Privacy Policy

Data Controller

MCVoting.com is the data controller responsible for your personal data. If you have any questions about how we handle your data, you can contact us at:

Email: info@mcvoting.com

Information We Collect

We collect the following types of personal data:

• Account information — email address, username, and password hash when you register
• Profile information — Minecraft username, Discord username (if linked)
• Technical data — IP address, browser type and version, operating system, referring URL
• Usage data — pages visited, clicks, voting activity, and interaction data
• Server listing data — server details you submit (IP address, description, banners, icons)
• Communications — any information you provide when contacting us

We do not collect any special category data (e.g. health, biometric, or political data).

Lawful Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:

• Contract — processing necessary to provide you with our services (e.g. account creation, server listings, voting)
• Legitimate interests — to operate, improve, and secure the site, detect fraud, and prevent vote manipulation
• Consent — for optional analytics cookies and any non-essential data processing. You can withdraw consent at any time
• Legal obligation — where we are required to process data to comply with the law

How We Use Your Information

• Provide, maintain, and improve our services
• Authenticate users and manage accounts
• Process and verify votes
• Analyse site usage and performance (using first-party analytics only)
• Detect and prevent fraudulent activity, including vote manipulation
• Respond to your enquiries and provide support
• Comply with legal obligations

Cookies & Tracking Technologies

We use cookies and similar technologies in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR). These include:

• Essential cookies — authentication sessions (Supabase), bot protection (Cloudflare Turnstile), cookie consent preferences
• Functional cookies — dark/light mode preference (localStorage)
• Analytics cookies — first-party only, no third-party tracking services

When you first visit our site, you can choose which types of cookies to allow. You can change your preferences at any time via our Cookie Policy page. For full details on each cookie, please refer to that page.

Third-Party Services

We share data with the following third-party processors, each of which acts as a data processor under contract:

• Supabase — authentication and database hosting
• Cloudflare — CDN, DDoS protection, and Turnstile CAPTCHA verification
• DigitalOcean Spaces — image storage (server icons, banners, blog images)

We do not use any third-party advertising networks, social media tracking pixels, or analytics services. We do not sell your personal data to anyone.

International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the UK Information Commissioner's Office (ICO)
• Transfers to countries with an adequacy decision under UK data protection law

Data Sharing & Disclosure

We do not sell your personal data. We may share data only when:

• Required by law, regulation, or legal process (e.g. a court order)
• Necessary to protect our rights, safety, or property, or to prevent fraud
• Working with service providers under strict contractual data protection obligations

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Specifically:

• Account data — retained while your account is active, deleted upon request
• Vote records — retained for the duration needed for ranking calculations
• Analytics data — aggregated and anonymised; raw data is not retained long-term
• Server listings — retained while active; inactive listings may be removed after a defined period

Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data (subject to legal obligations)
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Rights related to automated decision-making — we do not use automated decision-making or profiling that produces legal effects

To exercise any of these rights, please email info@mcvoting.com. We will respond within one month, as required by law.

You also have the right to withdraw consent at any time where we rely on consent as the lawful basis (e.g. analytics cookies). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Children's Privacy

MCVoting.com is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent.

If you believe we have inadvertently collected data from a child under 13, please contact us at info@mcvoting.com and we will promptly delete the data.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure authentication with hashed passwords
• Row-level security on database tables
• Regular security reviews and monitoring

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk/make-a-complaint
• Telephone: 0303 123 1113