Last updated: June 6, 2026

VanillaNodes Privacy Policy

This Privacy Policy explains how VanillaNodes ("VanillaNodes," "we," "us," or "our") collects, uses, shares, and protects personal information when you visit vanillanodes.com (the "Site") or use our game-server hosting services (collectively, the "Services"). It applies to customers, visitors, and anyone who contacts us. By using the Services, you acknowledge the practices described here. Capitalized terms not defined in this policy have the meaning given in our Terms of Service.

We are based in the United States and our customers are primarily located there, but the Services are accessible globally. This policy includes specific rights for residents of the European Economic Area, the United Kingdom, and certain U.S. states. Where those laws apply to you, the corresponding sections below control.

1. Information We Collect

We collect only the information we need to operate the Services. The categories below describe what we collect and where it comes from.

Information you provide to us:

• Account and contact information — your name, email address, and any username you choose when you register for an account or contact us.
• Billing information — your billing name, billing address, and a record of your purchases and invoices. We do not collect or store your full payment-card number, CVV, or bank details; those are entered with and held by our payment processor (see Section 4).
• Communications — the content of support tickets, emails, and any other messages you send us, along with any information you choose to include in them.

Information we collect automatically:

• Server log data — when you access the Site or the control panel, our systems and our infrastructure provider record technical data such as your IP address, browser type, the pages or endpoints requested, and timestamps. This data helps us operate, secure, and troubleshoot the Services.
• Privacy-respecting site analytics — we use Cloudflare Web Analytics, which is cookieless and does not use client-side state, fingerprinting, or cross-site tracking to measure visitors. It gives us aggregate traffic statistics without building a profile of you.

We do not knowingly collect special categories of sensitive personal data, and we ask that you not submit such data to us.

2. Cookies and Tracking Technologies

We keep our use of cookies deliberately minimal. The only cookies we set are strictly necessary cookies required to keep you securely logged in to the customer control panel and to maintain your session. These cookies are essential for the Services to function and cannot be turned off without breaking core functionality.

We do not use advertising cookies, marketing or retargeting pixels, third-party tracking cookies, or cross-site tracking technologies. Our site analytics (Cloudflare Web Analytics) are cookieless. Because we use only strictly necessary cookies, we do not display a cookie consent banner.

You can configure your browser to block or delete cookies, but blocking the session cookie will prevent you from logging in to the control panel. For full cookie details, see our Cookie Policy.

3. How We Use Your Information

We use the information described above to:

• create and administer your account and authenticate your logins;
• provide, operate, maintain, and improve the Services and the game servers you rent;
• process payments, send invoices, and manage renewals, refunds, and account credit;
• respond to your support requests and communicate with you about your account, including service notices and changes to our terms or policies;
• monitor, secure, and troubleshoot the Services, detect and prevent fraud and abuse, and enforce our Terms of Service and Acceptable Use Policy;
• comply with our legal obligations and respond to lawful requests from authorities; and
• send you service-related messages. We do not use your data for third-party advertising, and we will not send marketing email without your consent where consent is required.

4. How We Share Your Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only in the limited circumstances below:

• Payment processing — payments are processed by Stripe. When you pay, your card details are transmitted directly to Stripe and are governed by Stripe's privacy policy. We receive only limited confirmation and billing metadata (such as the result of a transaction and a partial card descriptor), never your full card number.
• Infrastructure and service providers — we rely on vendors that help us run the Services, such as our hosting/data-center providers, our control-panel software, our network and DDoS-mitigation provider (Cloudflare), and email delivery. These providers process data on our behalf and are bound to use it only to provide their services to us.
• Legal and safety — we may disclose information if required by law, subpoena, or court order, or where we believe in good faith that disclosure is necessary to protect our rights, our users, or the public, to enforce our terms, or to investigate fraud or abuse.
• Business transfers — if we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will note any change of control on the Site.

We may also share aggregated or de-identified information that cannot reasonably be used to identify you.

Our sister brand, AcidNodes, is operated by the same company. If the brands share systems or personnel, your information may be handled by the same team under this policy; we will not repurpose your data beyond the uses described here without notice.

5. International Data Transfers

We operate from the United States, and our service providers may process data in the United States or other countries. If you access the Services from outside the United States, you understand that your information will be transferred to, stored in, and processed in countries whose data-protection laws may differ from those of your home country. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for transfers of personal data out of the EEA or UK.

6. Data Retention

We keep personal information only for as long as needed for the purposes described in this policy. In general:

• account and billing records are kept while your account is active and for a period afterward to satisfy tax, accounting, and legal obligations (typically 7 years for financial records);
• support communications are kept for 24 months to maintain a service history; and
• server log data is kept for a limited period (approximately 90 days) for security and troubleshooting, after which it is deleted or anonymized.

When your account is closed, we delete or anonymize personal information that we are no longer required or permitted to keep. Game-server data and world saves are handled under our Terms of Service; you are responsible for keeping your own backups.

7. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including access controls that limit data to staff who need it, encryption of data in transit, and hashing of account passwords. We do not store full payment-card numbers. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for promptly reporting any suspected unauthorized access.

8. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — ask us to delete your personal information, subject to legal exceptions.
• Portability — request a copy of certain data in a portable format.
• Objection / restriction — object to or ask us to restrict certain processing.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will verify your identity before acting on a request and will respond within the time required by applicable law. We will not discriminate against you for exercising your rights.

8.1 European Economic Area and United Kingdom (GDPR / UK GDPR)

If you are in the EEA or UK, VanillaNodes is the controller of your personal data. We process your data on the following legal bases: performance of a contract (to provide the Services and your account), legitimate interests (to secure, operate, and improve the Services and prevent abuse), consent (where we ask for it, such as optional marketing), and legal obligation (to meet tax and compliance duties). In addition to the rights listed above, you have the right to lodge a complaint with your local data-protection supervisory authority.

8.2 United States State Privacy Rights (including California)

If you are a resident of California or another U.S. state with a comprehensive privacy law, you may have the rights to know, access, correct, delete, and obtain a portable copy of your personal information, and to opt out of the "sale" or "sharing" of personal information and of targeted advertising. We do not sell your personal information and we do not share it for cross-context behavioral advertising. California residents may also designate an authorized agent to make a request on their behalf. To exercise these rights, contact us at [email protected].

9. Children's Privacy

The Services are not directed to children. You must be at least 13 years old to use the Services, and customers between 13 and 17 must have permission from a parent or guardian. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided us personal information, contact us at [email protected] and we will delete it.

10. Third-Party Links

The Site and our communications may contain links to third-party websites or services that we do not control. This policy does not apply to those sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policy of any third-party site you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice (such as a notice on the Site or an email to account holders). Changes take effect when posted. Your continued use of the Services after an update means you accept the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your information, contact us at:

• Privacy inquiries: [email protected]
• General support: [email protected]
• Legal: [email protected]
• Mailing address: VanillaNodes, available on request