MELONNODE
Back to home

Privacy Policy

Last updated: 14 April 2026

This policy explains how MelonNode ("we", "us", "our") processes personal data when you use our website, customer authentication, billing, and Minecraft server hosting services. We are based in the United Kingdom and comply with UK GDPR and the Data Protection Act 2018. This page is provided for transparency and does not constitute legal advice.

1. Data controller

The data controller responsible for your personal data is the operator of MelonNode, a UK-based business providing Minecraft server hosting and related services. For privacy enquiries, use the support or contact channels published on our website (for example Discord, tickets, or the email address we provide for account holders).

2. Personal data we collect

We may collect and process the following categories of data:

  • Identity and account: name, email address, username, profile image (if you choose to provide one via your authentication provider), and internal user identifiers.
  • Authentication: security events, session identifiers, and data required to keep your account secure (managed through our authentication provider).
  • Billing and payments: billing address where collected, payment method metadata (for example card brand and last four digits), transaction references, subscription state, and invoices — processed by our payment provider; we do not store full card numbers on our own infrastructure.
  • Service and technical: server identifiers, configuration you submit through the control panel, support ticket content, IP addresses, logs (including access and error logs), timestamps, and diagnostic information needed to operate and secure the platform.
  • Minecraft-related: where you or your players connect game clients to infrastructure we host, we may process Minecraft usernames, UUIDs, and related connection metadata as required to run the game server software, enforce rules, and troubleshoot. We do not control Mojang or Microsoft account systems.
  • Communications: messages you send to us (for example support requests) and, where applicable, marketing preferences.

3. Third-party services we use

We rely on carefully selected processors to deliver the service. They only receive data needed for their function and are bound by appropriate contractual safeguards.

Clerk (authentication)

We use Clerk Labs Inc. ("Clerk") to provide sign-in, session management, and related authentication features. Clerk may process your email address, authentication factors, and security telemetry. Clerk operates globally; their handling of personal data is described in Clerk's privacy documentation. We remain responsible for how we use Clerk on our service.

Stripe (payments)

We use Stripe Payments Europe Ltd. and affiliated Stripe entities ("Stripe") to process payments, manage subscriptions, and handle invoicing where applicable. Stripe receives payment and billing data you provide at checkout. Stripe's use of data is governed by Stripe's privacy policy and, where relevant, their role as payment processor. We receive limited transaction metadata from Stripe to reconcile your account.

Supabase (database and backend)

We use Supabase Inc. and related infrastructure ("Supabase") to store and query application data (for example server records, account linkage, and operational data). Data may be hosted in regions we configure for the service. Supabase acts as a processor; we determine the purposes and means of processing for data we store there.

4. Minecraft account data

Minecraft player identities are issued and managed by Mojang Studios / Microsoft. When you operate a server through MelonNode, the game software and plugins you install may read or log player names, UUIDs, IP addresses, chat, and gameplay events. You are responsible for your own compliance with applicable law and the Minecraft End User Licence Agreement. We process such data only as needed to host the service you configure, provide support, and maintain security.

5. Cookies and similar technologies

We and our providers may use cookies, local storage, and similar technologies for essential functions (for example keeping you signed in, fraud prevention, load balancing, and remembering preferences), analytics where enabled, and to improve reliability. Non-essential cookies (such as analytics) will be used in line with applicable consent requirements.

You can control cookies through your browser settings. Blocking essential cookies may prevent parts of the site or panel from working correctly.

6. Purposes and legal bases (UK GDPR)

We process personal data on the following bases, as applicable:

  • Contract: to provide hosting, billing, and support you have requested.
  • Legitimate interests: to secure our systems, prevent abuse, improve the service, analyse aggregated usage, and communicate service-related notices — balanced against your rights.
  • Legal obligation: to comply with law, tax, or regulatory requirements.
  • Consent: where we rely on consent (for example certain cookies or marketing), you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

7. Sharing with third parties

We do not sell your personal data. We may share data with processors such as Clerk, Stripe, and Supabase; with professional advisers where required; and with law enforcement or regulators when we are legally obliged to do so. Any transfer outside the UK will be subject to appropriate safeguards (for example the UK International Data Transfer Agreement / Addendum or adequacy regulations) where required.

8. Retention

We retain personal data only as long as necessary for the purposes above, including legal, accounting, and dispute resolution needs. Account and billing records may be retained for a number of years as required by law. Logs may be retained for a shorter rolling period unless needed for security investigations.

9. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS), access controls, and segregation of production systems. No method of transmission or storage is completely secure; we encourage strong passwords and two-factor authentication where available.

10. Your rights

Under UK data protection law you may have the right to access, rectify, erase, restrict, or object to certain processing, and to data portability where applicable. You may also lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise your rights, contact us through the support channels on our website. We may need to verify your identity before responding.

We aim to respond to requests within one month, which may be extended by up to two further months where a request is complex or we receive many requests — if that happens, we will let you know within the first month and explain the delay, as required by UK GDPR.

11. Children

Our services are directed at customers who can enter into a binding contract. If you believe a child has provided personal data to us without appropriate consent, contact us and we will take appropriate steps.

12. Marketing communications

We will only send promotional emails or similar marketing where we have a lawful basis to do so (for example your consent or, where permitted, legitimate interest in telling existing customers about related services). Every marketing message includes a way to opt out. Service-critical notices (security alerts, billing receipts, legal updates) are not marketing and may be sent without a marketing opt-in.

13. Business transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or similar transaction, personal data may be transferred as part of that deal. We will require the successor to honour commitments consistent with this Privacy Policy or notify you of changes as required by law.

14. Automated decisions and profiling

We do not use solely automated decision-making that produces legal or similarly significant effects about you (such as automated refusal of service based only on profiling) as a routine part of the service. We may use automated systems for fraud prevention, abuse detection, and security (for example flagging suspicious payment patterns); where a decision significantly affects you, you can contact us to request human review where applicable law requires it.

15. Data you store on servers (worlds, plugins)

You may upload worlds, plugins, configs, and player-related data to servers you control. That content may contain personal data about you or third parties (for example player chat logs). You are responsible for having a lawful basis to process that data and for meeting transparency obligations to your players where required. We process such data only as a processor or service provider to operate the hosting you purchased, unless we are independently required to act (for example a valid legal demand).

16. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will change when we do. Material changes may be communicated by email or a notice on the website or panel.