Privacy Policy

Effective date: April 17, 2026

Overview

SpawnBox ("we", "us", "our") is a desktop application for managing Minecraft servers. We respect your privacy and collect only what is necessary to provide and improve our services. This policy explains what data we collect, why, and how we protect it.

What We Collect

Account Information

When you create an account, we collect your email address and display name through our authentication provider (Kinde). If you sign in with Google or another provider, we receive your public profile information but never your password.

Minecraft Server Data

SpawnBox runs locally on your computer. Your Minecraft server data (worlds, player files, configurations) stays on your machine. We do not upload your server data to our servers unless you explicitly use a cloud feature like hibernation, in which case your data is encrypted before upload and stored securely.

Discord Integration

If you connect SpawnBox to your Discord server (a Pro feature), we access your Discord server information (name, channels, roles) to provide bot functionality like activity feeds, server status cards, chat bridging, and slash commands. We store your Discord server ID and linked configuration. We do not read or store the content of your Discord messages outside of explicit bot commands.

DNS and Networking

If you register a server address (e.g., yourname.mc.spawnbox.app), we store the subdomain, your public IP address, and ownership records to manage the address. IP addresses are updated automatically and previous values are not retained.

Cloud Backups (Hibernation)

When you hibernate a server to the cloud, your world data is compressed and encrypted before upload. Encryption uses a key derived from your account - your data cannot be read by us or anyone else. We store an archive manifest (file sizes, timestamps, and a summary of the world) alongside the encrypted data. The manifest helps display your archived servers but does not contain your world files or builds.

Web Portal and Scoreboard

If you enable a server address, a public web page is created for your server showing player stats, server status, and a live scoreboard image. Scoreboard snapshots include player usernames, scores, and play time. This data is visible to anyone with your server address.

Device Information

SpawnBox generates a device fingerprint (a one-way hash of your hardware characteristics) to prevent abuse of free trials and promotional offers. This fingerprint cannot identify you personally or reveal details about your computer - it only lets us detect if the same device has already claimed a trial. We store the fingerprint hash and the date it was last seen.

Usage Telemetry

SpawnBox collects anonymous usage data to help us understand how the app is used and where problems occur. Anonymous usage telemetry is enabled by default during the preview period and can be disabled in Settings at any time. Cross-device identity (an anonymous code derived from your account - never your real info) is optional and can be toggled separately in Settings. All data is anonymous regardless of your choices.

What we collect

  • Navigation: Which tabs and features you visit, and how long you spend on each
  • Actions: When you start, stop, or restart servers; install mods; manage players (not the content of what you do, just that you did it)
  • Errors: Application crashes, failed operations, and error messages (with personal file paths automatically removed)
  • Performance: Periodic snapshots of how fast the app responds and resource usage
  • Preferences: Which columns you show or hide, UI settings, layout choices
  • Environment: Operating system, RAM, CPU, disk space, Docker version (collected once per session, not continuously). Network environment: your router's manufacturer, model name, model number, firmware version if the router publishes these, the sanitized title of your router's admin page (with any identifying digits removed - e.g. "AT&T Smart Home Manager" or "TP-Link Archer AX73"), the vendor prefix of your router's MAC address (identifying the manufacturer, not your specific device), and which port-forwarding protocols (UPnP, PCP, NAT-PMP) your router supports. Your router's local IP address, public IP address, and full MAC address are never collected.
  • Internet connection classification: whether your internet provider uses Carrier-Grade NAT (a shared-address setup common on Starlink, T-Mobile Home Internet, and some cable providers), whether your computer has an IPv6 address available, which internet protocols (IPv4, IPv6, or both) your computer can use, and whether SpawnBox was able to reach your server from outside your network (yes / no / unable to test). Your actual IPv4 and IPv6 addresses are never sent in this telemetry - only the classification (e.g. "CGNAT detected" or "IPv6 address available"). These signals help us diagnose why port forwarding sometimes fails and understand which connectivity paths work for which internet providers.
  • Connection enrichment: your internet provider name (ISP), internet provider identifier (ASN - a number that identifies which network your connection belongs to), country code, and network prefix (the first 24 bits of your IPv4 address or first 48 bits of your IPv6 address - roughly equivalent to your ISP's address block, not your individual address). These are derived from your connection's IP address at the time the telemetry request arrives; your full IP address is never stored. This data helps us understand fleet-wide connectivity health across different providers and regions.
  • Infrastructure: Install wizard progress, daemon service health, and periodic roll-ups of how our background services are doing on your machine (port mapping, backups, DNS updates, WSL management, auto-start, etc.) - which state each is in, how long it has been in that state, any error categories it has hit. This helps us detect and fix daemon problems across all SpawnBox users before individual users are affected.

