clan.me

clan.me / Privacy Policy

Privacy Policy

Effective: 15 June 2026

1. Who we are

Clanme Ltd is the data controller for information collected through clan.me (the “Service”), registered in England and Wales. We are subject to the UK GDPR and the Data Protection Act 2018.

Contact: abuse@clan.me

2. What data we collect

Server data

  • Server address (IP or hostname and port)
  • Server name, software, version, and MOTD, broadcast publicly by the server
  • Server icon, broadcast publicly by the server
  • Interactive map URL, auto-detected or declared by the owner
  • Map screenshot, taken automatically from the publicly accessible map
  • Tags and description, supplied by the server owner

Player data (all servers)

  • Minecraft username and UUID, included in each server’s public SLCP response when the server has its player list enabled
  • Timestamps of when a player was observed on a server

Plugin-sourced data (connected servers only)

When a server owner installs the clan.me Paper plugin, the plugin sends periodic heartbeat data to our ingest service. This includes:

  • Session events, join time, quit time, session duration, and a new-versus-returning flag for each player
  • Performance metrics, TPS (ticks per second), MSPT (milliseconds per tick), memory usage, entity and chunk counts per world, JVM garbage-collection pressure, deaths and PvP kills per heartbeat interval, and chat message rate (count only, no content)
  • Server configuration snapshot, difficulty, PvP setting, game mode, view distance, simulation distance, online mode
  • Plugin list, name and version of each installed plugin, included by default; owners who prefer not to share this can set expose_plugins: false in the plugin configuration
  • Startup timestamps, sent on each server boot to record restart history

Owner account data

  • Email address, provided when a server owner creates an account. Used to send magic-link login emails, alert notifications, team invitations, and for abuse contact. Not shown publicly.
  • Browser push subscription data (endpoint URL, encryption keys), if the owner opts in to browser push notifications from the dashboard. Stored per device and used solely to deliver alert notifications.
  • API key metadata (label, creation date, last-used date, key prefix). Full key values are never stored; only a SHA-256 hash is retained.

Usage data

  • Standard web server logs (IP address, browser, pages visited), retained briefly by our infrastructure providers for operational purposes.
  • Page-view analytics collected via PostHog (anonymised; see Section 8).
  • Error reports collected via Sentry (may include request context; see Section 8).

3. How we collect it

Minecraft Server List Ping (SLCP). We periodically query servers using SLCP, the same open protocol used by every Minecraft client, every server browser, and tools like MCSrvStat. When a player has joined a server and that server has its player list enabled, their username and UUID are included in the SLCP response and are publicly visible to anyone who queries the server.

Plugin heartbeat. Server owners who install the clan.me Paper plugin initiate a voluntary data relationship. The plugin sends an outbound HTTPS POST to our ingest service approximately every 60 seconds containing the data described above under “Plugin-sourced data”. The plugin requires no inbound ports. On every player join, the plugin displays an in-game notice: “Session data is sent to clan.me. clan.me/optout to opt out.” with a clickable link to the opt-out page.

Owner account. Server owners may create an account by entering their email address. We send a magic link; clicking it creates or logs into their account. We do not use passwords.

Submit and settings forms. Server owners may voluntarily provide a name, description, tags, Discord link, website, webhook URL, and alert preferences.

4. Legal basis for processing

We rely on legitimate interests (UK GDPR Article 6(1)(f)) as our legal basis for processing server and player data collected via SLCP. Our legitimate interest is operating a public Minecraft server directory that helps players discover servers and helps server owners grow their communities. This data is publicly broadcast by the servers themselves.

For server performance metrics and configuration data sent via the Plugin, the legal basis is contract (Article 6(1)(b)) with the server owner who installed the Plugin and agreed to these Terms.

For player session data collected via the Plugin (join/quit times, duration, new-vs-returning flag), the legal basis is legitimate interests (Article 6(1)(f)). Our legitimate interest is providing server owners with accurate player-activity analytics. Players are notified via the in-game join message and can opt out at any time.

