Privacy Policy

BruceNode ("we", "us", "our") respects your privacy. This policy explains what personal data we collect when you use our game server hosting services, how we use it, who we share it with, how long we keep it, and the rights you have over your data. By using BruceNode, you agree to the practices described here.

1. Data Controller

The data controller responsible for your personal data is:

• The Global Paradise LLC, operating as BruceNode
• Eagle, Idaho, United States
• Customer contact: hi@brucenode.com

For all privacy-related requests — including data access, correction, deletion, export, or withdrawal of consent — contact us at hi@brucenode.com. We respond to all privacy requests within 30 days.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address and display name
• Password (hashed with industry-standard algorithms — we never see or store plaintext passwords)
• Discord account ID and username, if you sign in via Discord
• Google account ID and email, if you sign in via Google
• Two-factor authentication secrets and passkey credentials, if enabled
• Profile image URL, if provided by your OAuth provider

2.2 Billing Information

When you purchase a service, we collect:

• Billing name, address, and country
• Stripe customer reference (payment method details are stored by Stripe, not by us — we never see your full card number)
• Invoice records, transaction history, and wallet credit balance
• Selected plan, billing cycle, and addons
• Promotional codes used at checkout

2.3 Game Server Data

To provision and manage your game server, we store:

• Game panel username and an encrypted panel password (encrypted at rest with AES-256-GCM)
• Server allocations: assigned IP, port, RAM, CPU, and disk allocation
• Server metadata: game type, software version, region, server name, and display name
• Provisioning status, lifecycle timestamps, and error logs
• Selected addons and their fulfillment status

We do not access, monitor, or read the content stored inside your game server (world files, configuration files, player data) except when strictly required to provide support you have requested or to comply with legal obligations.

2.4 Communication & Support Data

• Support tickets and the messages exchanged with our team
• Email delivery logs (recipient, template, status, timestamp) for transactional emails such as receipts, server-ready notifications, and grace-period reminders
• Discord ticket transcripts, if you open a ticket in our community Discord server

2.5 Audit & Security Logs

For account security, fraud prevention, and forensic compliance, we record:

• Sensitive account events: server cancellation, server rename, credential reveal, credential rotation, addon fulfillment requests
• Login sessions: IP address, user agent, and session start time
• Rate limit and abuse-detection signals

2.6 Usage & Analytics Data

When you visit our website, we automatically collect:

• IP address and approximate location (country / region)
• Browser type, device type, and operating system
• Pages visited, time spent, and referral source
• Performance metrics (page load times, Core Web Vitals)

3. How We Use Your Information

• To provision, operate, and manage your game servers
• To process payments, issue invoices, and apply wallet credits
• To send transactional emails (receipts, server ready, payment failed, grace period notices, addon completed)
• To provide customer support and respond to your inquiries
• To send security and account alerts (suspicious login, password changes, 2FA changes)
• To detect, prevent, and investigate fraud, abuse, and Terms of Service violations
• To improve our website, services, and customer experience
• To comply with our legal obligations, tax filings, and lawful requests from authorities

We will never sell your personal information. We do not use your data for advertising or behavioral profiling. We do not send marketing emails unless you have explicitly opted in.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract — Contract — to provide the services you have purchased and to perform our obligations under our Terms of Service.
• Legitimate interest — Legitimate interest — to operate our business, secure our infrastructure, prevent fraud and abuse, and improve our services.
• Legal obligation — Legal obligation — to comply with tax, accounting, anti-fraud, and law enforcement requirements.
• Consent — Consent — for any optional processing where consent is required, such as non-essential cookies or marketing communications. Consent can be withdrawn at any time.

5. Categories of Third-Party Recipients

We share personal data with the following categories of trusted third parties only as necessary to operate BruceNode. Each category is bound by a data processing agreement and may only use your data for the purposes described here.

• Payment processor — Payment processor — for processing payments, managing subscriptions, issuing invoices, applying refunds, and providing the customer billing portal. Payment card details are handled exclusively by our PCI-DSS Level 1 certified payment processor and never touch our servers.
• Authentication providers — Authentication providers — when you choose to sign in with a third-party account (such as Google or Discord), we receive your account identifier, email, and basic profile information from the provider you select.
• Hosting and infrastructure providers — Hosting and infrastructure providers — for running our website, customer dashboard, game server hardware, content delivery, and DDoS protection. These providers process technical operational data (such as IP addresses and request logs) on our behalf.
• Database and storage providers — Database and storage providers — for storing account, billing, and server metadata securely.
• Email delivery provider — Email delivery provider — for sending transactional emails such as receipts, server notifications, and grace period reminders.
• Analytics provider — Analytics provider — for measuring anonymous, aggregate website traffic and performance metrics. We do not use behavioral profiling or advertising trackers.
• Community platform — Community platform — for our optional community server and ticket integration. Use of the community platform is voluntary.
• AI assistant provider — AI assistant provider — to power the Bruce assistant chatbot. Conversations with the chatbot are processed by a third-party large language model provider.

