← Back to SpawnBox

Privacy Policy

Effective date: March 28, 2026

Overview

SpawnBox ("we", "us", "our") is a desktop application for managing Minecraft servers. We respect your privacy and collect only what is necessary to provide and improve our services. This policy explains what data we collect, why, and how we protect it.

What We Collect

Account Information

When you create an account, we collect your email address and display name through our authentication provider (Kinde). If you sign in with Google or another provider, we receive your public profile information but never your password.

Minecraft Server Data

SpawnBox runs locally on your computer. Your Minecraft server data (worlds, player files, configurations) stays on your machine. We do not upload your server data to our servers unless you explicitly use a cloud feature like hibernation, in which case your data is encrypted before upload and stored securely.

Discord Integration

If you connect SpawnBox to your Discord server (a Pro feature), we access your Discord server information (name, channels, roles) to provide bot functionality like activity feeds, server status cards, chat bridging, and slash commands. We store your Discord server ID and linked configuration. We do not read or store the content of your Discord messages outside of explicit bot commands.

DNS and Networking

If you register a server address (e.g., yourname.mc.spawnbox.app), we store the subdomain, your public IP address, and ownership records to manage the address. IP addresses are updated automatically and previous values are not retained.

Cloud Backups (Hibernation)

When you hibernate a server to the cloud, your world data is compressed and encrypted before upload. Encryption uses a key derived from your account - your data cannot be read by us or anyone else. We store an archive manifest (file sizes, timestamps, and a summary of the world) alongside the encrypted data. The manifest helps display your archived servers but does not contain your world files or builds.

Web Portal and Scoreboard

If you enable a server address, a public web page is created for your server showing player stats, server status, and a live scoreboard image. Scoreboard snapshots include player usernames, scores, and play time. This data is visible to anyone with your server address.

Device Information

SpawnBox generates a device fingerprint (a one-way hash of your hardware characteristics) to prevent abuse of free trials and promotional offers. This fingerprint cannot identify you personally or reveal details about your computer - it only lets us detect if the same device has already claimed a trial. We store the fingerprint hash and the date it was last seen.

Usage Telemetry

SpawnBox collects anonymous usage data to help us understand how the app is used and where problems occur. Anonymous usage telemetry is required during preview to ensure update quality and catch issues early. Cross-device identity (an anonymous code derived from your account - never your real info) is optional and can be toggled in Settings. All data is anonymous regardless of your choices.

What we collect

  • Navigation: Which tabs and features you visit, and how long you spend on each
  • Actions: When you start, stop, or restart servers; install mods; manage players (not the content of what you do, just that you did it)
  • Errors: Application crashes, failed operations, and error messages (with personal file paths automatically removed)
  • Performance: Periodic snapshots of how fast the app responds and resource usage
  • Preferences: Which columns you show or hide, UI settings, layout choices
  • Environment: Operating system, RAM, CPU, disk space (collected once per session, not continuously)
  • Server setup: Which Minecraft loader, game version, and mods/plugins/datapacks you use (identified by their public Modrinth identifiers, not filenames)
  • Asset browsing: What you search for in the mod/plugin browser and which assets you install

What we never collect

  • Chat messages or private conversations
  • World file contents, builds, or map data
  • Player IP addresses or location data
  • Minecraft account passwords or credentials
  • Your server name or IP address (server identifiers are one-way hashes)
  • Custom or private mod contents (only public Modrinth identifiers are recorded)

How we identify you

SpawnBox uses two layers of identity for telemetry:

  • Anonymous Install ID: A random identifier generated when you first run SpawnBox. It cannot be reversed to identify you. It lets us count how many people use a feature without knowing who they are.
  • Account-Linked ID (optional): If you enable "Account-Linked Analytics" in Settings, a scrambled version of your account ID is included. This helps us understand usage across different computers. Your actual name or email is never sent - only a one-way hash that cannot be reversed.

You can disable account-linked analytics separately from basic telemetry in Settings. When basic telemetry is off, no data is collected or transmitted at all.

Diagnostic Packages

SpawnBox includes a "Send Diagnostic Package" feature in Settings that lets you share detailed information with us when something goes wrong. This is always voluntary - it only runs when you explicitly choose to send one.

What a diagnostic package contains

  • Application log files (app, backend, background service, frontend)
  • Performance data (response times, resource usage)
  • System information (operating system, RAM, CPU, disk space)
  • Server metadata (Minecraft version, installed mods and plugins)
  • A full copy of the SpawnBox database - this includes server configurations, player session history, analytics data, and settings. It does NOT include your Minecraft world files, builds, or game saves.

