Home Privacy Policy
Legal

Privacy
Policy.

Effective June 1, 2025
Last updated June 1, 2025
Version 1.0
01 · Overview

The Short Version

Sentinel Hosting ("we", "us", "our") operates the game server hosting platform at this website. This policy describes what personal data we collect when you use our services, how we use it, who we share it with, and what rights you have over it.

We collect only what we need to run your servers and process payments. We do not sell your data, serve you ads, or share your information with parties who have no legitimate role in delivering our service.

🛡️
Your data, your control. You can download a copy of all data we hold about you or delete your account directly from your profile page. For other enquiries contact [email protected].
02 · Data We Collect

Data We Collect

We collect only what you provide directly and what is necessary to operate your servers. We do not track browsing behaviour, collect usage analytics, or record device/technical metadata.

Category What it includes Why we collect it
Account data Email address, display name, OAuth identifiers (Discord, GitHub, Google) Authentication, account management, communications
Payment data A Stripe customer ID is stored on your account. All payment card data is held exclusively by Stripe — we never see or store card numbers, CVVs, or full billing details. Processing subscriptions and invoices via Stripe
Server data Server name, game, region, server specs (RAM, CPU, storage), installed mods Provisioning and operating your server
Error events Application errors and stack traces when the service fails Diagnosing and fixing bugs
Support data Messages and tickets you submit to our support team Resolving issues, quality assurance

We do not collect the contents of your game server (player chat, world data, uploaded files) unless you explicitly share them with us during a support request.

03 · How We Use It

How We Use Your Data

We use your data exclusively to operate and improve the platform. Specifically:

Service delivery — Provisioning game servers, processing payments, sending billing receipts, and delivering email notifications about your subscription (renewals, payment failures, upgrades).

Account management — Authenticating you, linking OAuth providers, managing your profile, and enforcing security policies.

Communications — Sending transactional emails you directly trigger (order confirmation, payment receipts, cancellation confirmation). We do not send marketing email unless you opt in separately.

Security & fraud prevention — Detecting abuse, enforcing rate limits, and protecting the integrity of the platform.

Product improvement — Analysing aggregated, anonymised usage patterns to improve the dashboard, pricing, and server deployment speed. This analysis is never tied to an identifiable individual.

04 · Sharing & Processors

Sharing & Third-Party Processors

We do not sell, rent, or trade personal data. We share information only with sub-processors who are contractually bound to handle it in accordance with applicable law.

Processor Role Data shared
Stripe Payment processing Email, billing address, subscription details
Clerk Authentication Email, OAuth tokens, session data
Pterodactyl Game server management Server specs, user email, server identifier
Discord Optional OAuth login & notifications Discord user ID and username (if you link your account)

We may disclose personal data if required by law, court order, or government authority, or to protect the safety of users or the public. We will notify you of such disclosures where legally permitted.

05 · Data Retention

How Long We Keep It

We retain personal data only for as long as necessary to fulfil the purposes described in this policy.

Active accounts — Data is retained for the lifetime of your account. When you delete your account, your personal data is deleted immediately. No recovery period applies.

Billing records — Invoices and payment records are retained for 7 years to comply with financial regulations.

Server data — Deleted immediately when you cancel a server, except where a backup snapshot was created (these are purged within 14 days of cancellation).

Support tickets — Retained for 2 years from the date of last activity.

Technical logs — IP logs and access logs are retained for 90 days, then automatically purged.

06 · Cookies

Cookies & Local Storage

We use a minimal set of cookies strictly necessary to operate the platform. We do not use advertising cookies or third-party tracking cookies.

Cookie Purpose Duration
csrftoken CSRF protection for form submissions 1 year
__session (Clerk) Authenticated session token Session / configurable
__client_uat (Clerk) Session refresh signal used by Clerk Session

We do not use analytics cookies (no Google Analytics, Hotjar, or similar tracking scripts). Usage analytics, where collected, are derived server-side from anonymised log data.

07 · Your Rights

Your Rights

Depending on your location, you may have the following rights regarding your personal data. Access and erasure can be exercised directly from your profile page. For all other requests, email [email protected] — we respond within 30 days.

Right of Access Download a full export of all personal data we hold about you directly from your profile page.
Right to Erasure Delete your account and all associated data immediately from your profile page. No recovery period applies.
Right to Rectification Correct inaccurate or incomplete personal data we hold.
Right to Portability Receive your data in a machine-readable format (JSON or CSV).
Right to Object Object to processing of your data for legitimate-interest purposes.
Right to Restrict Ask us to pause processing while a dispute is resolved.
ℹ️
EU/EEA residents have rights under the GDPR. California residents have rights under the CCPA. UK residents have rights under UK GDPR. We honour these rights globally regardless of your location.
08 · Security

Security Measures

We implement technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction:

Encryption in transit — All traffic between your browser and our servers is encrypted. API communications with Stripe, Clerk, and Pterodactyl use HTTPS exclusively.

Encryption at rest — Database volumes are encrypted. Payment card data is never stored on our systems — Stripe handles all card data under PCI DSS Level 1 compliance.

Access controls — Internal access to production data is restricted to authorised personnel, logged, and audited. Staff access personal data only when necessary to resolve a support request.

Authentication — Account authentication is delegated to Clerk, which supports multi-factor authentication, brute-force protection, and anomaly detection.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at [email protected].

09 · Contact

Questions & Requests

If you have any questions about this policy or want to exercise your rights, reach out to us. We aim to respond to all privacy requests within 5 business days.

✉️
Privacy enquiries

This policy may be updated from time to time. We will notify active subscribers by email of any material changes at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.