We do not sell your personal data, do not share it for advertising purposes, and do not transfer it to recipients outside the categories listed above without your consent or a clear legal basis.

6. International Data Transfers

BruceNode is operated from the United States. Personal data we collect may be processed and stored in data centers located in the United States, Canada, and the European Union, depending on the service.

By using our services, you consent to the transfer of your data to these locations. Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States or other jurisdictions, our processors rely on Standard Contractual Clauses (SCCs) or other recognized transfer mechanisms approved by the European Commission.

7. Data Security

• All data transmitted between you and our services is encrypted in transit using TLS 1.2 or higher.
• Passwords are hashed with industry-standard algorithms; we never store passwords in plaintext.
• Game panel passwords stored on our servers are encrypted at rest using AES-256-GCM.
• Payment card details are handled exclusively by our PCI-DSS Level 1 certified payment processor. We never see, store, or transmit raw card numbers.
• Two-factor authentication and passkey support are available on all customer accounts.
• Access to customer data by our team is restricted, logged, and reviewed.
• Sensitive account actions are recorded in an append-only audit log.

No system can be guaranteed 100% secure. If we ever discover a security incident affecting your personal data, we will notify you and the relevant authorities as required by law.

8. Data Retention

• Active accounts: Active accounts: Data is retained for the duration of your account.
• Cancelled servers: Cancelled servers: Server data enters a 15-day grace window after cancellation, then is permanently deleted.
• Closed accounts: Closed accounts: Account data is deleted within 30 days of account closure, except where retention is required by law (for example, tax records).
• Invoices and transaction records: Invoices and transaction records: Retained for at least 7 years to meet US tax and accounting obligations.
• Audit logs: Audit logs: Retained indefinitely for fraud prevention and forensic compliance.
• Email delivery logs: Email delivery logs: Retained indefinitely for delivery troubleshooting and dispute resolution.
• Backups: Backups: Automated server backups are retained per the schedule defined by your plan and are deleted alongside your server data.

9. Your Rights

Regardless of where you live, you have the right to:

• Access — Access — request a copy of the personal data we hold about you.
• Correct — Correct — update or fix inaccurate information. Most details can be edited from your dashboard.
• Delete — Delete — request that we delete your account and personal data.
• Export — Export — request a machine-readable export of your data.
• Object — Object — object to certain processing activities, such as profiling or marketing.
• Withdraw consent — Withdraw consent — for any processing based on consent, you can withdraw it at any time.
• Lodge a complaint — Lodge a complaint — if you believe we have mishandled your data, you may lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at hi@brucenode.com. We respond to all requests within 30 days. We may need to verify your identity before processing certain requests.

10. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to know Right to know what categories of personal information we collect, the sources, the purposes, and the third parties we share it with.
• Right to delete Right to delete personal information we have collected from you, subject to legal exceptions.
• Right to correct Right to correct inaccurate personal information.
• Right to opt out of sale — Right to opt out of sale — we do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Right to non-discrimination Right to non-discrimination for exercising your CCPA rights.

To exercise your CCPA rights, contact us at hi@brucenode.com. You may designate an authorized agent to submit a request on your behalf.

11. EU & UK Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent UK and Swiss regulations apply. In addition to the rights listed in section 9, you have the right to:

• Restrict processing Restrict processing of your personal data in certain circumstances.
• Data portability — Data portability — receive your data in a structured, commonly used, machine-readable format.
• Lodge a complaint Lodge a complaint with your national data protection supervisory authority.

The legal bases on which we process your data are described in section 4. Where we transfer data outside the EEA / UK, we rely on Standard Contractual Clauses or equivalent mechanisms as described in section 6.

To exercise any GDPR right, contact us at hi@brucenode.com.

12. Children's Privacy

BruceNode is not directed at children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you are between 13 and 18, you must have parental or guardian consent to use our services. If you believe a child under 13 has provided us with personal information, please contact us at hi@brucenode.com and we will delete it promptly.

13. Cookies & Analytics

We use cookies and similar technologies for the following purposes:

• Essential cookies — Essential cookies — authentication, session management, language preference, currency preference, and dark mode theme. These are required for the site to function and cannot be disabled.
• Analytics cookies — Analytics cookies — anonymous, aggregate analytics tools that measure traffic patterns and page performance. These help us improve the service.

We do not use advertising cookies, do not sell data to advertisers, and do not engage in cross-site tracking or behavioral profiling.

You can disable cookies through your browser settings, although doing so may break functionality such as login and language preferences.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email or a clear notice on our website at least 14 days before they take effect. The most current version is always available on this page.

15. Contact

For any privacy questions, data requests, or concerns about how we handle your personal information, contact us at hi@brucenode.com or through our support portal. We respond to all privacy inquiries within 30 days.