This policy was last updated effective October 7, 2021.
If you wish to obtain copies of previous versions of this policy, please contact us.
Our goal is to keep this policy as simple as possible for ease of understanding but if there’s something you don’t quite understand or you have questions, concerns, or would like to exercise your privacy rights, feel free to contact us at any time by following the directions within this policy under Contact Us.
Our website and company
Our website at pufferfish.host offers various hosting services. Though we are associated with a game often played by children, our website is not intended for children and we do not knowingly collect or retain any data relating to children.
The personal information we collect
Personal data, or personal information, may be defined as any information about an individual from which a person can be identified. It does not include data where the identity has been removed (anonymous data). We actively collect a variety of data from our customers and visitors to our website, both automatically and when you register an account with us.
When you register an account with us, we collect your full name, email address, and login credentials at a minimum. If you are a Pufferfish Host customer with active service(s), you will provide details including your name, address, telephone number, and email address.
If you choose not to share these details with us, we may be unable to provide you with the services you have requested.
When you visit our website, we automatically obtain browser and device information (IP address, operating system, device manufacturer and model, Internet browser type and version) and record your activities on our website (time spent on pages, pages visited, links clicked, referrals, etc.). We may also collect information about your online activities on websites and connected devices over time and across third-party websites, devices, applications, and other online feature and services. We actively use Google Analytics to help us analyze our website traffic.
When you use our services, such as our Minecraft servers, your files (including but not limited to Minecraft worlds, logs, plugin/mod files, player data, etc.) will be retained until such time as the active server is terminated and all backup files are purged from our systems. Minecraft server files may also include data such as but not be limited to player IP addresses, Minecraft usernames, and chat content. Note that this data is not shared amongst customers but that it is visible to us in order to facilitate troubleshooting. Pufferfish Host will not share this data outside of internal communication channels, software, and systems to third-parties.
When we conduct fraud monitoring, prevention, and detection activities, we may also receive personal data from you from our business partners, financial service providers, and publicly available sources (e.g., name, address, phone number) as needed to confirm your identity and prevent fraudulent activity.
You may also choose to submit information to us through other methods including, but not limited to, (i) in response to marketing or other communications, (ii) through social media or online forums, (iii) through participation in an offer or promotion, (iv) in connection with ongoing or prospective business relationship with us, or (v) by giving us your business card or contact details at conventions or other similar events.
We do not knowingly collect any details pertaining to your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, credit or financial history, trade union membership, and/or information about your health and genetic and biometric data. We also do not knowingly collect any information pertaining to criminal convictions or offenses. It is important to note that such details may be recorded through server logs if you discuss such information throughout your use of our services and/or through our support communication systems.
Where information is processed
Pufferfish Host is based in Pennsylvania, USA. However, no matter where you are located, you consent to the processing and transferring of your information in and to the United States and other countries per your use of our website and/or services. To that effect, Pufferfish Host operates hosting infrastructure in a number of different countries, including countries outside of the EU and United States, in order to provide the best experience possible. As such, your data may be transmitted to systems in these countries at any time. For example: if you visit our website from a computer in Australia, your personal data may be sent from our systems in the United States to systems in Singapore, Australia, or other nearby countries, for the purpose of providing a web application that works for everyone, no matter their geographic location.
How we use your personal information
We use your information in correlation with the way we collect it in order to service you and provide the best experience possible on our website. In example, if you provide your information to obtain service, we’ll use the information you’ve provided to monitor your use of such services. We may use your email address for marketing purposes. If you wish to opt-out of marketing communications, you may do so at any time by contacting us here.
Our legal bases for handling your personal information
The laws in some jurisdictions require companies to inform you of the legal grounds they rely on to use and/or disclose your personal information. To the extent those laws apply, our legal grounds for collecting your information in response to the actions listed below are necessary for our legitimate interests, including but not limited to: record-keeping, studying how customers use our services, advertising and marketing strategy and development, fraud monitoring and prevention, business administration and development, compliance with legal obligations, keeping our website updated and relevant, defining our services, and defending against legal claims.
- To register your account
- To process and deliver your order to you
- To manage our relationship with you
- To deliver direct marketing to you
- To enable you to take part in a survey, beta test, competition, and/or prize draw
- To administer and protect our business and our website
- To use data analytics to improve our website, services, marketing, customer relationship, and experiences
- To prevent and detect unlawful acts
- In order to resolve legal claims or disputes involving you or us
There are some instances in which your personal information may be shared with third-parties as described here.
- Discord: Voice and text chat communications platform used by us to communicate internally and/or with specific customers (those that we may an ongoing business partnership with) and users those customers have invited for the purpose of discussing game server administration. Information shared includes any discussions over the private Discord server operated by Pufferfish Host. We will not share any data within chat or voice communications unless it is necessary to do so based on the discussion we are having. In example, if you have forgotten the email address you used on your Pufferfish Host account, we may share your email address to you via the Discord chat. Otherwise, such details you provide to us will not be shared with your implied or express consent.
- Social Media (Twitter, Facebook, Google+): We may use social media platforms to converse with users to answer questions, share media, and/or other matters. We do not knowingly share any personal data over these platforms.
