Privacy Policy

Last updated: 2026-04-19

We collect only what we need to run the service. We don't sell your data. We don't use it for advertising.

What we collect

Account data

Email address, a password hashed with argon2id (we never see the plaintext), and the name you give us at signup.

Discord OAuth (optional)

If you sign in with Discord, we store your Discord user ID and email address so we can link logins. We use the minimum scopes: identify and email. We do not read your messages, servers, or roles.

Payment data

Stripe handles all payment info. We store the Stripe customer ID, subscription ID, and plan status — but not card numbers or expiration dates.

Server operational data

We store the metadata needed to run your server (port assignments, RCON password, plan, region, schedule entries). Your save files, configs, and plugins are stored on the game server hardware; they're yours.

Logs

We retain application logs (API requests, webhook events) for 30 days for debugging and fraud detection.

What we don't collect

No analytics trackers on the panel. No behavioral tracking. No advertising cookies. The marketing site uses Cloudflare's privacy-friendly request logs only.

Cookies

A session cookie on the panel (authenticates you) and a short-lived CSRF cookie during Discord OAuth. That's it.

Who sees your data

We share data only with:

  • Stripe — payment processing. Stripe privacy policy.
  • OVH — the hardware your servers run on.
  • Cloudflare — DNS and DDoS mitigation.
  • Discord — if you use Discord OAuth.
  • Resend — transactional email delivery.

We don't sell or share your data with anyone else.

Retention

Account data is kept while your account is active and for 30 days after cancellation, then deleted. Server backups follow the schedule in the Terms (7 days rolling). Stripe retains billing records independently per their own schedule and legal obligations.

Your rights

Email privacy@teafarm.gg to:

  • Export the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Object to any processing

We respond within 30 days. There's no charge for reasonable requests.

Security

Passwords hashed with argon2id. All traffic over HTTPS. API secrets rotated on compromise. Database access limited to the operator. We run a small stack so the attack surface is small — but no system is bulletproof. Report security issues to security@teafarm.gg.

Kids

Teafarm isn't directed at children. We don't knowingly collect data from anyone under 13.

Changes

Material changes announced by email at least 14 days in advance. Minor edits (typo fixes) happen inline with an updated date at the top.