Privacy Policy

Privacy Policy for Mythrend Network

Last Updated: May 17, 2026
Effective Date: March 24, 2025

Welcome to Mythrend Network. This Privacy Policy explains how Mythrend Network LLC ("Mythrend," "we," "us," or "our") collects, uses, discloses, and protects personal information when you access or use our website, Minecraft server, Discord integrations, and related services (collectively, the "Services"). By using our Services, you agree to the practices described in this Privacy Policy.

1. Purpose of This Policy

This Privacy Policy explains:

  • What personal data we collect and how we collect it.
  • How and why we use your data.
  • How long we retain your data.
  • With whom we share your data.
  • Your rights regarding your personal information.
  • How third parties process data on our behalf.

We are committed to transparency and responsible data handling in compliance with applicable privacy laws, including the Children's Online Privacy Protection Act ("COPPA"), the California Consumer Privacy Act ("CCPA"), and, where applicable, the General Data Protection Regulation ("GDPR").

2. Who We Are

Mythrend Network LLC operates:

  • The Mythrend Network website and account system.
  • Our Minecraft server(s).
  • Discord integrations.
  • Our payment storefront (via Tebex).

We provide online services, authentication, game progression features, community tools, and digital purchases for our players.

For questions or concerns about this Privacy Policy, please contact us at [email protected] (legal and privacy matters) or [email protected] (general inquiries), or via our support portal.

3. Definitions

  • "Personal Information": Any information that identifies or can reasonably be used to identify you (e.g., email address, Minecraft UUID, usernames, IP address).
  • "Aggregated Data": Non-identifiable statistical or analytical data that cannot reasonably be used to identify any individual.
  • "User," "Player," "You": Any individual or entity interacting with our Services.
  • "Third-Party Services": External providers such as Microsoft, Tebex, Discord, LeaderOS, Google Analytics, and Cloudflare.

4. Information We Collect

4.1 Account and Profile Data (Website)

When you register or log in, we collect and/or receive the following via Microsoft OAuth:

  • Microsoft OAuth Identity: Used to authenticate your Microsoft account and directly associate it with your Minecraft account and Mythrend profile. This is the sole supported method of account registration and login.
  • Email Address: Retrieved automatically via Microsoft OAuth. Used as your default contact email. You may update your contact email at any time through your account settings.
  • Minecraft UUID and Username: Retrieved via the Microsoft → Xbox Live → XSTS → Minecraft API token chain, used to link your Minecraft account to your Mythrend profile.
  • Discord Account (Optional): You may optionally add your Discord username or tag to your public Mythrend profile so other community members can find you. This is a profile display feature only and is not used for account registration or login. Separately, if you choose to link your Discord account in-game for role syncing, your Discord ID is used for that purpose as described in Section 7.
  • Optional Profile Information: First and last name; phone number. You control the visibility of this information to other users.

Authentication Token Handling: During the login process, we temporarily use the following tokens: Microsoft Graph Access Token, Microsoft Refresh Token, Xbox Live Token, XSTS Token, and Minecraft Access Token. These tokens are used solely to complete the authentication flow and are not stored once the login process completes.

4.2 Website Technical Data

We automatically collect the following when you use our website:

  • IP Address: Used for security, fraud prevention, and server protection.
  • Device and Browser Information: Used for compatibility and service optimization.
  • Login and Security Logs: Maintained for account security and moderation purposes.
  • Timezone: Used for displaying leaderboard timestamps accurately.
  • Cookies and Tracking Technologies: See Section 8 for details.
  • Cloudflare Turnstile (CAPTCHA): Used on high-risk pages including login, registration, password recovery, ticket submission, blog replies, and forum posting to protect against bot activity. Cloudflare may collect browser and OS metadata, interaction data for bot detection, and IP address (anonymized or hashed depending on your region). Cloudflare does not use Turnstile data for advertising purposes.

4.3 Website Analytics Data

We use Google Analytics (GA4) across our website. Google Analytics collects:

  • Page views and session data.
  • Device, browser, and operating system information.
  • Approximate geographic region.
  • Interaction behavior (clicks, navigation paths).
  • Event and engagement metrics.

All data sent to Google Analytics is pseudonymous and used solely to improve our website and service performance. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

4.4 In-Game Data

When you connect to our Minecraft server, we collect:

  • IP address (used for security and anti-abuse).
  • Minecraft UUID and username.
  • Chat logs and command logs.
  • Gameplay statistics (kills, deaths, wins, blocks broken, XP, levels, and other gamemode-specific metrics).
  • Progression and leaderboard data.

This data is stored in our MongoDB database for gameplay functionality and leaderboard accuracy.

