Privacy Policy
Updated: July 10, 2026
This privacy policy reflects the current functionality of the website and Minecraft server as of 2026, including user registration and login, Minecraft account linking, staff applications, admin login, status page, changelog, server metrics transmitted by the Minecraft plugin, the player report system, and uploaded evidence. It is written in English and based on the requirements of the GDPR (EU), the BDSG, the DDG, § 25 TDDDG and the Digital Services Act (DSA). This policy is provided for informational purposes and does not replace individual legal advice.
1. Controller
Controller within the meaning of Art. 4 No. 7 GDPR:
[Patrick Guth]
[Katja-Niederkirchner Str. 1]
[16303 Schwedt/Oder, Germany]
E-Mail: [springisfm.dc@icloud.com]
BlockBay is operated by a private individual. No commercial register entry or VAT ID exists.
2. General data processing
We process personal data of our users only to the extent necessary for the provision of a functional website, the Minecraft server, and our community services. Processing is based on user consent, contractual necessity, or our legitimate interests, as permitted by the GDPR and other applicable laws.
3. Website Hosting and Server Log Files
When visiting this website, the server automatically collects information in server log files that your browser transmits. These include:
- IP address of the requesting device
- Date and time of the request
- Requested URL and referrer URL
- Transferred data volume and HTTP status code
- Browser type and version, operating system used
The legal basis is Art. 6(1)(f) GDPR. The operator has a legitimate interest in ensuring the website functions correctly and remains secure. Log data is deleted after 30 days unless it is required for security incident investigation.
4. Cookies, Local Storage and Consent (§ 25 TDDDG)
We use technically essential cookies and local storage to keep the website functional and secure. This includes session cookies for logged-in users, CSRF protection tokens, and the storage of your cookie consent decision under the key blockbay-cookie-consent. The storage of the consent decision is based on our legitimate interest (Art. 6(1)(f) GDPR) and § 25(2)(1) TDDDG.
When you first visit the site, we show a consent banner that lets you accept or reject the use of non-essential local storage. The buttons are presented equally so you can make a free choice. You can change or withdraw your decision at any time via the "Cookie settings" button in the footer or the floating settings control.
We do not use tracking, analytics, marketing, or social-media cookies. We do not share local storage data with third parties.
5. User and Admin Accounts
The website allows visitors to register a user account. When you register or log in, we process your email address, a password hash, an optional Minecraft username, and a session identifier stored in an HTTP-only cookie. The legal basis for processing registered user data is the performance of the user agreement (Art. 6(1)(b) GDPR) and our legitimate security interest (Art. 6(1)(f) GDPR).
Passwords are stored as salted hashes using bcrypt and cannot be read by us. The admin dashboard is accessible only to authorized administrators with additional permissions. Session cookies are deleted when you log out or when the session expires. Inactive or disabled accounts can no longer be used to log in.
5a. Minecraft Account Linking
You can link your Minecraft account to your website profile by entering your in-game username. The website stores your Minecraft UUID, in-game name, and a verification status. Linking is optional and only used to display your Minecraft identity on your public profile and to unlock website features tied to a linked account.
The legal basis is your consent (Art. 6(1)(a) GDPR), which you give when you initiate the link, and the performance of the user agreement (Art. 6(1)(b) GDPR). You can unlink your Minecraft account at any time in your account settings. If you do so, the stored UUID and username are removed or anonymized.
6. Server Metrics via Minecraft Plugin
The Minecraft server runs a custom plugin that transmits technical metrics to this website at regular intervals. The data includes:
- Current and maximum player count
- Server performance data (CPU usage, TPS, RAM, disk usage)
- Timestamp of the transmission
No Minecraft UUIDs, player names, chat content or in-game actions are transmitted by the plugin for metrics purposes. The processing is necessary for displaying the public server status and for the operator to monitor server health. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in operating and improving the service).
7. Server Status and Monitoring
The homepage and the public status page display the live status of our Minecraft server. To do this, your browser may send requests to the third-party service api.mcstatus.io (operated by Jones Development LLC). Your IP address is processed by that provider when the request is made. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in providing a reliable status display.
Provider's Privacy Policy: https://mcstatus.io/privacy
In addition, our own backend performs periodic status checks (HTTP/HTTPS/TCP) against services configured by the operator. These checks do not involve website visitors.
