Privacy Policy

Last updated: April 7, 2026

1. Introduction

RiftPanel ("we", "our", "us") is a self-hosted game server management platform. This Privacy Policy explains how we collect, use, and protect information when you use our website (riftpanel.net) and our software.

Since RiftPanel is self-hosted, the panel operator (our customer) is the data controller for end-user data stored on their instance. This policy covers data we collect directly through our website and license service.

2. Information We Collect

2.1 Account Information

When you purchase a license or create an account, we collect:

  • Email address
  • Name
  • Payment information (processed by Stripe/PayPal — we do not store card details)

2.2 License Verification

Our license server receives periodic verification requests containing:

  • License key (HMAC-signed)
  • Server IP address
  • Panel version

2.3 Website Analytics

We use Cloudflare Web Analytics which is cookie-free and does not track individual users. We collect aggregate data such as page views, referrers, and countries.

3. How We Use Your Information

  • To provide and maintain our service
  • To process payments and manage licenses
  • To send important updates about the software (security patches, new versions)
  • To respond to support inquiries
  • To detect and prevent fraud

We do not sell your personal data to third parties. We do not send marketing emails without your explicit consent.

4. Data Sharing

We share data only with:

  • Stripe / PayPal — for payment processing
  • Cloudflare — for CDN and DDoS protection
  • Docker Hub — for software distribution (no personal data shared)

5. Data Retention

We retain your account and license data for as long as your license is active. Payment records are retained for 7 years as required by tax regulations. You may request deletion of your account at any time by contacting [email protected].

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion ("right to be forgotten")
  • Data portability
  • Object to processing

To exercise these rights, contact [email protected].

7. Cookies

Our website uses minimal cookies:

  • Essential cookies — Cloudflare security cookies (__cf_bm) required for the site to function
  • Preference cookies — Language preference (stored in localStorage, not a cookie)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. See our Cookie Policy for details.

8. Security

We implement industry-standard security measures including HTTPS encryption, HMAC-signed license verification, bcrypt password hashing, and rate-limited API endpoints. However, no method of transmission over the Internet is 100% secure.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, contact us at [email protected].