Privacy Policy

Last Updated: April 21, 2026

1. Introduction

CraftCorps Nicolas Palomino (NIP: 8952259152), based in Wrocław, Poland, is committed to protecting your privacy. This policy explains how data is collected, used, disclosed, and protected when using the CraftCorps platform, including the launcher application, game servers, websites (craftcorps.net, battleroyales.net, craftclient.net), and Discord services (collectively the "Service").

As a business registered in the European Union, we comply with the General Data Protection Regulation (GDPR) and applicable Polish data protection laws.

2. Data We Collect

2.1 Account Data

CraftCorps Account: Username, email address (optional), and password (stored as a bcrypt hash — we never store plaintext passwords).
Microsoft/Minecraft: Via Microsoft OAuth — Xbox Gamertag, Minecraft UUID, and skin data. Microsoft account passwords are never received or stored.
Discord: Via Discord OAuth — Discord user ID, username, and avatar. Used for account linking, contest verification, and community features.
Google: Via Google OAuth — email and profile name. Used for social account verification.
Facebook/Instagram: Via OAuth — account ID and profile name. Used for video contest platform verification.

2.2 Gaming Data

Match Statistics: Kills, deaths, wins, damage dealt, survival time, distance traveled, ores mined, items crafted, placements, and other in-match activities.
Progression Data: XP, Battle Score, rank tier, quest progress, daily logbook streaks.
Economic Data: Eggs balance, Pearls balance, transaction history (earnings, purchases, wagers), cosmetic inventory, and equipped loadout.
Wagering Data: Bets placed, bet amounts, outcomes, and daily profit tracking.
Social Data: Friends list, team membership, player reports, and anti-teaming flags.

2.3 Payment Data

Stripe: Pearl purchases are processed by Stripe. CraftCorps does not store credit card numbers, CVV, or full payment details. We receive only: transaction ID, amount paid, currency, and purchase timestamp. Stripe's privacy policy governs payment data handling.

2.4 User-Generated Content

Video Contest: Submitted video URLs (YouTube, TikTok, Instagram, Facebook), votes, and comments.
News Articles: Content, comments, and media uploads by staff and contributors.
Job Applications: Real name, Discord name, Minecraft name, cover letter, and CV/resume uploads (PDF, DOC, DOCX).

2.5 Technical Data (Collected Automatically)

IP Address: Collected for anti-cheat enforcement, VPN/proxy detection, wagering fraud prevention, and contest vote fraud prevention. IP addresses are not shared publicly.
Website Analytics: Page visits, referral source, browser type, and general geographic region via Cloudflare analytics. No third-party tracking cookies are used.
Launcher Telemetry: Launcher version, operating system, Java version, crash reports, and session telemetry (opt-in, controlled by a single "Share diagnostics" toggle in the launcher's Settings → Privacy panel).
Mobile Device Fingerprint (Android launcher): Device model, SoC (system-on-chip) identifier, Android API level, total RAM, display refresh rate and resolution, GPU vendor / renderer / OpenGL version string, our automatically-classified performance tier, and any manual performance-tier override the user has pinned. Used to pick sensible defaults (render resolution, heap size, tick/sim distances, compositor, renderer) on first launch and to improve device compatibility over time. Not shared with third parties.
Crash Report Contents (Android launcher, when enabled): The device fingerprint above, the current Android thermal-pressure state, the child process exit code, and the tails of the game log, native bridge log, graphics bridge log, and last uncaught-exception trace. Each log tail is clamped to 40KB server-side before storage. No direct personal identifiers (no name, email, advertising ID, or persistent user ID) are included.
Session Telemetry (Android launcher, when enabled): At the end of each game session, a small record is uploaded containing the device fingerprint above, the resolved compositor / renderer / render-scale settings and configured heap size for the session, session outcome (clean exit, user-initiated kill, or crash), the Minecraft exit code, and a summary of parent-side FPS (median and 95th percentile) after an initial warm-up period. Individual frames, world contents, chat, and input events are never included. Governed by the same "Share diagnostics" opt-in toggle as crash reports.
Session Data: JWT authentication tokens for maintaining login sessions.

2.6 On-Device Only (Android launcher)

Screen Recordings: The launcher can record gameplay to an MP4 on your device's internal storage. Recordings stay on your device; CraftCorps never receives or uploads them. Android requires your explicit permission through the system MediaProjection dialog before recording starts, and a persistent notification is shown while recording is active.
Button Layout & Sensitivity: Your custom touch-controls layout, button size, sensitivity, and auto-jump preference are saved locally and never uploaded.

