Privacy

Privacy policy

Last updated: April 2026

1. Introduction

TornHost ("we", "us", "our") operates a game server hosting platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.

By creating an account or using TornHost, you agree to the practices described here. If you do not agree, please do not use the Services.

2. Information we collect

  • Account information — email address, display name, and authentication credentials provided when you register or sign in.
  • Payment information — billing address and payment method details processed through our third-party payment provider. We do not store full card numbers directly on our systems.
  • Server configuration and content — settings, world files, plugins, and other data you upload or generate on your servers.
  • Usage telemetry — server uptime metrics, resource usage (CPU, RAM, disk), and feature interaction data used to operate and improve the Services.
  • Network data — IP addresses collected for connection handling, abuse prevention, and security purposes.
  • Support correspondence — messages and chat history when you contact us through Discord or other support channels.

3. How we collect information

  • Directly from you — when you register, purchase a plan, configure a server, or contact support.
  • Automatically — through server logs, session cookies, and telemetry collected while you use the Services.
  • Third parties — Firebase Authentication provides verified account identifiers; payment processors confirm completed transactions.

4. How we use your information

  • To provision, host, and maintain your server instances.
  • To process payments and manage your subscription and billing details.
  • To detect and prevent abuse, fraud, and violations of our Terms of Service.
  • To send essential service notifications — outages, billing alerts, and policy changes. Marketing communications are opt-in only.
  • To improve reliability, performance, and features based on aggregated and anonymised usage patterns.
  • To comply with applicable legal and regulatory obligations.

5. Data sharing

We do not sell, rent, or trade your personal data to third parties for their own use. Data is shared only in the following circumstances:

  • Infrastructure providers — Firebase (Google) for authentication and database, payment processors for billing, and server hardware providers where your data physically resides. These parties operate under data processing agreements.
  • Ad networks (free and starter plans only) — contextual ad-serving data is shared with advertising partners on plans that include ads. See our Ads Info page for full details.
  • Legal obligations — we may disclose information when required by a valid legal process, court order, or to protect the safety of users or the general public.

6. Data retention

Account data is retained while your account is active. If you delete your account, personal information is removed within 30 days. Server files are deleted within 7 days of account deletion unless you request immediate removal. Backup copies may persist in cold storage for up to 90 days before permanent deletion. Anonymised usage statistics may be retained indefinitely.

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you.
  • Correction — request that inaccurate or incomplete data be corrected.
  • Deletion — request permanent deletion of your account and associated personal data.
  • Portability — request your server files in a downloadable format before account closure.
  • Objection — object to processing where we rely on legitimate interests as a legal basis.
  • Restriction — request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, contact us via the Discord server linked in our support centre. We will respond within 30 days.

8. Cookies

We use essential session cookies to keep you signed in across pages. We do not use persistent tracking cookies for advertising on our own behalf. On ad-supported plans, third-party ad networks may set their own cookies subject to their respective privacy policies. You can manage cookies through your browser settings, though disabling essential cookies may affect login functionality.

9. Security

We use industry-standard encryption in transit and at rest, strict access controls, and regular security reviews to protect your data. Passwords are never stored in plain text. Despite these measures, no internet service can guarantee absolute security — we encourage you to use a strong, unique password for your account.

10. Children's privacy

TornHost services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware a child under 13 has provided personal information without verifiable parental consent, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy periodically. When we make significant changes, we will post the updated policy here with a revised "last updated" date and notify users via email or in-panel announcement where appropriate. Your continued use of the Services after the effective date constitutes acceptance of any changes.

12. Contact

For privacy questions, data requests, or to exercise your rights, contact us through the Discord server linked in our support centre. EU residents may also file a complaint with their local data protection authority.