StaffHQ

Privacy Policy

Last updated: April 2026

1. Overview

This Privacy Policy explains how StaffHQ collects, uses, and handles information when you use our service. StaffHQ is a staff management dashboard for Minecraft server networks, operated by AcidHunter.

We collect only what is needed to provide the service. We do not sell your data or use it for advertising.

2. Information We Collect

Account Information

When you register, we collect your email address and store a hashed version of your password. We never store your password in plaintext. Your email is used to identify your account, send service-related messages, and allow you to log in.

Minecraft Server Data

StaffHQ ingests data from your Minecraft server to power its core features. This includes:

  • Player usernames and UUIDs associated with staff actions
  • Chat messages collected for moderation and log review
  • Commands executed by staff members
  • Staff session records (login/logout times, activity)
  • Punishment records (bans, mutes, kicks, warnings)

This data is sent from your server via our plugin integration and is stored on your behalf for staff management and moderation purposes.

Discord Data

If you enable Discord integration, we collect:

  • Discord user IDs and usernames for account linking
  • Profile avatar URLs
  • Aggregated message counts and voice activity hours for staff activity tracking

We do not store the content of Discord messages. We use the Discord API only to retrieve the metrics you explicitly enable.

Server Health Metrics

StaffHQ collects server performance data including TPS (ticks per second), memory usage, and player counts. This data powers the server health monitoring features of the dashboard.

Payment Information

Payments are processed by McSets. We do not store your payment card details. We retain your email address and the license key associated with your purchase for billing and support purposes.

Usage and Log Data

We collect standard web server logs including IP addresses, browser type, and pages accessed. This is used for security monitoring and diagnosing service issues.

3. How We Use Your Information

We use the data we collect to:

  • Provide, operate, and improve the StaffHQ service
  • Authenticate you and manage your account
  • Process payments and manage billing
  • Send service-related communications (account notices, billing receipts, security alerts)
  • Respond to support requests
  • Detect and prevent abuse, fraud, and security incidents

We do not use your data or your players' data for advertising. We do not build advertising profiles.

4. Data Retention

Retention periods for activity and log data depend on your subscription plan:

  • Starter: 30 days
  • Pro: 90 days
  • Max: 180 days

Retention periods may be configurable within your dashboard settings depending on your plan. After the retention period, data is automatically and permanently deleted.

Account records and punishment data are retained for as long as your account is active. On account deletion, all associated data is removed within 30 days.

5. Data Sharing

We do not sell your data. We share data only with the following parties and only as needed to operate the service:

  • McSets — our payment processor. Your payment details are handled directly by them. We receive payment confirmation and license key records only.
  • Hetzner — our infrastructure provider. Your data is hosted on Hetzner servers in Germany. Hetzner processes data on our behalf and does not have independent access to it.
  • Discord API — used to retrieve staff activity metrics when you enable Discord integration.

We do not share your data with advertisers, data brokers, or any other third parties.

6. Data Storage and Security

Your data is stored on servers located in Germany (Hetzner). All data is transmitted over encrypted connections (HTTPS). We use access controls and regular security practices to protect against unauthorized access or disclosure.

No system is completely secure. If we become aware of a breach affecting your personal data, we will notify you as required by applicable law.

7. Cookies

StaffHQ uses a session cookie required for authentication on the dashboard (dash.staffhq.net). We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

Disabling cookies in your browser will prevent you from logging in to the dashboard.

8. Your Rights (GDPR)

Because your data is stored in the EU, you have the following rights under GDPR regardless of where you are located:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that inaccurate data be corrected.
  • Deletion — request that we delete your personal data (right to erasure).
  • Portability — request your data in a portable format.
  • Objection — object to certain types of processing.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@staffhq.net. We will respond within 30 days.

9. Children's Privacy

StaffHQ is not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 13, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page.

For significant changes, we will notify you by email or via an in-dashboard notice. Continued use of the service after changes are posted constitutes acceptance of the updated policy.

11. Contact

Questions about this policy or your data? Contact us at support@staffhq.net.