What we never collect

  • Chat messages or private conversations
  • World file contents, builds, or map data
  • Player IP addresses or location data
  • Your full IP address (connection enrichment derives ISP, country, and network prefix from it, then discards it)
  • Minecraft account passwords or credentials
  • Your server name or IP address (server identifiers are one-way hashes)
  • Custom or private mod contents (only public Modrinth identifiers are recorded)

How we identify you

SpawnBox uses two layers of identity for telemetry:

  • Anonymous Install ID: A random identifier generated the first time you sign in to SpawnBox. It cannot be reversed to identify you. It lets us count how many people use a feature without knowing who they are.
  • Account-Linked ID (optional): If you enable "Account-Linked Analytics" in Settings, a scrambled version of your account ID is included. This helps us understand usage across different computers. Your actual name or email is never sent - only a one-way hash that cannot be reversed.

You can disable account-linked analytics separately from basic telemetry in Settings. When basic telemetry is off, no data is collected or transmitted at all.

How router identifiers are anonymized

To help us spot patterns in router compatibility without being able to correlate you with other SpawnBox users, SpawnBox generates a per-install random key and uses it to cryptographically hash your router's MAC address before any transmission. The same physical router seen from two different SpawnBox installs produces two different hashes - so we can count how many distinct routers of a given manufacturer exist in our user base, but we cannot connect any two users' routers to each other, and we cannot reverse the hash to identify your router. The hash key lives only on your computer and is discarded if you uninstall SpawnBox.

How telemetry is transmitted

All telemetry data is sent over HTTPS (TLS) to our Cloudflare Workers infrastructure. Automatic telemetry collection begins only after you have completed the first-run age confirmation in the SpawnBox app. Once you sign in, telemetry requests are additionally authenticated using your Kinde session token - a cryptographic proof of identity that our servers verify against Kinde's public keys. See the Children's Privacy section below for the full COPPA framing.

The one exception is the voluntary "Send Diagnostic Package" button. If you explicitly click that button before signing in - for example because something went wrong during installation and you want to send us the setup logs - the package is uploaded over TLS but is not cryptographically authenticated at the network layer. This matches industry standard for pre-login client diagnostic uploads (the same approach used by tools like Sentry, Google Analytics, and Datadog). TLS ensures the data is encrypted in transit and cannot be tampered with in flight. We only receive a diagnostic package from an unsigned-in install if you explicitly and manually initiate the upload yourself.

Website analytics (spawnbox.app)

This section covers our marketing website (spawnbox.app), which is separate from the SpawnBox desktop app described above. When you visit any page on spawnbox.app, your browser sends a single lightweight beacon to our Cloudflare Workers infrastructure to record an anonymous page visit. This is the only analytics system on the website - we do not use Google Analytics, Meta Pixel, Hotjar, or any third-party tracker.

What each page visit records

  • The page path you visited (e.g. /privacy/, /upgrade/)
  • Your country, derived by Cloudflare from your IP address (2-letter country code only - we never see your IP)
  • The referring page, if your browser provides one (the standard HTTP Referer header)
  • The event type (page_view for pages, signup_submit if you submit the invite code form)
  • A timestamp

What the website never records

  • No cookies of any kind (first-party or third-party)
  • No user IDs, session tokens, or cross-page tracking
  • No fingerprinting (no canvas, no WebGL, no font enumeration)
  • No IP addresses (Cloudflare derives your country from your IP before the request reaches our code)
  • No third-party analytics (no Google Analytics, no Meta Pixel, no LinkedIn Insight, no Hotjar, nothing)

Why we collect this

Anonymous page visit counts help us understand which parts of the website are useful to visitors (for example, "do people read the Upgrade page before signing up?") and which countries our visitors come from, so we can prioritize translations and compliance work. That is the entire purpose. We do not use this data for advertising, retargeting, or behavioral profiling, and we do not share it with anyone.

How to opt out

Our website beacon respects two standard browser opt-out signals automatically:

  • Global Privacy Control (GPC) - the current standard, legally binding in California under CPRA. Available in Firefox, Brave, and DuckDuckGo by default, and via extensions in Chrome and Edge.
  • Do Not Track (DNT) - the legacy signal, still honored. Available in older versions of most browsers.

