GDPR
Last updated — 2026-07-16
Minealyze processes data originating in the EU/EEA and is designed with GDPR principles in mind: lawfulness, minimization, purpose limitation, and security by design.
Controller & processor
For player and revenue data, the server owner is the data controller and Minealyze is the data processor. We enter into a data processing agreement (DPA, GDPR Art. 28) with server owners on paid plans on request.
Legal basis
Descriptive analytics typically relies on the server owner's legitimate interest in operating and improving their community; win-back messaging to identifiable players may require consent depending on jurisdiction and channel — the server owner is responsible for the underlying player-facing notice and consent where required.
Minimization & pseudonymization
Player UUIDs are pseudonymized before reaching any AI model. Raw player-written content (chat, signs, books, private messages) can be excluded entirely via content-free mode, and is never used as an instruction to trigger an action.
Minors (GDPR Art. 8)
Given the age profile of Minecraft communities, we treat most player data as potentially belonging to a minor: we do not target under-13 players for win-back, and we recommend server owners apply the age-of-consent threshold of their member state (13–16 depending on country).
International transfers
Our AI sub-processors (Anthropic, optionally OpenAI) operate outside the EU under standard contractual clauses or equivalent transfer mechanisms; zero-data-retention options are used where eligible to reduce exposure.
Data subject rights
Access, rectification, erasure, restriction, portability, and objection are supported. Erasure requests propagate to backups within a documented window. Requests concerning player data should first go to the relevant server owner, who is the controller.
Breach notification
In the event of a personal data breach, we notify affected server owners without undue delay and assist them in meeting their own 72-hour notification obligation to their supervisory authority (GDPR Art. 33).
Contact
Data protection questions can be sent to the email address listed on our website's contact page.