Loading
Last updated ·
This Privacy Policy explains what personal data Wroud Foundation LLC collects when you use pixly, why we collect it, who we share it with, and the choices you have. It applies in addition to the Terms of Use and the Acceptable Use Policy.
Wroud Foundation LLC ("Wroud", "we", "us", "our") is a limited liability company organized under the laws of the State of Wyoming, United States of America. We operate the pixly managed Minecraft Java Edition server hosting service (the "Service"). For the purposes of the EU General Data Protection Regulation, the United Kingdom GDPR, and similar laws, Wroud is the data controller of the personal data described in this Privacy Policy.
This Privacy Policy applies to the personal data we process when you visit the pixly website, sign up for or use the Service, contact us, or otherwise interact with us. It does not cover data processed by third parties whose services you choose to use through the Service (such as Mojang/Microsoft, Google, AWS, Modrinth, or the Third-Party Payment Processor) under their own privacy policies.
Account data (from Google OAuth). When you sign in with Google, Google provides us with your name, email address, profile picture URL, and a Google-issued subject identifier. We do not receive your Google password.
Service usage data. When you use the Service, we automatically record server identifiers and metadata, region selection, instance type, server runtime and version, configuration changes, runtime hours, status events (start, stop, sleep, wake), modpack identifiers you choose to install, and player lists you configure (whitelist, operator list, ban list).
Billing data. We record top-up events, debit and credit events against your Wallet, monthly settlement records, the AWS-cost basis for each billing event, refund records, and chargeback records. We retain a token returned by the Third-Party Payment Processor that lets us reference your past payment, but we do not receive or store your full card number, CVV, or bank credentials — those are handled entirely by the Third-Party Payment Processor.
Server content. Your User Content — including world saves, server.properties, datapacks, mods you upload, and the contents of your in-game whitelist, operator, and ban lists — is stored on the storage volumes we provision for your Server and in the daily backups described in the Terms of Use. To the extent any of that User Content contains personal data about you or other people, we process it on your instructions as part of providing the Service.
Technical data. We log connection metadata such as IP address, approximate geolocation derived from IP, user agent, request timestamps, and request paths, for security, fraud prevention, abuse mitigation, and debugging purposes.
Communications. When you contact us at our support email addresses or via in-product channels, we retain the messages you send us and the responses we send you.
If you are in the European Economic Area, the United Kingdom, or another jurisdiction that requires us to identify a legal basis for processing your personal data, we rely on the following legal bases:
We do not sell or rent your personal data. We share personal data only with the categories of recipients listed below and only for the purposes described:
Wroud is based in the United States of America and the Service runs on AWS infrastructure in the region you choose. Personal data may therefore be transferred to and processed in countries outside your country of residence, including the United States of America. Laws in those countries may differ from those in your country.
Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we use appropriate safeguards, such as the European Commission's Standard Contractual Clauses (or the UK International Data Transfer Addendum / Swiss equivalent, as applicable), to ensure your personal data continues to be protected.
We keep personal data only for as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In particular:
Depending on where you live, you may have some or all of the following rights with respect to your personal data:
To exercise any of these rights, email privacy@pixly.gg from the email address associated with your Account, or contact us via in-product channels. We may need to verify your identity before acting on a request. We will respond within the time required by applicable law (in most cases, no later than thirty (30) days; we may extend the period for complex requests as permitted by law).
This section supplements the rest of this Privacy Policy and applies to personal information of California residents that Wroud processes as a "business" under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act ("CCPA/CPRA"). Terms in quotation marks below have the meanings given to them in the CCPA/CPRA.
Categories of personal information we collect. In the preceding twelve (12) months, we have collected the following categories of personal information about California consumers. The specific items are described in Section 3 of this Privacy Policy.
We do not knowingly collect "sensitive personal information" as defined by the CCPA/CPRA. We do not collect biometric information, precise geolocation, or government-identifier numbers.
Sources. We collect the categories above from you directly when you sign up, configure a Server, top up your Wallet, or contact us; from your interaction with the Service when you use it; from Google when you authenticate; and from the third-party payment processor when you make a payment.
Business or commercial purposes for which we collect personal information. The purposes described in Section 4 of this Privacy Policy. In summary: to provide the Service, to bill you, to secure the Service, to communicate with you, to improve the Service, and to comply with the law.