2.7 Data We Do Not Collect

Microsoft account passwords
Credit card numbers or full payment details (handled by Stripe)
Device advertising identifiers
Biometric data

3. How We Use Your Data

We use collected data for the following purposes:

Service Operation: Authenticate accounts, manage game sessions, track match statistics, process purchases, and deliver purchased items.
Game Integrity: Detect cheating, prevent match fixing, enforce anti-teaming rules, prevent wagering fraud (IP-based duplicate detection), and manage player reports.
Community Features: Enable friends lists, teams, contest voting, comments, and Discord integration.
In-Game Presence Badge: When you play on a CraftCorps server as an authenticated CraftCorps user, your player UUID is broadcast to other CraftCorps users on the same server so they see a small CraftCorps badge next to your nametag (similar to Lunar, Feather, and Badlion Client). Vanilla players never receive this broadcast and do not see the badge.
Communication: Send in-game notifications, daily logbook reminders, rank change alerts, and moderation actions via Discord.
Improvement: Analyze aggregated, anonymized usage patterns to improve game balance, matchmaking, and user experience.
Legal Compliance: Respond to legal requests and enforce our Terms of Service.

Legal basis (GDPR): We process data based on (a) contractual necessity (account and service operation), (b) legitimate interest (anti-cheat, fraud prevention, service improvement), and (c) consent (optional telemetry, marketing communications).

4. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

Stripe: Payment processing for Pearl purchases. Stripe acts as an independent data controller. See Stripe's Privacy Policy.
Cloudflare: Website hosting, DDoS protection, and privacy-focused analytics.
Microsoft/Mojang: Authentication tokens for Minecraft license verification.
Discord: OAuth for account linking; webhook notifications to staff channels for moderation (contest removals, player reports).
ip-api.com: IP address lookups for geographic region detection and VPN/proxy identification. Only the IP address is shared; no personal identifiers are sent.
Microsoft Azure (CDN): Hosts the launcher APK, desktop launcher artifacts, modpack files, and update manifests. Azure logs download traffic for standard abuse prevention; no CraftCorps account data is attached to these requests.
TapTap: Independent third-party distribution channel for the Android launcher. If you install the launcher from TapTap, their privacy policy governs installation telemetry (click tracking, download analytics). CraftCorps does not share account data with TapTap.

5. Data Retention

Account Data: Retained as long as your account is active. Deleted upon account deletion request.
Match Statistics: Retained indefinitely as part of the game's historical record and leaderboards.
Currency Transactions: Retained indefinitely for audit and dispute resolution purposes.
Wagering History: Retained indefinitely for fraud prevention and audit purposes.
Job Applications: Retained for 6 months after the position is filled, then deleted.
Video Contest Data: Submission URLs and votes retained for the duration of the contest edition. Comments retained until manually deleted.
IP Addresses: Retained for up to 90 days for anti-fraud purposes, then anonymized or deleted.
Crash Reports & Session Telemetry: Stored for 30 days for diagnostics and device-compatibility analysis.
Session Tokens: Expire after 7 days or upon logout.

6. Data Security

We implement industry-standard security measures including:

HTTPS encryption for all communications
Bcrypt password hashing (passwords never stored in plaintext)
Cloudflare DDoS protection and WAF
Server-side input validation and parameterized database queries
Role-based access control for staff and admin functions

While we take reasonable precautions, no internet service can guarantee absolute security.

7. Cookies

The website uses minimal cookies for essential functionality. See our Cookie Policy for details.

8. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. Poland sets the age of digital consent under GDPR Article 8 at 16, so where processing relies on consent, users under 16 require the consent of a parent or legal guardian. If you are a parent or guardian and believe your child has provided personal data, contact us for deletion. Users under 18 require parental or legal guardian consent as outlined in our Terms of Service.

9. Your Rights (GDPR)

As a data subject under GDPR, you have the right to:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data ("right to be forgotten").
Restriction: Request restriction of processing in certain circumstances.
Portability: Request your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interest.
Withdraw Consent: Withdraw consent for optional data collection (e.g., telemetry) at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Polish data protection authority (UODO — Urząd Ochrony Danych Osobowych) at uodo.gov.pl.

10. International Data Transfer

The website (craftcorps.net, battleroyales.net) and its database are hosted on servers in the European Union. The realtime/social API, launcher telemetry, crash reports, and uploaded media are processed on Microsoft Azure, currently in the East US (United States) region. This involves a transfer of personal data from the EU to the United States, which we rely on Microsoft's Standard Contractual Clauses (SCCs) and EU Data Boundary commitments to safeguard. We are planning to relocate these Azure workloads to an EU region; this policy will be updated when that relocation completes.

We additionally use Cloudflare's global network for content delivery and DDoS protection, and Stripe for payments; both maintain their own EU-transfer safeguards. Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place.

11. Third-Party Links

The Service may contain links to third-party websites (Discord, YouTube, TikTok, Instagram, Facebook, GitHub). We are not responsible for their privacy practices. We encourage you to review their privacy policies.

12. Policy Changes

This Privacy Policy may be updated periodically. Significant changes are communicated via the website and Discord server. Continued use of the Service after changes indicates acceptance of the updated policy.

13. Data Controller

The data controller responsible for your personal data is:

Business name: CraftCorps Nicolas Palomino
Address: ul. Bolesława Prusa 24/10, 50-319 Wrocław, Poland
NIP: 8952259152
REGON: 525782789

14. Contact

For privacy questions, data access requests, or complaints:

Email: [email protected]
Discord: discord.gg/craftcorps