5. How We Collect Information

We collect information through the following means:

  • Microsoft OAuth and Minecraft API authentication flows (sole method of account registration and login).
  • Cloudflare bot-protection interactions.
  • Google Analytics tracking scripts.
  • Server logs and gameplay activity on our Minecraft server(s).
  • Optional profile information submitted by you.
  • Payment activity processed by Tebex.
  • Optional in-game Discord account linking (for role syncing) and optional Discord profile display information submitted by you (for community visibility).

6. Special Categories of Data

We do not intentionally collect or process any special categories of sensitive personal data, including:

  • Racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Health or medical data.
  • Genetic or biometric identifiers.
  • Criminal history.

We also do not intentionally collect personal information from children below applicable age thresholds. See Section 15 for details.

7. How We Use Your Information

We use your personal information for the following purposes:

  • Account Authentication and Management: To authenticate users via Microsoft OAuth, verify account ownership, and manage your Mythrend profile.
  • Minecraft Ownership Verification: To validate your Minecraft account using the Microsoft Graph, Xbox Live, XSTS, and Minecraft API token chain during the login process.
  • In-Game Progression and Gameplay Features: To track statistics, experience, levels, and other gameplay data stored in our MongoDB database.
  • Leaderboards and Public Statistics: To display rankings, performance metrics, and statistics on our website and in-game using data synced between our MongoDB and SQL systems.
  • Discord Role Syncing: If you choose to link your Discord account in-game, your Discord ID is used to automatically assign server roles that reflect your in-game rank.
  • Customer Support: To respond to support tickets, account issues, and service requests submitted through our website or email.
  • Purchase Processing: To grant in-game rewards for purchases processed securely by Tebex. We do not store or access any payment or billing details.
  • Website Functionality and Analytics: To improve loading times, user experience, and overall site performance using Google Analytics, Cloudflare services, and internal logs.
  • Security and Fraud Prevention: To protect accounts, prevent abuse, detect suspicious activity, and maintain fair gameplay using Cloudflare security tools, logs, and anti-fraud measures.
  • Communications: To send important updates, notices, and account-related messages to your preferred contact email.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service.

We may also use Aggregated Data for analytics and service optimization. Aggregated Data does not identify individual users and is not subject to this Privacy Policy.

8. Cookies and Tracking Technologies

We use the following categories of cookies and similar tracking technologies:

  • Essential Cookies: Required for core functionality, including session authentication, login state management, and CSRF protection. These cannot be disabled without affecting your ability to use the Services.
  • Preference Cookies: Store your user settings and UI preferences to improve your experience across sessions.
  • Analytics Cookies: Used by Google Analytics to collect pseudonymous event and engagement data.
  • Security Cookies: Set by Cloudflare Turnstile for bot protection and fraud prevention on high-risk pages.

You may block or delete non-essential cookies through your browser settings or via a cookie consent manager. Please note that disabling certain cookies may impair the functionality of our Services. To opt out of Google Analytics, visit tools.google.com/dlpage/gaoptout.

9. Third-Party Links

Our Services may contain links to or integrations with third-party websites and services (e.g., Discord, Microsoft, Tebex). These third parties operate independently and are governed by their own privacy policies. We are not responsible for the privacy practices or content of any third-party service. We encourage you to review the privacy policies of any third-party service you access through our platform.

10. How We Share Your Information

We share personal information only in the following circumstances:

  • Microsoft / Xbox Live / Mojang: For authentication and Minecraft profile verification during login.
  • Tebex: For payment processing. We do not receive, store, or have access to your payment card or billing information.
  • Discord: Your Discord username or tag may be displayed publicly on your Mythrend profile if you choose to add it. Additionally, if you link your Discord account in-game for role syncing, your Discord ID is shared with Discord for that purpose. Discord is not used for account registration or login.
  • LeaderOS: Our website platform provider, which handles secure session management, authentication integration, and database hosting.
  • MongoDB: For storage of in-game statistics, progression data, and related gameplay records.
  • Google Analytics: For pseudonymous website analytics.
  • Cloudflare: For security, content delivery, and bot-protection services.
  • Legal Authorities: We may disclose personal information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

We do not sell, rent, or trade your personal information to third parties for their own marketing or advertising purposes.

11. How You Can Help Protect Your Data

Although we implement strong security controls, you can help protect your account by:

  • Keeping your Microsoft account credentials secure and enabling two-factor authentication.
  • Using strong, unique passwords for all linked accounts.
  • Being vigilant against phishing attempts.
  • Never sharing verification codes, one-time passwords, or login credentials with anyone.

Mythrend Network staff will never ask for your Microsoft password, payment card details, or other sensitive credentials. If anyone claiming to be Mythrend staff requests such information, please report it immediately at [email protected].

