Privacy Policy

Last updated: March 2026

This Privacy Policy explains how shrug.games (“we”, “us”, “our”) handles your personal information. We’re a small team and we keep things simple.

What we collect

Account information

  • Email address
  • Username
  • Password (hashed, we can’t read it)

Payment information

  • Billing name and address
  • Payment method details are handled by Stripe. We don’t store your card numbers.

Server data

  • Game server configurations
  • Game save files and world data
  • Server logs

Usage information

  • IP addresses (for security and abuse prevention)
  • Basic analytics via Plausible (see below)

How we use your data

  • Provide service: Run your game servers, process payments, send service notifications
  • Support: Help you when something breaks
  • Security: Detect abuse, prevent fraud, protect our infrastructure
  • Improve: Understand how people use the service so we can make it better

We don’t sell your data. We don’t use it for advertising. We don’t share it with marketers.

We process your data based on:

  • Contract performance: Creating your account, running your servers, processing payments, and providing support — the stuff you signed up for
  • Legitimate interests: Security monitoring, fraud prevention, abuse detection, and service improvements — things that benefit both you and us
  • Legal obligations: Responding to valid legal requests and complying with applicable laws

We don’t rely on consent as a basis for core service functionality. Where consent is relevant (like optional marketing emails, if we ever do that), you can withdraw it anytime.

Third parties we use

Stripe (payments)

Handles payment processing. They have their own privacy policy at stripe.com/privacy.

Plausible (analytics)

We use Plausible for website analytics. Plausible is privacy-focused and doesn’t use cookies. It doesn’t collect personal data or track you across sites. No consent banner needed. Learn more at plausible.io/data-policy.

Hetzner (infrastructure)

Our servers run on Hetzner Cloud infrastructure. Your game data is stored on their systems in accordance with their data processing agreement.

Vultr (infrastructure)

We use Vultr for networking services and some game server hosting. Your data may be stored on their systems depending on your server region.

Data retention

  • Active accounts: We keep your data while your account is active
  • After cancellation: Account and server data is deleted within 30 days of your subscription ending. Encrypted backups are fully purged within 90 days of cancellation.

Want your data deleted sooner? Email privacy@shrug.games.

Your rights

Regardless of where you live, you have the following rights over your data:

  • Access: Request a copy of your data
  • Correction: Fix inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Restrict processing: Limit how we use your data
  • Object: Object to certain types of processing
  • Withdraw consent: Where we rely on consent, you can withdraw it anytime
  • Non-discrimination: We won’t treat you differently for exercising your rights

We don’t sell your personal information, so there’s nothing to opt out of.

To exercise any of these rights, email privacy@shrug.games.

Data location

Your account and profile data is hosted in the EU (Germany/Finland).

Game server data is stored in the region you choose when setting up your server. If you move your server to a different region, your data moves with it — we don’t retain copies in the previous region.

Payment processing is handled by Stripe, which may process data in the US.

For transfers outside the EU, we use Standard Contractual Clauses.

Security

We use industry-standard security measures:

  • Encrypted connections (HTTPS/TLS)
  • Encrypted data at rest
  • Access controls and authentication
  • Regular security updates

No system is 100% secure. If we discover a breach affecting your data, we’ll notify you as required by law.

Children

Our service is not intended for children under 13. We don’t knowingly collect data from children under 13. If you’re a parent and believe your child has provided us with personal information, contact us and we’ll delete it.

Changes to this policy

We may update this policy from time to time. We’ll post changes here and update the “Last updated” date. For significant changes, we’ll notify you by email.

Contact

Questions about privacy? Email privacy@shrug.games.

For GDPR-related requests, you can also contact your local data protection authority, though we’d prefer to work with you directly.