If your browser sends either signal, our beacon does not fire at all - no page view is recorded. You do not need to contact us or set any preference on our side. Your browser handles the opt-out automatically and transparently. You can verify the opt-out yourself by opening your browser's developer tools on any spawnbox.app page, checking the Network tab, and confirming that no request to /telemetry/beacon fires.

Diagnostic Packages

SpawnBox includes a "Send Diagnostic Package" feature in Settings that lets you share detailed information with us when something goes wrong. This is always voluntary - it only runs when you explicitly choose to send one.

What a diagnostic package contains

  • Application log files (app, backend, background service, frontend)
  • Performance data (response times, resource usage)
  • System information (operating system, hardware manufacturer and model, BIOS version, CPU, RAM, GPU, disk space, memory module details)
  • Network configuration (network adapters and drivers, routing table, DNS resolver settings, Windows Firewall profile state)
  • Environment state (environment variables with secrets stripped, scheduled tasks related to WSL/Docker/antivirus/updates, Windows optional features, power plan and battery state, installed antivirus and firewall products)
  • Installed software (hotfixes/updates, Windows Update history and pending updates, WSL runtime provenance)
  • Graphics diagnostic (dxdiag system report including DirectX version and GPU driver details)
  • Server metadata (Minecraft version, installed mods and plugins)
  • Extended network diagnostics: your external IP address as seen by a STUN server, a traceroute to the first network hop beyond your router, UPnP service queries (router make, model, and firmware when the router exposes them), and full ISP and network prefix information. This data is richer than standard telemetry and is included here specifically to help diagnose connectivity problems - it is only collected when you click "Send Diagnostic Package".
  • A full copy of the SpawnBox database - this includes server configurations, player session history, analytics data, and settings. It does NOT include your Minecraft world files, builds, or game saves.

Anonymization

Before sending, you choose whether to anonymize the package. When anonymized:

  • All player names are replaced with random codes (e.g., "Player_a1b2c3")
  • Player account IDs and IP addresses are similarly replaced
  • Server names are anonymized
  • The scrambling key is discarded after use - we cannot reverse the anonymization

Third-party player data

Diagnostic packages may contain data about other players on your server - their usernames, play sessions, and chat messages that appear in server logs. The anonymization option exists specifically to protect their privacy. We recommend using anonymization unless SpawnBox support specifically asks for un-anonymized data.

Diagnostic packages are stored securely and automatically deleted after 90 days. Only the SpawnBox team can access them.

Community Insights

We aggregate anonymous server setup data across all SpawnBox users to understand popular configurations, commonly-used mods, and gaps in the mod ecosystem. This aggregate data may be shared publicly in the future (for example, "Paper is the most popular loader" or "Sodium is used on 74% of Fabric servers"), but individual server configurations are never disclosed. Aggregate statistics are only published when enough users contribute data to prevent identifying individual setups.

Data Retention

  • Usage telemetry events: Retained for 90 days, then automatically purged
  • Diagnostic packages: Retained for 90 days, then automatically deleted from cloud storage
  • Account data: Retained while your account is active
  • Temporary server addresses (Free): Released after 24 hours without an active server connection
  • Reserved server addresses (Pro): Maintained while subscribed, then kept for 90 days after cancellation
  • Cloud backup archives: Retained for 6 months after last sign-in if no active subscription, then may be permanently deleted
  • Discord integration and web portal data: Cleaned up when you delete a server, release its address, or after 6 months of inactivity
  • Server heartbeats: Expire automatically after 5 minutes
  • Device fingerprints: Retained while your account exists
  • Local data (settings, identity files): Stored on your computer until SpawnBox is uninstalled

Account Deletion and Data Cleanup

When you request account deletion, we remove your data as follows:

  • Your account and authentication records are deleted from our identity provider
  • All server addresses are released and DNS records are removed
  • All cloud backup archives are permanently deleted from storage
  • Discord integration data and web portal snapshots are removed
  • Device fingerprints are deleted
  • Telemetry events associated with your account-linked ID (if enabled) are purged

Local data on your computer (Minecraft worlds, SpawnBox settings) is not affected by account deletion and remains yours.

How We Use Your Data

  • To provide and maintain SpawnBox features
  • To authenticate your account and manage your subscription
  • To process payments through Lemon Squeezy (we never see your full card number)
  • To operate Discord bot integration on your behalf
  • To manage your server address (DNS)
  • To send transactional emails (invite codes, waitlist confirmations, account notifications)
  • To improve our product through anonymous usage analytics
  • To diagnose and fix bugs using diagnostic packages you voluntarily submit

Data Storage and Security

Cloud data is stored on Cloudflare's global infrastructure. Server backups and diagnostic packages are encrypted before upload. Authentication is handled by Kinde with industry-standard security. We use HTTPS for all communications. We do not sell your data to third parties.