12. Data Protection and Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. The following describes the security measures employed by us and our trusted third-party providers:

  • Microsoft OAuth and API Tokens: Authentication is performed through Microsoft's secure OAuth 2.0 system. Temporary tokens are used only during the login flow and are not stored after the process completes.
  • Tebex (Payments): All purchases are processed securely by Tebex using industry-standard encryption. We never store or access payment card details.
  • Discord (In-Game Role Syncing): If you optionally link your Discord account in-game, data exchanged between Mythrend and Discord is encrypted and used solely to assign the appropriate server roles. Discord is not involved in account registration or login.
  • LeaderOS (Website Platform): Our website operates on LeaderOS, which provides secure session handling, authentication integration, database management, and access controls.
  • Cloudflare (Security and CAPTCHA): Cloudflare provides DDoS mitigation, traffic filtering, secure content delivery, and Turnstile CAPTCHA verification to protect against bots, spam, and malicious activity.
  • Minecraft Server Hosting: Our Minecraft servers are hosted with a professional third-party provider. Server logs (IP addresses, chat logs, and command usage) are stored securely and retained only as long as necessary for operational, moderation, and safety purposes.
  • MongoDB (In-Game Data): Gameplay data including UUIDs, ranks, progression, statistics, and cosmetic unlocks are stored in a secure MongoDB database with access strictly limited to authorized staff via role-based permissions.
  • SQL Database (Website Data and Leaderboards): Leaderboard and account profile data is managed via an SQL database hosted by LeaderOS, protected with access controls and encryption.

All systems use encrypted connections (HTTPS/TLS), access-restricted databases, role-based permissions, and regular log monitoring. While we take extensive steps to safeguard your data, no online platform can guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and take appropriate corrective actions in accordance with applicable law.

13. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law:

  • Account and Profile Data: Retained for as long as your account remains active.
  • In-Game and Gameplay Data: Retained for as long as necessary for operational and gameplay functionality.
  • Security and Audit Logs: Retained for a limited period consistent with security and moderation needs, typically no longer than twelve (12) months unless a longer period is required for an active investigation or legal obligation.
  • Purchase Records: Retained as required by applicable law and as maintained by Tebex in accordance with their own data retention policies.
  • Deleted or Deactivated Accounts: Upon account deletion or deactivation, we will delete or anonymize most personal data within a reasonable timeframe, except where retention is required by law (e.g., financial records, legal holds) or is necessary to prevent fraud or abuse.

14. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Right to Access: Request a copy of the personal information we hold about you.
  • Right to Rectification: Request that we correct inaccurate or incomplete personal information.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information, subject to our legal obligations to retain certain data.
  • Right to Restriction: Request that we restrict the processing of your personal information in certain circumstances.
  • Right to Data Portability: Request a copy of your personal information in a structured, commonly used, machine-readable format.
  • Right to Object: Object to the processing of your personal information for certain purposes, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Account-Specific Controls: Update your contact email, remove your Discord profile display information, unlink your in-game Discord connection, manage cookie preferences, and control the visibility of optional profile information through your account settings.

To exercise any of these rights, please contact us at [email protected] or through our support portal. We will respond to your request within thirty (30) days. We may need to verify your identity before processing certain requests.

California Residents (CCPA): In addition to the rights above, California residents have the right to know what personal information we collect, sell, or disclose; the right to opt out of the sale of personal information (we do not sell personal information); and the right to non-discrimination for exercising CCPA rights. To submit a CCPA request, contact us at [email protected].

EEA, UK, and Swiss Residents (GDPR): If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing your personal information include: performance of a contract (providing the Services), compliance with legal obligations, our legitimate interests (security, fraud prevention, service improvement), and your consent where required. You also have the right to lodge a complaint with your local data protection authority.

15. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Users between the ages of 13 and 16 in the European Union, or between 13 and 16 in the United Kingdom, must obtain verifiable parental or guardian consent before using our Services. Microsoft and Discord independently require users to be at least 13 years of age.

If we discover that we have inadvertently collected personal information from a child below the applicable age threshold without verifiable parental consent, we will promptly delete that information and terminate the associated account. Parents or guardians who believe their child has provided personal information to us without consent should contact us immediately at [email protected].

16. International Users and Data Transfers

Our Services are operated and hosted in the United States. If you access our Services from outside the United States, your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the EEA, UK, or Switzerland, we rely on appropriate legal mechanisms for cross-border data transfers, including Standard Contractual Clauses approved by the European Commission where applicable. By using our Services, you consent to the transfer and processing of your information in the United States.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you via email to the address associated with your account (if applicable) or via a prominent banner on our website, at least seven (7) days before the changes take effect. The "Last Updated" date at the top of this policy will always reflect the most recent revision.

Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised policy, you must stop using the Services.

18. Contact Us

For privacy questions, data access requests, or to exercise your rights under this Privacy Policy, please contact us: