Privacy Policy

Last updated: 2026-04-28

1. Who we are

CoalHost ("we", "us") provides game server hosting at coalhosting.com. We are the data controller for personal data collected through this site.

Contact: [email protected]

2. What we collect

When you use CoalHost we collect:

  • Account data: username, email address, hashed password.
  • Billing data: handled by Stripe — we never see your full card number. We store a Stripe customer ID and the last 4 digits of your card for display.
  • Server data: server names, configurations, and the files you upload to your server. We do not read game saves or chat logs except as required for support requests you make.
  • Technical logs: IP address, user agent, request timestamps. Retained 30 days for security and abuse prevention.
  • Analytics: Google Analytics 4 collects anonymized page views, session length and rough geographic location. No personal identifiers.

3. Why we collect it (legal basis)

  • Contract performance: account, billing, server provisioning.
  • Legitimate interest: abuse prevention, security logging.
  • Consent: analytics and any future marketing emails.

4. Who we share data with

We share the minimum data necessary with:

  • Stripe (payment processing, EU/US transfer under SCCs).
  • Hetzner (server infrastructure, EU data centers).
  • Cloudflare (CDN and DDoS protection).
  • Google Analytics (anonymized usage stats).

We do not sell your personal data to anyone.

5. Cookies

We use cookies for authentication (NextAuth session) and for Google Analytics. You can block cookies in your browser settings — authentication will stop working without session cookies.

6. Your rights (GDPR)

If you are in the EU/EEA you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and personal data
  • Export your data in a portable format
  • Object to processing or withdraw consent
  • File a complaint with your supervisory authority

Email [email protected] to exercise any of these rights. We respond within 30 days.

7. Data retention

  • Account data: kept while your account is active. Deleted within 30 days after you close your account.
  • Billing records: 7 years (legal requirement for accounting).
  • Server files: deleted within 30 days after you delete the server.
  • Technical logs: 30 days.
  • Analytics: 26 months (Google Analytics default).

8. Security

We use industry-standard encryption (TLS in transit, encrypted disks at rest), bcrypt password hashing, and limited access on a need-to-know basis. No system is 100 % secure — please use a strong, unique password and enable 2FA when available.

9. Children

CoalHost is not directed at children under 16. If we learn we have collected personal data from a child under 16 without parental consent, we will delete it promptly.

10. Changes

We will post material changes on this page and email you when they affect your rights. The "Last updated" date above always reflects the current version.