8. External Links (Discord, CloudExa-Hosting, BuiltByBit)
This website contains links to external platforms such as Discord, CloudExa-Hosting, and BuiltByBit. When you simply view the links, no personal data is transmitted to the external provider. Only when you click a link will you be redirected to the external site, and the respective provider's privacy policy applies.
9. Affiliate Links
Some links on this website, in particular the link to CloudExa-Hosting, are affiliate links. When you click an affiliate link, the external provider may place a tracking cookie or similar technology to attribute the referral. This processing is based on your voluntary click and our legitimate interest to finance the project through partner commissions (Art. 6(1)(f) GDPR). Affiliate links are clearly labeled as partner links.
10. Blog, Changelog and Informational Content
The website contains blog posts and a changelog with informational content about gameplay features, server events, and updates. Reading these pages does not require any additional processing of personal data beyond the standard server log files mentioned in Section 3. No comments, ratings, or other interactive public features are enabled. The changelog is created and maintained by the operator; it does not collect personal data from readers.
11. Player Reports
The website offers a player report form that allows users to report rule violations on the Minecraft server. When a report is submitted, we process:
- The reported player's Minecraft username
- The reporter's Minecraft username (as verified in-game via /verifyreport)
- The selected reason and optional description
- A verification code and its confirmation status
- Uploaded image or video evidence
- Timestamps of submission and verification
- Any username mismatch noted during verification
Reports are sent to the moderation team and may also be forwarded to a Discord webhook for faster processing. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in enforcing server rules and maintaining a fair gaming environment). Reports are stored for up to 12 months unless they are required for a longer period to investigate or document rule violations.
12. Uploaded Evidence
The report form allows users to upload screenshots or videos as evidence. The following file types are accepted: PNG, JPG, GIF, WEBP, MP4, WEBM and MOV. Each file may be up to 25 MB. Uploaded files are stored on the web server in a protected directory and are only accessible to authorized administrators. Files are used solely for processing and reviewing reports. The legal basis is Art. 6(1)(f) GDPR. Uploaded evidence is deleted together with the associated report unless longer retention is necessary for legal enforcement.
13. Processing on the Minecraft Server
When you connect to the server play.blockbay.fun, technical data necessary for operation is processed: your Minecraft UUID, your in-game name, your IP address, chat messages, and game actions. Processing is carried out to fulfill the usage agreement (Art. 6(1)(b) GDPR) and to maintain a secure and fair gaming environment (Art. 6(1)(f) GDPR). Chat logs and sanctions are stored for as long as necessary to enforce rules, but at most 12 months.
14. Staff Applications
To apply for a staff position, you must be logged in to a registered account. When you submit an application, we process:
- The account email address and Minecraft username
- The selected position, motivation, and optional experience
- Optional contact details (Discord username, age, email)
- A unique application code, status, and any internal staff notes
- Timestamps of submission and last update
The legal basis is Art. 6(1)(b) GDPR (processing is necessary to handle your application) and Art. 6(1)(f) GDPR (legitimate interest in managing the recruitment process). You can only view applications linked to your own account. Applications are stored for up to 12 months after the final decision unless longer retention is necessary for legal enforcement. A 30-day cooldown applies between applications; during this time no new application can be submitted.
15. Data Retention
Personal data is stored only for as long as is necessary for the respective purpose or as required by law:
- Server log files: up to 30 days
- Consent decision (local storage): until the user deletes it
- User and admin session cookies: until logout or session expiry
- User account data: until the account is deleted or deactivated
- Linked Minecraft account data: until unlinking or account deletion
- Staff applications: up to 12 months after the final decision
- Player reports and uploaded evidence: up to 12 months
- Minecraft chat logs and sanctions: up to 12 months
16. Your Rights
You have the following rights as a data subject under the GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise these rights, a simple email to [springisfm.dc@icloud.com] is sufficient.
17. Digital Services Act (DSA)
As a provider of digital services within the European Union, we comply with the applicable provisions of the Digital Services Act (Regulation (EU) 2022/2065), which in Germany is implemented by the Digitale-Dienste-Gesetz (DDG). We do not use algorithmic recommendation systems or targeted advertising. User-generated content is limited to staff applications and player reports. For complaints or notices about illegal content, please contact us by email.
18. SSL/TLS Encryption
This site uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection in your browser's address line by the prefix "https://" and the lock symbol.
19. Changes to this Privacy Policy
We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services.