Third-Party Services

  • Kinde - Authentication and identity management
  • Lemon Squeezy - Payment processing and subscriptions
  • Cloudflare - Infrastructure, DNS, storage, compute, and analytics
  • Discord - Bot integration (when you opt in)
  • Resend - Transactional email delivery

Each of these services has its own privacy policy. We encourage you to review them.

Your Rights

You can:

  • Disable usage telemetry at any time in Settings
  • Disable account-linked analytics separately from basic telemetry
  • View exactly what telemetry data has been collected ("View My Data" in Settings)
  • Choose to anonymize diagnostic packages before sending
  • Request a copy of your data
  • Request deletion of your account and associated data
  • Disconnect Discord integration at any time
  • Release your server address at any time

Children's Privacy

SpawnBox is designed for teens, parents, educators, and families. We take children's online privacy seriously and structure our signup flow to comply with the Children's Online Privacy Protection Act (COPPA) in the United States and the General Data Protection Regulation for children (GDPR-K) in the European Union.

Minimum age to create an account

You must confirm that you are at least 13 years old to create a SpawnBox account. If you are signing up from Germany, the Netherlands, Hungary, Luxembourg, or Croatia - EU countries where the digital consent age is 16 - you must confirm that you are at least 16.

Younger users with a parent present

If you are younger than the applicable minimum, you can still create an account as long as a parent or guardian is physically with you during signup and is the person completing the account creation form. At signup, your parent or guardian will be asked to confirm that they are present and have reviewed this policy and the Terms of Service on your behalf. The account is then treated as the parent's account, used to manage the child's Minecraft server experience.

Data collected from under-age accounts with parental consent

When a parent has confirmed their presence during signup on behalf of a child under 13, we limit data collection to what US law calls "support for the internal operations of the service" under the COPPA internal-operations exception. In plain English: we collect crash reports, installation diagnostics, and anonymous usage statistics that help us keep SpawnBox running. We do not collect data for advertising, behavioral profiling, or personalized recommendations, and we do not share anonymous usage data with third-party advertising networks. Telemetry collection only begins after the first-run age confirmation step in the SpawnBox app, so no data is collected from any user who has not explicitly attested their age.

We do not knowingly collect personal information from children under 13 outside of this parent-supervised signup path. If you believe a child under 13 has provided us with personal information in a way that doesn't match this policy, please contact us at [email protected] so we can investigate and, if appropriate, remove the information.

Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes through the application or by email. Continued use of SpawnBox after changes constitutes acceptance of the updated policy.

Revision History

  • 2026-04-27: Clarified the telemetry start condition: collection begins after the first-run age confirmation in the desktop app, not after Kinde sign-in. This matches the actual gate that protects under-age users from any pre-consent collection. The Kinde sign-in age gate continues to operate separately and remains the authoritative record for self-vs-parent attestation paths.
  • 2026-04-20: Added "Connection enrichment" to the app telemetry "What we collect" list: ISP name, internet provider identifier (ASN), country code, and network prefix (first 24 bits IPv4 / first 48 bits IPv6) are derived from the connection IP at request time; the full IP address is never stored. Added a corresponding bullet to "What we never collect" making this explicit. Updated the Diagnostic Packages section to document extended network diagnostics (STUN external IP, traceroute to first hop, UPnP router queries, full ISP and network prefix info) that are included only in user-initiated diagnostic uploads.
  • 2026-04-13: Expanded the Children's Privacy section with specific minimum-age thresholds (13 globally, 16 in Germany, the Netherlands, Hungary, Luxembourg, and Croatia) and documented the parent-present signup path for younger users. Clarified the data collection limits that apply to parent-supervised under-13 accounts under the COPPA internal-operations exception.
  • 2026-04-13: Clarified that the Anonymous Install ID is generated the first time you sign in to SpawnBox (not on first launch). Removed references to mod/plugin/datapack browsing and server setup telemetry, which are planned for a future release but not currently collected. Replaced "required during preview" with "enabled by default during the preview period and can be disabled in Settings at any time" to match the terms and the Settings UI.
  • 2026-03-28: Initial publication.

Contact

Questions about this privacy policy? Contact us at [email protected] or reach out on Discord.