Categories of recipients to whom we disclose personal information for a business purpose. Cloud infrastructure providers (primarily AWS), the third-party payment processor, our authentication provider (Google), modpack-metadata providers, professional advisors, and government authorities or other parties where disclosure is necessary. The full list is in Section 6 of this Privacy Policy.
No "sale" or "sharing" of personal information. Wroud does not sell personal information and does not share personal information for cross-context behavioral advertising, in each case as those terms are defined in the CCPA/CPRA. We have not sold or shared personal information of California consumers in the preceding twelve (12) months, and we do not have actual knowledge that we sell or share the personal information of consumers under sixteen (16) years of age.
Retention. We retain each category of personal information only for as long as needed for the purposes described in this Privacy Policy. The general retention periods we apply are in Section 8 of this Privacy Policy.
Your CCPA/CPRA rights. Subject to verification of your identity and applicable exceptions, California consumers have the right to:
How to exercise these rights. Email privacy@pixly.gg from the email address associated with your Account, or use the data-rights buttons in your dashboard Account page where available. We will verify your request by matching identifiers in our records and, where appropriate, by confirming your control of the Account via the email associated with the Account. For high-risk requests (such as a deletion request) we may require additional verification.
Authorized agents. You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization signed by you, and we may separately contact you to confirm the agent's authority and to verify your identity directly.
Twelve-month look-back. When you make a request to know, we will provide the information collected, disclosed, sold, or shared (as applicable) in the twelve (12) months preceding the request, unless you ask us to cover a longer period (in which case we may, where feasible and not disproportionately difficult, provide the longer period; we are not required to provide information collected before January 1, 2022).
Complaints. You may file a complaint with the California Privacy Protection Agency. We will not retaliate against you for filing a complaint.
The Service is not directed to children under thirteen (13) years of age, and we do not knowingly collect personal data from children under thirteen (13). In jurisdictions with a higher digital-consent age (such as sixteen (16) in much of the European Economic Area), the Service is not directed to children below that age.
If you believe a child has provided us with personal data without appropriate consent, please contact privacy@pixly.gg and we will take steps to delete the data and close any associated Account.
We use a small number of strictly necessary cookies and similar technologies. In particular, we set a session cookie named "mc_session" — an HTTP-only, secure cookie that contains a signed JSON Web Token and expires after seven (7) days — which keeps you signed in to your Account. Without this cookie we could not authenticate your requests, so it cannot be disabled while you remain signed in.
In addition, we use Google Analytics 4 (provided by Google LLC) to measure aggregate use of the Service — for example, which pages are visited and which features are used — so we can improve the Service. Google Analytics sets cookies in your browser (typically prefixed "_ga") that contain a pseudonymous client identifier; we have configured the property without advertising features and we do not use Google Analytics for cross-site advertising, remarketing, or building advertising profiles. The lawful basis for this processing in the EEA and the United Kingdom is our legitimate interest in understanding and improving the Service (GDPR Art. 6(1)(f)); you can object at any time by contacting privacy@pixly.gg or by using a browser-level signal such as Global Privacy Control.
We do not use advertising cookies, cross-site tracking pixels, or third-party marketing cookies. If we add such cookies in the future, we will update this Privacy Policy and, where required, ask for your consent first.
We use industry-standard technical and organizational measures to protect personal data, including transport-layer encryption (TLS) for all communications between your browser and our servers, encryption-at-rest for storage volumes and backups (managed by AWS), least-privilege access controls for internal personnel, audit logging of administrative actions, and the use of Google OAuth so that we never directly handle passwords. No method of transmission over the internet or method of electronic storage is one hundred percent secure, however, and we cannot guarantee absolute security.
If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and (where required) you, in accordance with applicable law and, where the GDPR applies, generally within seventy-two (72) hours of becoming aware of the breach.
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the date of the most recent revision. For material changes, we will give reasonable advance notice as described in the Terms of Use. Your continued use of the Service after the effective date of a change constitutes acceptance of the revised Privacy Policy.
Privacy questions or rights requests: privacy@pixly.gg. General legal contact: legal@pixly.gg. Postal address and full company details: Contact.