Privacy Policy
Last updated: April 16, 2026
1. Introduction
LuckyChunk ("LuckyChunk", "we", "us", "our") is a Minecraft Java Edition server hosting service operated by Savva Sobolev, an individual operator.
This Privacy Policy explains what personal data we collect, from whom, why, how long we keep it, who we share it with, and what rights you have over it.
By using our website or our hosting service, you acknowledge that you have read and understood this Privacy Policy.
Privacy contact: [email protected] — we respond within 30 days.
2. Who This Policy Applies To
This policy covers two distinct categories of individuals:
- Service Users — people who create an account on LuckyChunk to purchase and manage a Minecraft server ("you", "server owner").
- Server Players — Minecraft players who join a server hosted on our infrastructure. Server players are not our direct customers; they are the end users of a server owner's service. Their data is collected as a technical necessity of the Minecraft server protocol.
3. Data We Collect
3.1 From Service Users (server owners)
- Account registration data — email address and password (stored as a one-way cryptographic hash; we cannot recover your original password).
- Launch notification data — if you submitted your email to be notified at launch, we store that email address.
- Server configuration data — server name, subdomain, and Minecraft version selection.
-
Technical and session data — a session identifier stored in a browser
cookie named
laravel_session. Your IP address is processed by Cloudflare as our infrastructure proxy (see Section 6) but is not stored in our own database.
3.2 From Server Players (third parties)
When a Minecraft player connects to a server hosted on our infrastructure, the Minecraft server protocol automatically transmits the following data, which our system records:
- Minecraft username — the player's in-game display name
- Minecraft UUID — a unique identifier assigned by Mojang/Microsoft to each Minecraft account
- Session records — the date and time of each connection to, and disconnection from, the server
We do not collect chat messages, player coordinates, inventory contents, console commands, or any other gameplay data.
The server owner can view the total cumulative playtime of players on their server. Individual session records (specific login/logout timestamps) are not exposed to server owners.
4. How We Use Your Data
4.1 Service Users
| Purpose | Data used |
|---|---|
| Create and operate your account | Email, hashed password |
| Authenticate you on login | Email, hashed password, session cookie |
| Provision your Minecraft server | Server name, subdomain, version |
| Send launch notification email | Email (notification list only) |
| Respond to support requests | Email, account data |
4.2 Server Players
| Purpose | Data used |
|---|---|
| Authenticate players with Mojang | Minecraft username, UUID |
| Track server occupancy and usage | Session records |
| Display total playtime to the server owner | Aggregated session records |
| Comply with legal obligations or defend legal claims | Username, UUID, session records |
5. Legal Basis for Processing (GDPR)
For individuals in the European Economic Area or United Kingdom, we process personal data on the following legal bases:
Service users:
- Performance of a contract (Article 6(1)(b)): account data and server configuration are necessary to provide the service you requested.
- Consent (Article 6(1)(a)): launch notification emails are sent only with your explicit consent, which you may withdraw at any time by contacting [email protected].
Server players:
- Legitimate interests (Article 6(1)(f)): collection of Minecraft usernames, UUIDs, and session logs is a technical necessity of the Minecraft server protocol and is required to operate a functional server. Server players' expectations when connecting to a Minecraft server include that connection information is recorded. We have assessed that this processing does not override players' fundamental rights and freedoms.
6. Data Sharing and Third-Party Processors
We do not sell personal data. We do not share personal data with advertisers or data brokers.
We use the following third-party services that process data on our behalf:
Cloudflare, Inc. — DNS proxy, DDoS protection, and IP geolocation. All traffic to our website passes through Cloudflare's network. Cloudflare reads your IP address and injects a country code header that we use to display a latency warning to non-US visitors. We do not store your IP address in our own database. Privacy policy →
Cloudflare R2 (Cloudflare, Inc.) — cloud object storage for automated server world backups. Minecraft world files are backed up to Cloudflare R2 once daily. These files contain player-built content associated with Minecraft UUIDs but do not contain usernames or session data. Privacy policy →
Ahrefs, s.r.o. — website analytics (pages visited, referral source, approximate country). Ahrefs Analytics does not use advertising cookies or cross-site tracking identifiers. Privacy policy →
mc-heads.net — Minecraft player avatar rendering. When a server owner views their server dashboard, their Minecraft username may be sent to mc-heads.net to retrieve their player avatar image. mc-heads.net is a public third-party service.
