Privacy Policy

Last updated: 9 July 2026

This policy explains how Campfire collects, uses and protects your personal data when you use campfire.host and our game server hosting service, and the rights you have under the EU General Data Protection Regulation (GDPR).

The data controller is Ander Digital OÜ, registry code 16227026, Sõpruse pst 179-39, 13415 Tallinn, Estonia. For anything privacy-related, email support@campfire.host.

1. The data we collect

Account data

Your email address, display name and optional avatar image, and — if you use a password — a salted hash of it (we never store passwords in plain text). If you sign in with Google, we receive your Google account identifier, email, name and avatar from Google; we do not receive your Google password.

Billing data

Payments are processed by Stripe. We store your Stripe customer reference, subscription status and plan history. Your card number never touches our servers — it is collected and stored by Stripe on their PCI-DSS-compliant systems.

Service data

The servers you create and their configuration (name, game, version, settings, region, join address), the worlds and files you upload or generate, server backups, console output and logs, and an event history of server lifecycle actions (starts, stops, plan changes and similar). If a server owner shares a server with you, the owner can see your name and email as a member.

Session and security data

Active login sessions, including the browser user-agent of each session (so you can recognise and revoke them from account settings), and standard technical logs (such as IP addresses in web server and security logs at our hosting providers).

Communications

Messages you send us through the support form or by email, and your marketing email preference.

Usage analytics and diagnostics

Aggregated website analytics (pages viewed, referrer, browser and device type, approximate location derived from your IP address) collected via DataFast, a privacy-focused analytics tool that does not use advertising cookies or track you across other sites. When something breaks, error reports (which may include your user id and the request that failed) are sent to Sentry so we can fix it.

2. How and why we use your data

We do not use your data for automated decision-making with legal effects.

3. Cookies

4. Who we share data with

We never sell your personal data. We share it only with the service providers (processors) we need to run Campfire, under data processing agreements:

We may also disclose data if required by law or a valid legal order, to protect our rights or the safety of others, or — with notice to you — as part of a business transfer such as a merger or acquisition.

5. International transfers

Your game server data is hosted in EU data centers. Some of our processors (for example Stripe, SendGrid, Vercel, Sentry and Google) may process limited data in the United States or other countries outside the EEA. Where that happens, transfers are protected by an EU adequacy decision (such as the EU–US Data Privacy Framework) and/or the European Commission’s Standard Contractual Clauses.

6. How long we keep data

7. Your rights

Under the GDPR you can, at any time:

To exercise a right, email support@campfire.host from your account’s email address (we may ask you to verify your identity). You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or the supervisory authority in your country of residence.

8. Security

All traffic to the Service is encrypted in transit (TLS). Passwords are hashed with argon2id; API and integration tokens are stored only as cryptographic hashes. Sessions are server-side and revocable, access to production systems is restricted and authenticated, and game servers run isolated from one another. No system is perfectly secure — if a breach ever affects your personal data, we will notify you and the supervisory authority as the GDPR requires.

9. Children

The Service is not directed at children under 13, and we do not knowingly collect personal data from them. Purchases require you to be 18 or have a guardian’s consent (see our Terms of Service). If you believe a child has given us personal data, contact us and we will delete it.

10. Changes to this policy

We will update this policy as the Service evolves. If a change is material — for example a new category of data or a new purpose — we will notify you by email or in the panel before it takes effect. The “Last updated” date at the top always reflects the current version.

11. Contact

Ander Digital OÜ (registry code 16227026)
Sõpruse pst 179-39, 13415 Tallinn, Estonia
support@campfire.host