Anonymization

Before sending, you choose whether to anonymize the package. When anonymized:

  • All player names are replaced with random codes (e.g., "Player_a1b2c3")
  • Player account IDs and IP addresses are similarly replaced
  • Server names are anonymized
  • The scrambling key is discarded after use - we cannot reverse the anonymization

Third-party player data

Diagnostic packages may contain data about other players on your server - their usernames, play sessions, and chat messages that appear in server logs. The anonymization option exists specifically to protect their privacy. We recommend using anonymization unless SpawnBox support specifically asks for un-anonymized data.

Diagnostic packages are stored securely and automatically deleted after 90 days. Only the SpawnBox team can access them.

Community Insights

We aggregate anonymous server setup data across all SpawnBox users to understand popular configurations, commonly-used mods, and gaps in the mod ecosystem. This aggregate data may be shared publicly in the future (for example, "Paper is the most popular loader" or "Sodium is used on 74% of Fabric servers"), but individual server configurations are never disclosed. Aggregate statistics are only published when enough users contribute data to prevent identifying individual setups.

Data Retention

  • Usage telemetry events: Retained for 90 days, then automatically purged
  • Diagnostic packages: Retained for 90 days, then automatically deleted from cloud storage
  • Account data: Retained while your account is active
  • Temporary server addresses (Free): Released after 24 hours without an active server connection
  • Reserved server addresses (Pro): Maintained while subscribed, then kept for 90 days after cancellation
  • Cloud backup archives: Retained for 6 months after last sign-in if no active subscription, then may be permanently deleted
  • Discord integration and web portal data: Cleaned up when you delete a server, release its address, or after 6 months of inactivity
  • Server heartbeats: Expire automatically after 5 minutes
  • Device fingerprints: Retained while your account exists
  • Local data (settings, identity files): Stored on your computer until SpawnBox is uninstalled

Account Deletion and Data Cleanup

When you request account deletion, we remove your data as follows:

  • Your account and authentication records are deleted from our identity provider
  • All server addresses are released and DNS records are removed
  • All cloud backup archives are permanently deleted from storage
  • Discord integration data and web portal snapshots are removed
  • Device fingerprints are deleted
  • Telemetry events associated with your account-linked ID (if enabled) are purged

Local data on your computer (Minecraft worlds, SpawnBox settings) is not affected by account deletion and remains yours.

How We Use Your Data

  • To provide and maintain SpawnBox features
  • To authenticate your account and manage your subscription
  • To process payments through Lemon Squeezy (we never see your full card number)
  • To operate Discord bot integration on your behalf
  • To manage your server address (DNS)
  • To send transactional emails (invite codes, waitlist confirmations, account notifications)
  • To improve our product through anonymous usage analytics
  • To diagnose and fix bugs using diagnostic packages you voluntarily submit

Data Storage and Security

Cloud data is stored on Cloudflare's global infrastructure. Server backups and diagnostic packages are encrypted before upload. Authentication is handled by Kinde with industry-standard security. We use HTTPS for all communications. We do not sell your data to third parties.

Third-Party Services

  • Kinde - Authentication and identity management
  • Lemon Squeezy - Payment processing and subscriptions
  • Cloudflare - Infrastructure, DNS, storage, compute, and analytics
  • Discord - Bot integration (when you opt in)
  • Resend - Transactional email delivery

Each of these services has its own privacy policy. We encourage you to review them.

Your Rights

You can:

  • Disable usage telemetry at any time in Settings
  • Disable account-linked analytics separately from basic telemetry
  • View exactly what telemetry data has been collected ("View My Data" in Settings)
  • Choose to anonymize diagnostic packages before sending
  • Request a copy of your data
  • Request deletion of your account and associated data
  • Disconnect Discord integration at any time
  • Release your server address at any time

Children's Privacy

SpawnBox is designed for use by teens (13+), parents, and educators. We do not knowingly collect personal information from children under 13. Telemetry collection only begins after sign-in, ensuring no data is collected from users who haven't completed account creation. If you believe a child under 13 has provided us with personal information, please contact us so we can remove it.

Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes through the application or by email. Continued use of SpawnBox after changes constitutes acceptance of the updated policy.

Contact

Questions about this privacy policy? Contact us at [email protected] or reach out on Discord.