Ryf (“Ryf,” “we,” “us,” or “our”) operates https://ryf.sh/and related game server hosting services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, create an account, deploy a server, or contact support.
By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.
1. Who We Are
Service provider: Ryf
Website: https://ryf.sh/
Contact: contact@ryf.sh
Ryf provides premium game server hosting with low-latency networking, always-on DDoS protection, and one-click deployment for games including Minecraft, with additional titles planned.
For privacy-related requests, email contact@ryf.sh with the subject line Privacy Request.
2. Information We Collect
We collect information in the following categories:
2.1 Information you provide directly
- Account information: name, username, email address, password (stored in hashed form), and profile preferences
- Support communications: messages, attachments, and metadata when you email contact@ryf.sh or otherwise contact us
- Billing information: when paid plans launch, payment details are collected and processed by our payment processor; we do not store full payment card numbers on our servers
- Server configuration: game type, mod/plugin selections, server names, and settings you choose in the control panel
- Optional feedback: surveys, feature requests, or testimonials you submit
2.2 Information collected automatically
When you use our website or control panel, we may automatically collect:
- Device and browser data: IP address, browser type, operating system, device identifiers, and language settings
- Usage data: pages viewed, features used, deploy actions, login times, and interaction with our control panel
- Log data: server console output, error logs, authentication events, API requests, and security-related events
- Network and performance data: connection metadata, latency measurements, traffic volumes, and DDoS mitigation events (including source/destination IPs involved in attacks, filtered at the edge)
- Cookies and similar technologies: see Section 8
2.3 Information from game servers and players
When you host a game server through Ryf:
- Customer Content you upload or generate (world files, configs, plugins, etc.) is stored on our infrastructure
- Player connection data (such as IP addresses and in-game identifiers) may be processed as part of normal game server operation; you are responsible for informing your players and complying with applicable privacy laws for your community
We do not intentionally collect sensitive personal categories (such as health data or government ID numbers) through the Services.
3. How We Use Information
We use collected information to:
- Create and manage your account
- Provision, configure, scale, and maintain game servers
- Provide DDoS protection, network routing, and security monitoring
- Operate the control panel, console access, backups, and related features
- Respond to support requests and communicate service updates
- Process payments and prevent fraud (when applicable)
- Analyze usage to improve performance, reliability, and product features
- Enforce our Terms of Service and protect against abuse
- Comply with legal obligations and respond to lawful requests
We do not sell your personal information.
4. Legal Bases for Processing (EEA/UK Users)
If you are in the European Economic Area or United Kingdom, we process personal data based on one or more of the following legal bases:
| Purpose | Legal basis |
|---|---|
| Providing the Services you request | Performance of a contract |
| Account security, fraud prevention, and abuse detection | Legitimate interests / legal obligation |
| Product improvement and analytics | Legitimate interests |
| Marketing communications (if opted in) | Consent |
| Compliance with law | Legal obligation |
You may withdraw consent where processing is consent-based, without affecting the lawfulness of prior processing.
5. How We Share Information
We may share information with:
5.1 Infrastructure and service providers
We use trusted third parties to operate the Services, including cloud and bare-metal providers such as Hetzner, Microsoft Azure, Google Cloud, and Amazon Web Services, as well as providers for email delivery, analytics, payment processing, and customer support tools. These providers process data on our behalf under contractual obligations to protect it and use it only for the services they provide to us.
5.2 Legal and safety reasons
We may disclose information if we believe it is necessary to:
- Comply with applicable law, regulation, legal process, or government request
- Enforce our Terms of Service or investigate violations
- Protect the rights, property, or safety of Ryf, our users, or the public
- Detect, prevent, or address fraud, security, or technical issues
5.3 Business transfers
If Ryf is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any material change in ownership or use of your personal information.
5.4 With your consent
We may share information for other purposes with your explicit consent.
6. International Data Transfers
Ryf operates a global network with infrastructure in multiple regions, including a live edge node in Hyderabad, India, and additional locations planned worldwide. Your information may be processed in countries other than your own, including countries that may not provide the same level of data protection as your home jurisdiction.
Where required, we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses or equivalent mechanisms.
7. Data Retention
We retain personal information only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Typical retention periods:
| Data type | Retention |
|---|---|
| Account data | For the life of your account, plus a reasonable period after deletion for backups and legal compliance |
| Server and world data | Until you delete the server or your account, subject to backup cycles |
| Support emails | Up to 24 months unless needed longer for dispute resolution |
| Security and network logs | Typically 30–90 days, longer if needed for incident investigation |
| Billing records | As required by tax and accounting laws |
When data is no longer needed, we delete or anonymize it using reasonable technical measures.
8. Cookies and Tracking Technologies
We use cookies and similar technologies on our website and control panel to:
- Keep you signed in
- Remember preferences
- Measure site performance and usage
- Protect against abuse and fraud
Types of cookies we may use:
- Essential cookies: required for authentication and core functionality
- Analytics cookies: help us understand how the Services are used
- Preference cookies: remember settings such as language or theme
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features.
We do not currently respond to “Do Not Track” browser signals in a uniform way.
9. Security
We implement technical and organizational measures designed to protect personal information, including:
- Encryption in transit (TLS) for website and panel traffic
- Hashed password storage
- Access controls and role-based permissions
- Network-level DDoS mitigation and monitoring
- Regular review of infrastructure and security practices
No method of transmission or storage is completely secure. You are responsible for safeguarding your account credentials.
10. Your Rights and Choices
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your account and associated personal information
- Export your data in a portable format where technically feasible
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
- Lodge a complaint with a supervisory authority (EEA/UK users)
To exercise these rights, email contact@ryf.sh. We may need to verify your identity before fulfilling a request. We will respond within the timeframe required by applicable law.
California residents (CCPA/CPRA)
California residents may have additional rights, including the right to know what personal information we collect, request deletion, and opt out of the “sale” or “sharing” of personal information. As stated above, we do not sell personal information.
Account deletion
You may request account deletion by contacting contact@ryf.sh. Deletion is subject to retention requirements for legal, security, and backup purposes.
11. Children's Privacy
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us and we will take steps to delete it.
Users between 13 and 18 should use the Services only with parental or guardian consent where required by law.
12. Third-Party Links and Games
Our website may link to third-party sites (such as game publishers, mod repositories, or community tools). We are not responsible for the privacy practices of those third parties. Your use of third-party games and software is also governed by those providers' privacy policies.
Ryf is not affiliated with Mojang, Microsoft, or other game publishers unless explicitly stated.
13. Data Controller Responsibilities for Server Operators
If you operate a game server and collect player data (for example, IP addresses in server logs, Discord integrations, or whitelist information), you are the data controller for that player data. Ryf acts as a processor hosting your server infrastructure.
You are responsible for:
- Providing appropriate privacy notices to your players
- Obtaining any required consents
- Responding to player data requests related to data you control
- Complying with applicable gaming and privacy regulations in your jurisdiction
Contact us if you need a data processing agreement (DPA) for paid or enterprise plans.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at https://ryf.sh/privacyand update the “Last updated” date. We may also notify you by email or through the control panel where appropriate.
Continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy.
15. Contact Us
For privacy questions, requests, or complaints:
Email: contact@ryf.sh
Website: https://ryf.sh/support
This Privacy Policy is a general template tailored to Ryf's published services and infrastructure. Have a qualified attorney review it before publication, especially regarding your legal entity, jurisdiction, GDPR/CCPA compliance, and data processing agreements with subprocessors.