Privacy Policy

Last updated: December 24, 2025

1. Introduction

Runox ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our game server hosting services (the "Service").

This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the European Union and Spain.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Data Controller

For the purposes of GDPR, the data controller is:

Runox

Email: support@runox.io

Data Protection Officer: dpo@runox.io

You have the right to contact our Data Protection Officer at any time regarding questions about your personal data or this Privacy Policy.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance (Article 6(1)(b) GDPR): Processing necessary to provide the Service and fulfill our contractual obligations to you
  • Consent (Article 6(1)(a) GDPR): Where you have given explicit consent for specific processing activities (e.g., marketing communications)
  • Legitimate Interests (Article 6(1)(f) GDPR): For fraud prevention, security, and improving our services
  • Legal Obligation (Article 6(1)(c) GDPR): To comply with legal requirements such as tax laws and financial regulations

4. Information We Collect

4.1 Information You Provide Directly

When you register for an account or use our Service, we collect:

  • Account Information: Name, email address, username, password (encrypted)
  • Billing Information: Payment details, billing address, tax identification number (if applicable)
  • Profile Information: Optional profile picture, preferences, communication preferences
  • Communication Data: Support tickets, chat messages, emails with our team

4.2 Information Collected Automatically

When you access or use our Service, we automatically collect:

  • Usage Data: Login times, features used, pages viewed, time spent on pages, click patterns
  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Server Data: Server configurations, resource usage, logs, performance metrics
  • Technical Data: Cookies, session data, API calls, error logs

4.3 Information from Third Parties

We may receive information from:

  • Payment Processors: Transaction confirmations, payment status (we do not store full credit card numbers)
  • Analytics Providers: Aggregated usage statistics and trends
  • Security Services: Fraud detection and prevention data

4.4 Server Content Data

Your game server data (configurations, worlds, plugins, files) is stored to provide the Service. We do not access this data unless:

  • You request technical support
  • We detect a security threat or terms violation
  • Required by law or legal process

5. How We Use Your Information

5.1 Service Provision

  • Creating and managing your account
  • Provisioning and maintaining game servers
  • Processing payments and managing subscriptions
  • Providing customer support
  • Sending service-related communications (account updates, security alerts)

5.2 Service Improvement

  • Analyzing usage patterns to improve functionality
  • Developing new features and services
  • Conducting research and analytics
  • Testing new technologies and processes

5.3 Security and Compliance

  • Detecting and preventing fraud and abuse
  • Monitoring for security threats
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Protecting our rights and property

5.4 Marketing (With Your Consent)

  • Sending promotional emails about new features, plans, or offers
  • Displaying personalized content and recommendations
  • Running surveys or promotional campaigns

You can opt-out of marketing communications at any time by clicking "unsubscribe" in emails or adjusting your account settings.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information.

6.1 Essential Cookies

Required for the Service to function properly:

  • Session cookies for authentication
  • Security cookies for fraud detection
  • Load balancing cookies

6.2 Analytics Cookies

Help us understand how visitors use our Service (used with your consent):

  • Google Analytics (anonymized IP addresses)
  • Usage statistics and metrics

6.3 Preference Cookies

Remember your preferences and settings:

  • Language preferences
  • Theme settings (dark/light mode)
  • Dashboard layout preferences

6.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

7.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

  • Infrastructure Providers: Data centers and cloud hosting (e.g., AWS, Hetzner)
  • Payment Processors: Stripe, PayPal for payment processing
  • Email Services: Transactional and marketing emails
  • Analytics Services: Google Analytics (anonymized)
  • Support Tools: Customer support and ticketing systems

All service providers are bound by data protection agreements and process data only as instructed by us.

7.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different Privacy Policy.

7.3 Legal Requirements

We may disclose your data if required to do so by law or in response to:

  • Valid legal processes (court orders, subpoenas)
  • Law enforcement requests
  • National security requirements
  • Protection of our rights, property, or safety
  • Emergency situations involving potential harm

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (where applicable)
  • Your explicit consent for specific transfers

We work only with service providers that comply with GDPR and maintain appropriate security measures.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Retained while your account is active and for 30 days after account deletion
  • Billing Records: Retained for 7 years to comply with tax and accounting regulations
  • Server Data: Deleted 7 days after server termination (with 7-day grace period for reactivation)
  • Support Communications: Retained for 3 years for quality assurance and training
  • Usage Logs: Retained for 90 days, then anonymized or deleted
  • Security Logs: Retained for 1 year for security and fraud prevention

After the retention period, we will securely delete or anonymize your data. Some information may be retained in anonymized form for statistical purposes.

10. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

10.1 Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you.

10.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.

10.3 Right to Erasure (Article 17) - "Right to be Forgotten"

You can request deletion of your personal data when:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Legal obligations require erasure

Note: Some data may be retained if required by law (e.g., financial records).

10.4 Right to Data Portability (Article 20)

You can request your personal data in a structured, commonly used, machine-readable format (e.g., JSON, CSV) and transmit it to another service provider.

10.5 Right to Object (Article 21)

You can object to processing of your data based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

10.6 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your residence, workplace, or where an alleged infringement occurred.

Spanish Data Protection Authority (AEPD): https://www.aepd.es

10.7 Exercising Your Rights

To exercise any of these rights, please:

  • Email us at support@runox.io
  • Use the data export/delete tools in your account settings
  • Contact our Data Protection Officer at dpo@runox.io

We will respond to your request within 30 days. If we need more time, we will notify you and explain the reason for the delay.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication, principle of least privilege
  • Security Monitoring: 24/7 monitoring, intrusion detection, automated alerts
  • Regular Audits: Security assessments, vulnerability scanning, penetration testing
  • Employee Training: Regular security and privacy training for all staff
  • Incident Response: Documented procedures for data breach response
  • Secure Development: Code reviews, security testing, secure coding practices
  • Physical Security: Secure data centers with restricted access

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Breach Notification: In the event of a personal data breach that may pose a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

If you are under 16, you may use the Service only with the involvement and consent of a parent or legal guardian.

If we discover that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as soon as possible.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will notify you of any material changes by:

  • Email notification to your registered email address
  • Prominent notice on our website and within the Service
  • In-app notification when you next log in

Material changes will take effect 30 days after notification. For non-material changes, the updated policy will be effective immediately upon posting.

We encourage you to review this Privacy Policy periodically. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Runox - Data Protection

Email: support@runox.io

Data Protection Officer: dpo@runox.io

We aim to respond to all inquiries within 30 days.

Your Privacy Matters

We are committed to transparency and protecting your personal data in full compliance with GDPR and other applicable privacy laws.

You have control over your data. Exercise your rights anytime by contacting us or using the tools in your account settings.

Tritt unserer Community bei!

24/7 Support & Updates

!