For owner account data (email address, push subscriptions, API key metadata), the legal basis is contract (Article 6(1)(b)), we need the email to provide the account and dashboard services the owner requested.

5. How we use your data

  • Display server information and live player counts on public pages
  • Generate aggregated analytics charts (peak hours, uptime, player growth)
  • Provide the owner analytics dashboard with plugin-sourced metrics (TPS history, memory, session trends, player retention) to connected server owners
  • Send proactive alert emails and push notifications to server owners when configured thresholds are crossed
  • Power embeddable widgets and map screenshots
  • Send magic-link login emails and team invitation emails to server owners
  • Respond to abuse reports and removal requests

We do not sell data. We do not use data for advertising.

6. Data retention

DataRetention
Raw ping records (player counts)30 days, then deleted automatically
Raw player sightings (UUID + name)30 days, then deleted automatically
Plugin session records (join/quit times, duration)18 months, then deleted automatically
Aggregated hourly analytics18 months, then deleted automatically
Server listing and configurationUntil removed by request or enforcement action
Owner account (email, account data)Until account is deleted or all listings removed
Browser push subscriptionsUntil the owner unsubscribes or the subscription expires
Opt-out recordsKept indefinitely to honour opt-out

7. Player opt-out (right to erasure)

Any Minecraft player may request removal of their identifying data from clan.me at any time, without giving a reason. This is our implementation of the right to erasure under UK GDPR Article 17.

To opt out, visit the opt-out page. You will be asked to verify ownership of your Minecraft account via Mojang. Once verified, your UUID is added to our opt-out list. All public-facing pages immediately replace your name and avatar with “Anonymous” across every server you have appeared on. Your raw sightings are deleted within 30 days as part of our normal retention cycle.

For servers connected via the Plugin: session records associated with your UUID are also anonymised on opt-out. Your join and quit times are retained in aggregate form only (with your UUID and name replaced by “Anonymous”) so that server analytics totals, such as total session counts and new-player percentages, remain accurate. No data is attributed to you individually after opt-out.

Your opt-out record is kept indefinitely so that data about you is not re-collected in future polls or heartbeats. If you later wish to remove your opt-out (and reappear in the directory), contact abuse@clan.me.

8. Third-party processors

We use the following sub-processors:

  • Vercel, web hosting (USA; EU–US Data Privacy Framework)
  • Neon, managed PostgreSQL (USA; EU–US Data Privacy Framework)
  • Railway, poller and ingest service hosting (USA)
  • Cloudflare, DNS and CDN (USA; EU–US Data Privacy Framework)
  • Resend, transactional email (USA)
  • Sentry, error monitoring (USA; EU–US Data Privacy Framework). Error reports may include request context such as server slugs; we do not intentionally send player UUIDs or personal data to Sentry.
  • PostHog, web analytics (USA; EU–US Data Privacy Framework). Collects anonymised page-view data; does not receive player UUIDs or personal identifiers.
  • mc-heads.net, player avatar images (UUID-keyed; no additional data sent)

Each processor is bound by a Data Processing Agreement and processes data only to provide the stated service.

9. Your rights under UK GDPR

You have the right to:

  • Access, request a copy of data we hold about you
  • Rectification, correct inaccurate data
  • Erasure, request deletion (players: use the opt-out page; server owners: email us)
  • Restriction, ask us to limit processing while a complaint is resolved
  • Object, object to processing based on legitimate interests
  • Portability, receive your data in a machine-readable format
  • Lodge a complaint, with the Information Commissioner’s Office (ico.org.uk)

To exercise any right, email abuse@clan.me. We respond within 30 days.

10. International data transfers

Some processors listed above are based in the USA. We rely on the UK–US Data Bridge (and equivalent adequacy mechanisms) for these transfers. Where no bridge applies, we rely on standard contractual clauses approved by the ICO.

11. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such data, contact abuse@clan.me and we will delete it promptly.

12. Changes

We may update this policy at any time. Material changes will be noted by updating the effective date above. The current version always governs.

Terms of ServiceAcceptable Use PolicyPlayer opt-out
Privacy Policy — clan.me