Privacy Policy

This Privacy Policy explains how GameServersHub LLC, a Florida limited liability company ("GameServersHub", "we", "us", or "our") collects, uses, shares, and protects personal data when you use gameservershub.com, our public API, and related services (the "Services"). It applies to visitors, registered users, buyers, and creators.

By using the Services you acknowledge this Policy. It forms part of our Terms of Service.

Account data from sign-in providers. We do not use passwords. When you sign in with Discord or Steam we receive and store profile data from that provider: your display name, email address (Discord), avatar image, Discord user ID, and Steam ID. If you register a passkey, we store its public credential data (never a private key).

Profile data you provide. Your bio, profile settings (including members-directory visibility preferences), and anything you choose to publish.

Content and activity. Resources you upload, versions, descriptions and images, reviews and ratings, wiki pages and revision history, reports you file, notifications, download history, and votes.

Transaction data. Purchase and sale records (what was bought, when, price, fees), refund requests, coupon redemptions, and seller payout details: your PayPal email address and merchant ID, or your Stripe account ID and onboarding status. We never receive or store your full card number or bank credentials; payments are handled by PayPal and Stripe on their own systems.

Technical and security data. When you use the Services we process your IP address, browser user agent, and requested pages. For security monitoring of sensitive routes we additionally record approximate location derived from your IP (country, region, city, coordinates, ISP, and organization), threat level, and an incident ID. Administrative and API actions are recorded in audit logs.

Discord community data. If you are a member of our Discord server, our bot processes your public Discord profile and presence within that server to power features such as the members directory.

API usage data. If you create API keys or webhook endpoints, we store the key metadata, endpoint URLs, and delivery and usage logs.

• Providing the Services: account creation and sign-in, hosting and delivering resources, processing purchases, payouts and refunds, and operating community features.
• Security and abuse prevention: rate limiting, fraud detection, monitoring of sensitive routes, investigating incidents, and enforcing bans.
• Moderation and enforcement: reviewing reports, enforcing our Terms of Service, and handling intellectual property complaints.
• Communications: service notifications on the Platform and messages about your account, purchases, or content. We do not send marketing email.
• Improvement and analytics: aggregate usage statistics (such as download counts and page performance) to improve the Platform.
• Legal compliance: tax, accounting, and responding to lawful requests.

• Performance of a contract: account management, resource delivery, purchases, and payouts.
• Legitimate interests: securing the Platform, preventing fraud and abuse, moderating content, and improving the Services.
• Legal obligation: tax, accounting, and lawful requests from authorities.
• Consent: where required, for example optional profile visibility in the members directory, which you can withdraw at any time in your profile settings.

Signing in with Discord uses the Discord OAuth permission "guilds.join". When you authorize sign-in, our bot may automatically add your Discord account to the official GameServersHub Discord server if you are not already a member. Discord shows you this permission on its consent screen before you approve sign-in.

Your participation in the Discord server itself is governed by Discord's own terms and privacy policy. You can leave the server at any time through Discord, although membership may be required again for future Discord sign-ins.

We do not sell your personal data. We share data only as follows:

• Public content. Your display name, avatar, bio, published resources, reviews, wiki contributions, and (unless you opt out in profile settings) your presence in the members directory are visible to anyone.
• Service providers (processors). Cloudflare (content delivery, security, file storage), our hosting providers, PayPal and Stripe (payments and payouts), and Discord and Steam (authentication). Each receives only what it needs to perform its function.
• Counterparties to transactions. When a purchase or refund requires it, limited information is shared between buyer and seller through the payment processor (for example, PayPal transaction records).
• Legal and safety. We may disclose data when required by law, or when we believe in good faith it is necessary to protect the rights, safety, or property of GameServersHub, our users, or the public.
• Business transfers. If GameServersHub is involved in a merger, acquisition, or sale of assets, data may be transferred as part of that transaction, subject to this Policy.

We use a small set of first-party cookies and give you control over everything that is not strictly necessary through our cookie consent banner. We do not use advertising or cross-site tracking cookies.

• Strictly necessary (always on): the session cookie (authjs.session-token) that keeps you signed in, the CSRF and callback cookies (authjs.csrf-token, authjs.callback-url) that protect sign-in and sign-out from forgery, the cookie that remembers your consent choices (gsh-cookie-consent), and Cloudflare operational cookies for bot protection and content delivery. These are exempt from consent because the Services cannot function securely without them; blocking them in your browser will prevent sign-in from working.
• Analytics (opt-in only): Cloudflare Web Analytics, which collects aggregate page statistics with no advertising and no cross-site tracking. The analytics script does not load at all unless you opt in.

Your choices: the banner offers Accept All and Reject All with equal prominence, plus granular preferences. We remember your choice for 180 days and then ask again. You can change your mind at any time using the Cookie Settings link in the site footer. We also honor the Global Privacy Control (GPC) browser signal: when your browser sends it, non-essential cookies are switched off automatically without any action on your part.

• Account and profile data: kept while your account exists.
• Transaction and payout records: kept as long as required for tax, accounting, fraud prevention, and dispute resolution, typically up to seven years.
• Security and audit logs: kept for a limited period proportionate to their security purpose, then deleted or anonymized.
• Published content: resources already delivered to buyers, wiki revision history, and reviews may persist after account deletion in anonymized or attributed form as needed to keep the marketplace functional for other users.

When data is no longer needed for the purposes above, we delete or anonymize it.

We use industry-standard safeguards: TLS encryption in transit, encrypted and access-controlled infrastructure, scoped and short-lived signed URLs for file delivery, security headers and a strict content security policy, rate limiting, audit logging of administrative actions, and monitoring of sensitive routes. No system is perfectly secure; if we become aware of a breach affecting your personal data we will notify you and the relevant authorities as required by law.

Depending on your jurisdiction (including the EEA, UK, and California), you may have the right to:

• access a copy of the personal data we hold about you;
• correct inaccurate data;
• delete your account and associated personal data (subject to the retention needs described above);
• receive your data in a portable format;
• object to or restrict certain processing, including processing based on legitimate interests;
• withdraw consent where processing is based on consent, without affecting prior processing; and
• complain to your local data protection authority.

Controls available directly in the product: members-directory visibility toggles in your profile settings, leaving the Discord server via Discord, and revoking the app from your Discord or Steam account settings.

To exercise any right, contact us at [email protected]. We will verify your request via the email or sign-in provider associated with your account and respond within the time required by applicable law. We do not discriminate against you for exercising your rights.

Our infrastructure and service providers (including Cloudflare, PayPal, Stripe, Discord, and Steam) may store and process data in countries other than your own, including the United States. Where required, transfers are protected by appropriate safeguards such as standard contractual clauses or adequacy decisions applicable to the receiving provider.

The Services are not directed to children under 13 (or the higher minimum age in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us at [email protected] and we will delete it.

We may update this Policy from time to time. The "Last updated" date above reflects the current version. For material changes we will provide reasonable notice, such as a notice on the Platform or in our Discord server. Your continued use of the Services after changes take effect constitutes acknowledgment of the revised Policy.

Privacy questions and requests can be sent to [email protected] or raised in our official Discord server at discord.gg/gsh.