Internal Communications, Documentation, and Training Material
- Discord: We use Discord as a business communications hub so we can communicate internally. Personal data, such as but not limited to, your name, email address, IP address, and Minecraft username may be shared within Discord so our team can troubleshoot/diagnose/resolve server issues, review accounts, and discuss training material.
Analytics & Tracking
- Google Analytics: We utilize Google Analytics (“GA”) to track user browsing habits, entry points, and other various data points to allow us to serve you, the customer, better. GA does initially collect potentially personally identifying information (an IP address) and resolves it to a general location (city, region, country) for analytical purposes. GA will store cookies in order to identify you to their systems. To the best of our knowledge, no personally identifying information is stored or shared with third-parties as per our preferences.
Payments, Fraud Monitoring, and Fraud Prevention
- Stripe: A billing platform we use to collect payments and prevent fraud. Personal data Stripe receives includes, but is not limited to, your name, address, email address, IP address, and your payment details (card number, expiration date, CVC, etc.)
- PayPal: We use PayPal’s business options to accept PayPal payments and credit/debit card payments via PayPal. Personal data PayPal collects may include, but is not limited to, your name, address, email address, IP address, and your payment details.
How we secure your personal information
Continuing in our commitment to protect your privacy, we have appropriate security measures in place to prevent your personal information from being accessed, altered, disclosed, lost, or used without authorization. We have always limited access to personal information on a business need-to-know basis and all of our contractors are bound by non-disclosure agreements.
Information regarding your account may be shared with other account holder(s) in the event that you are:
- Added as an administrative user to any account holder(s) service(s) or server(s): Email Address, IP Address, Access Logs.
- Added as a sub-contact to any account holder(s) account: First/Last name, Email Address, Full Address, Phone Number, IP Addresss, Access Logs.
We use HTTPS with valid SSL certificates for all public-facing web services, as well as for communication between CDN servers and our systems, ensuring that your personal data is encrypted from the time it is sent by the browser until the time it reaches our servers.
Account passwords are stored in hashed form using modern, one-way cryptographic hashing functions. We never create our own implementations of these functions; we only use widely accepted open-source libraries to perform encryption and password hashing. We are also committed to continually reevaluating these methods as new security advice and information is published to ensure that your information is secure.
In the event of a security breach in which we are involved, or potentially involved, you will be notified where we are legally required to do so.
How long we retain your personal information
Personal information will only ever be kept for as long as necessary to fulfill the purposes we collected it for, including such purposes of satisfying any accounting, legal, or reporting requirements.
Data may be retained for a minimum of 180 days after the last payment completed successfully via any financial means or until such time as the account is deemed “Inactive”.
We strongly encourage parents and legal guardians to monitor their children’s Internet usage (including use over a mobile device) and to help enforce this policy to the best of their ability by instructing their children to never provide their personal details to anyone or any company, especially online, without parental permission.
We never knowingly collect personal information from persons under the age of 16. If you are a parent/guardian of a child under the age of 16 and you believe they are using our website or services, please contact us immediately here. In the event that a user identifies themselves, or is identified, as a child under the age of 16, we will take reasonable measures to remove their information from our systems and will take appropriate steps to help restrict the child from future access to our website and services. If you are under the age of 16, we ask that you do not submit any personal information, rather please speak with your parent or legal guardian and ask them to contact us if you wish to use our website and services.
With upfront, verifiable parental consent, Pufferfish Host may allow persons under the age of 16 to use our website and services. For more information, parents or legal guardians may contact us here.
You may provide us with feedback in regards to existing or future services (collectively “Unsolicited information”). All Unsolicited information is considered non-confidential and we shall be free to use, disclose, reproduce, and distribute such information as we see fit without any limitation or attribution.
Your legal rights
General Data Protection Regulation (GDPR)
If you reside in the European Union, you have rights under data protection laws in relation to your personal data including: the right to be informed, the right of access to the information we hold, the right to rectification (to correct any information we hold that may be incorrect/invalid), the right to erasure (you may request certain details be removed if legally possible), the right to restrict processing (you may request, under certain circumstances, that we suspend the processing of personal data), the right to data portability (you may request a copy of your personal data in a common format), the right to object (for example, you may decline direct marketing), and rights in relation to automated decision making and profiling (you have a right for us to be transparent about any profiling or automated decision making we do).
For more information about your personal data rights, if you are interested, you may visit the UK Information Commissioner’s Office website.
For security reasons, we may need to request specific information from you to help us confirm your identity to ensure your right to access your personal data or to exercise any of your other rights. This is to ensure that your personal data is not disclosed to any person who has no right to receive it.
We try to respond to all requests within one month after confirming your identity. However, some requests may be more complex and/or may include a number of requests and, therefore, may take a longer amount of time. In this case, we will notify you and keep you updated.
California Privacy Rights
Under California’s “Shine the Light” law, California residents with a Pufferfish Host account are entitled to request and obtain from us, once a calendar year, information about the personal information we shared, if any, with third-parties for their own direct marketing uses.
How to contact us