the integrity of the platform.
Product improvement — Analysing aggregated, anonymised usage patterns to improve the dashboard, pricing, and server deployment speed. This analysis is never tied to an identifiable individual.
Sharing & Third-Party Processors
We do not sell, rent, or trade personal data. We share information only with sub-processors who are contractually bound to handle it in accordance with applicable law.
| Processor | Role | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing address, subscription details |
| Clerk | Authentication | Email, OAuth tokens, session data |
| Pterodactyl | Game server management | Server specs, user email, server identifier |
| Discord | Optional OAuth login & notifications | Discord user ID and username (if you link your account) |
We may disclose personal data if required by law, court order, or government authority, or to protect the safety of users or the public. We will notify you of such disclosures where legally permitted.
How Long We Keep It
We retain personal data only for as long as necessary to fulfil the purposes described in this policy.
Active accounts — Data is retained for the lifetime of your account. When you delete your account, your personal data is deleted immediately. No recovery period applies.
Billing records — Invoices and payment records are retained for 7 years to comply with financial regulations.
Server data — Deleted immediately when you cancel a server, except where a backup snapshot was created (these are purged within 14 days of cancellation).
Support tickets — Retained for 2 years from the date of last activity.
Technical logs — IP logs and access logs are retained for 90 days, then automatically purged.
Cookies & Local Storage
We use a minimal set of cookies strictly necessary to operate the platform. We do not use advertising cookies or third-party tracking cookies.
| Cookie | Purpose | Duration |
|---|---|---|
| csrftoken | CSRF protection for form submissions | 1 year |
| __session (Clerk) | Authenticated session token | Session / configurable |
| __client_uat (Clerk) | Session refresh signal used by Clerk | Session |
We do not use analytics cookies (no Google Analytics, Hotjar, or similar tracking scripts). Usage analytics, where collected, are derived server-side from anonymised log data.
Your Rights
Depending on your location, you may have the following rights regarding your personal data. Access and erasure can be exercised directly from your profile page. For all other requests, email [email protected] — we respond within 30 days.
Security Measures
We implement technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction:
Encryption in transit — All traffic between your browser and our servers is encrypted. API communications with Stripe, Clerk, and Pterodactyl use HTTPS exclusively.
Encryption at rest — Database volumes are encrypted. Payment card data is never stored on our systems — Stripe handles all card data under PCI DSS Level 1 compliance.
Access controls — Internal access to production data is restricted to authorised personnel, logged, and audited. Staff access personal data only when necessary to resolve a support request.
Authentication — Account authentication is delegated to Clerk, which supports multi-factor authentication, brute-force protection, and anomaly detection.
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at [email protected].
Questions & Requests
If you have any questions about this policy or want to exercise your rights, reach out to us. We aim to respond to all privacy requests within 5 business days.
This policy may be updated from time to time. We will notify active subscribers by email of any material changes at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.