Legal

Privacy Policy

Last updated: 2026-06-12

This policy explains what personal data PixelCobble processes, why, and what rights you have under the GDPR (Regulation (EU) 2016/679).

1. Data controller

PixelCobble (contact: privacy@pixelcobble.com).

2. What we process and why

  • Account data: name, email, password hash. Legal basis: contract performance (providing your account).
  • Minecraft data: username, UUID, gameplay statistics (playtime, Pokémon caught etc.) read from the game server. Legal basis: contract performance and legitimate interest (leaderboards, delivering purchases).
  • Purchase data: order history and amounts. Card details are processed exclusively by Stripe (PCI-DSS certified) and never reach our servers. Legal basis: contract performance and legal obligations (accounting).
  • Affiliate referral data: a referral cookie (30 days) and conversion events. Legal basis: legitimate interest / consent via cookie acceptance.
  • Technical logs: IP addresses and request logs for security and abuse prevention, retained up to 90 days. Legal basis: legitimate interest.

3. Recipients

Stripe (payments, EU/US, with SCCs in place), our hosting provider (EU data center), and email delivery infrastructure. We do not sell personal data and we do not use third-party advertising trackers.

4. Retention

Account data: until you delete your account. Order records: as long as required by tax law (typically 10 years in Romania). Gameplay statistics: while the server operates. Logs: up to 90 days.

5. Your rights

You have the right of access, rectification, erasure, restriction, portability and objection, and the right to withdraw consent at any time. Write to privacy@pixelcobble.com. You may also lodge a complaint with your supervisory authority (in Romania: ANSPDCP).

6. Children

The Service is intended for players aged 13+. If you are under 16, parental consent may be required in your country for account creation. We do not knowingly collect data from children under 13.

7. International transfers & security

Data is stored in the EU. Where a processor operates outside the EU (e.g. Stripe), transfers rely on adequacy decisions or Standard Contractual Clauses. We use TLS everywhere, hashed passwords and least-privilege access.