7. Data Retention
- Account data — retained for the lifetime of your account. Deleted within 30 days of account deletion upon request.
- Launch notification emails — retained until we send the launch announcement and for no more than 6 months post-launch, or until you request removal — whichever comes first.
- Server configuration data — retained for the lifetime of the active subscription. If a subscription lapses for more than 30 days without renewal, the server and all associated data are permanently deleted.
- Server player data (Minecraft username, UUID, session records) — retained for the lifetime of the associated active server subscription. Player session data is used to calculate and display cumulative playtime to the server owner. All player data is permanently deleted when the server is deleted (including automatic deletion after 30 days of subscription lapse).
- World backup files — daily backups are stored in Cloudflare R2 and deleted when the server is deleted (including automatic deletion after 30 days of subscription lapse).
- Session cookies — expire when you close your browser or after a period of inactivity.
8. Cookies and Local Storage
| Name | Type | Purpose |
|---|---|---|
laravel_session |
Essential | Maintains your login session |
XSRF-TOKEN |
Essential | Cross-site request forgery protection |
We also use browser localStorage (not cookies) to remember whether you have
dismissed the location warning banner or the coming-soon popup. This data never leaves your
device and is not transmitted to us.
We do not use advertising cookies or third-party tracking cookies. The essential cookies above are strictly necessary for the website to function and do not require your consent.
9. Your Rights
9.1 Service Users
You have the right to:
- Access — request a copy of personal data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and associated data
- Restriction — request that we limit processing in certain circumstances
- Data portability — receive your data in a structured, machine-readable format where technically feasible
- Withdraw consent — for launch notification emails, withdraw at any time; we will stop sending emails and delete your address
9.2 Server Players
If you are a Minecraft player who joined a server hosted on LuckyChunk infrastructure and you wish to know what data we hold about you (username, UUID, session records) or request its deletion, email [email protected] with your Minecraft username. We will locate your data by UUID, confirm your identity to the extent reasonably possible, and delete your records within 30 days.
There is no fee for exercising any of these rights.
10. Server Owner Responsibilities
If you operate a LuckyChunk server, you are the controller of your players' personal data as it relates to who may access your server, any whitelists you maintain, and how you communicate playtime information to your players.
You are responsible for:
- Informing your players that connecting to your server involves processing of their Minecraft username, UUID, and session data by LuckyChunk as infrastructure provider
- Directing player data requests to [email protected]
- Not using playtime data for any purpose that would require additional consent from your players
LuckyChunk acts as a data processor on your behalf for server player data. We process this data only as necessary to operate the server.
11. Children
Our service is intended for users who are 13 years of age or older (or the applicable minimum digital age of consent in your country, where higher than 13).
We do not knowingly collect personal data directly from children under 13. If a child under 13 has created an account, we ask that a parent or guardian contact [email protected] so we can delete the account and associated data.
Minecraft servers may be used by players of all ages. We do not have the ability to verify the age of individual players who join a server. Server owners are responsible for setting appropriate access controls (e.g., whitelists) for their servers.
12. International Data Transfers
Our servers and database are located in the United States. By using our service, data you provide is transferred to and processed in the United States.
If you are located in the European Economic Area, United Kingdom, or another jurisdiction with data transfer restrictions, note that the United States does not have a general adequacy decision for all transfer mechanisms. We implement appropriate technical safeguards (encryption in transit via HTTPS, access controls) to protect your data.
13. Security
We implement the following measures to protect personal data:
- All data is transmitted over HTTPS (TLS encryption)
- Passwords are stored using one-way hashing — never in plain text
- Database access is restricted; player data is not accessible through any public-facing interface
- World backups are stored in access-controlled cloud storage
No method of transmission or storage is 100% secure. If you believe your data has been compromised, contact [email protected] immediately.
14. Changes to This Policy
We may update this policy as our service evolves (for example, when we integrate payment processing). When we make material changes, we will update the "last updated" date at the top of this page and, where reasonable, notify active users by email.
Your continued use of the service after changes are posted constitutes acceptance of the updated policy.
15. Contact
For any privacy questions, access requests, or deletion requests:
- Email: [email protected]
- Operator: Savva Sobolev
We will acknowledge your request within 5 business days and resolve it within 30 days.
If you are in the EU/EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local supervisory authority (the data protection authority in your country of residence).