Privacy Policy
Last updated: February 25, 2026
This privacy notice for SoulFire ("we," "us," or "our") describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you visit our website at soulfiremc.com, or any website of ours that links to this privacy notice.
This privacy policy template is based on Termly's free privacy policy template.
1. What Information Do We Collect?
Personal Information You Provide
We collect personal information that you voluntarily provide when you register on our website, express an interest in obtaining information about us or our products and Services, or otherwise contact us.
Personal information provided by you. The personal information we collect depends on the context of your interactions with us and the choices you make. It may include:
- Email address
- Name and display username
- Passwords (hashed, never stored in plaintext)
- Avatar image (from OAuth provider or Gravatar)
- OAuth account identifiers (Discord user ID, GitHub user ID) when you link social accounts
- WebAuthn passkey credentials (public key, device type) when you register a passkey
- Two-factor authentication secrets and backup codes
- Docs feedback text you voluntarily submit
Information Collected Automatically
We automatically collect certain information when you visit, use, or navigate our website. This information does not reveal your specific identity but may include:
- IP address — recorded per authenticated session
- User agent / browser information — recorded per authenticated session
- Device and usage information — collected via analytics cookies (see our Cookie Policy)
2. How Do We Process Your Information?
We process your information to:
- Provide and maintain our Services — including account creation, authentication, and session management.
- Send you transactional emails — email verification, password resets, email change confirmation, account deletion verification, and two-factor authentication codes. These are sent via Resend from
auth@transactional.soulfiremc.com. - Protect our Services — we use Cloudflare Turnstile CAPTCHA to prevent automated abuse, and we check passwords against the Have I Been Pwned breached password database.
- Analyze usage and improve our website — with your consent, we use PostHog (EU-hosted) for product analytics.
- SEO monitoring — we use Ahrefs Analytics for website performance and SEO analysis.
3. When and With Whom Do We Share Your Information?
We do not sell your personal information. We may share your data with the following third-party service providers who process it on our behalf:
| Service | Purpose | Data Shared |
|---|---|---|
| Neon | PostgreSQL database hosting | All account and session data |
| Vercel | Website hosting and CDN | Request metadata (IP, headers) |
| Resend | Transactional email delivery | Email address, email content |
| PostHog (EU) | Product analytics (consent-gated) | Usage data, device info, feedback text |
| Ahrefs | SEO analytics | Page visit data |
| Cloudflare | Turnstile CAPTCHA | Browser interaction data for bot detection |
| Discord | OAuth login & linked roles | OAuth tokens, user ID |
| GitHub | OAuth login | OAuth tokens, user ID |
| Gravatar | Avatar fallback | MD5 hash of email address |
| YouTube | Embedded demo video | Standard YouTube embed data |
4. Do We Use Cookies and Tracking Technologies?
Yes. We use cookies and similar tracking technologies to access and store information. For details on what cookies we use and how you can manage them, please see our Cookie Policy.
5. How Long Do We Keep Your Information?
We keep your personal information for as long as your account is active or as needed to provide you our Services. When you delete your account, we will delete or anonymize your personal information within a reasonable time, except where retention is required by law.
Session records (including IP address and user agent) are retained for the duration of the session and may be retained for a reasonable period after expiration for security and debugging purposes.
6. How Do We Keep Your Information Safe?
We implement appropriate technical and organizational security measures to protect your personal information, including:
- Passwords are hashed before storage (never stored in plaintext)
- Row-Level Security (RLS) is enabled on all database tables
- HTTPS is enforced across the entire website
- Content Security Policy (CSP) headers restrict script execution
- Security headers (X-Frame-Options, X-Content-Type-Options) are set globally
- Breached password detection via Have I Been Pwned
- Two-factor authentication (TOTP and email OTP) is supported
- WebAuthn passkeys for passwordless authentication
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
7. What Are Your Privacy Rights?
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Deletion — request deletion of your account and associated data. You can initiate account deletion from your account settings.
- Withdraw consent — you can withdraw consent for analytics cookies at any time via our cookie consent banner.
- Data portability — request your data in a portable format.
To exercise any of these rights, contact us at support@soulfiremc.com.
8. Do We Collect Information from Minors?
We do not knowingly collect data from or market to children under 13 years of age. By using our Services, you represent that you are at least 13 years old. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.
9. Do We Make Updates to This Policy?
We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your information.
10. How Can You Contact Us?
If you have questions or concerns about this privacy notice or our data practices, contact us at:
- Email: support@soulfiremc.com
- GitHub: github.com/AlexProgrammerDE/SoulFire