Effective date: February 16, 2026

What we collect

When you connect to our server, we may collect:

• Minecraft identifiers (such as your gamertag / XUID or similar platform identifier)
• Connection and security metadata (timestamps, join/leave events, security flags)
• IP address (processed) for security and abuse prevention (see below for how it is handled)

Cookies and analytics

We do not use tracking cookies or analytics on the website.

How we handle IP addresses (hashing, no raw IP storage)

We use IP addresses only to perform security checks and prevent abuse. We designed our system to avoid storing or exposing raw IP addresses:

• Immediate lookup: when an IP address is received for security checks, we perform the risk lookup immediately.
• No raw IP storage: we do not store raw IP addresses in our database.
• Hashed storage: we store only a hashed version of the IP address for abuse prevention and repeat-detection.
• No raw IP in commands: staff/admin tools represent IPs using internal IP IDs rather than raw IPs or IP hashes.
• No staff viewing raw IP or hash: server admins/staff do not see raw IP addresses or hashed IP addresses through commands or normal workflows.

What admins/staff can see (simple example)

To protect player privacy, staff tools show internal IP IDs (not the raw IP and not the hashed IP). Example:

Separately, our system stores a hashed value of the IP internally (not shown to staff). Example:

IP risk checks (VPN / proxy / datacenter / Tor)

We may check your IP address using a third-party abuse and risk detection service to determine whether your connection appears to come from:

The lookup may also return a general location such as country or continent. We use this information only for server security and abuse prevention.

Staff security alerts (Discord) for flagged VPN / proxy / Tor connections

We use IP risk checks only to protect the server from abuse (botting, cheating, and malicious activity). In some cases, a connection may be flagged as high risk (for example VPN, proxy, Tor, datacenter hosting, or abuser risk). When that happens, our system may generate an automated staff alert so moderators can respond quickly.

• Only generated when flagged: The suspicious-IP alert and its details are created only when the risk lookup flags the connection (VPN/proxy/Tor/datacenter/abuse). If not flagged, no such “details” message exists.
• No database storage of alert payload: The alert contents (including the “Details” block) are not stored in our database as a separate log record. They are used for real-time moderation awareness only.
• Discord delivery: If generated, the alert is sent to a private staff moderation channel on Discord. Because the message is delivered via Discord, it may be stored within Discord’s infrastructure according to Discord’s retention and privacy practices.
• No raw IP and no hashed IP in Discord: The alert contains internal IP IDs only (example: IP-140). It does not contain the raw IP address, and it does not contain the hashed IP address.
• No direct lookup access: Staff cannot retrieve these alert details through normal commands or player lookups. Staff workflows use internal IP IDs and security flags rather than exposing raw IP addresses, hashes, or raw lookup data.

What is included in a “Suspicious IP” staff alert

For transparency, if a connection is flagged and an alert is generated, the message may contain:

• Player – Minecraft name of the player who joined
• Server – Server name (or linked server name)
• IP ID – Internal ID only (example: IP-140)
• Flagged for – One or more risk flags (example: VPN, proxy, Tor, datacenter, abuser)
• Details (optional) – A limited JSON block built only from non-IP fields returned by the risk lookup, such as:
  • Company (provider/hosting name, if provided)
  • General location (continent/country/state/city, if provided)
  • ASN info (organization/description/domain, if provided)
  • VPN service name only when a VPN flag is detected (if provided)

  Important: This alert does not include raw IP addresses, IP hashes, network ranges (CIDR), or precise GPS coordinates.

Example format (illustrative):

Third-party service used for fraud/risk lookups

We use ipapi.is to perform IP fraud/risk lookups (VPN/proxy/datacenter/Tor/abuse flags). Your IP address is sent only to this service for the purpose of receiving these security details. We do not send your IP address to any other third-party services for this purpose.

How we use your data

• Prevent bot accounts and automated abuse
• Detect and reduce alternate-account spam
• Investigate cheating, exploits, and malicious activity
• Protect server stability and availability
• Enforce server rules and keep the community safe

Legal basis (where applicable)

Where privacy laws apply (e.g., GDPR/UK GDPR), we rely on our legitimate interests in maintaining server security, preventing fraud and abuse, and enforcing our rules.

Data sharing

We do not sell or share personal data.

We may disclose limited data only when necessary to operate the service and keep it secure:

• ipapi.is for IP fraud/risk lookup results (as described above)
• Hosting and infrastructure providers needed to run the server
• Legal requirements if we must comply with applicable law

Who we are

luibara2 Network is operated from Czechia.

International data transfers

Because we use third-party services (including hosting providers, Discord for community support and private staff moderation alerts, and ipapi.is for risk checks), your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers (for example, contractual protections used by service providers).

Children’s privacy

We do not knowingly collect personal data from children under the age required by applicable law in their country. If you believe a child has provided personal data to us, please contact info@luibara2.network and we will take steps to delete it where appropriate.

Your rights (GDPR/UK GDPR and similar laws)

Depending on your location, you may have certain rights regarding your personal data, including:

• Right of access (request a copy of your data)
• Right to rectification (correct inaccurate data)
• Right to erasure (request deletion of your data)
• Right to restriction (limit how your data is used)
• Right to object (object to processing based on legitimate interests)
• Right to lodge a complaint with a data protection authority

To exercise these rights, contact us at info@luibara2.network.

Retention

We keep data only as long as needed for security and abuse prevention. Typical retention periods:

• Hashed IP linked to your username: up to 30 days
• Severe abuse cases: may be retained longer only when necessary to prevent repeated attacks

Security

We use reasonable measures to protect data (access controls, limited staff access, and secure storage). IP-related data is stored as hashes in our database and is secured. No method of storage is 100% secure, but we work to keep data protected.

Data breach notification

In the event of a data breach affecting personal data, we will notify affected users and authorities where required by law.

Your choices

• If you use a VPN/proxy/Tor, your connection may be restricted if it is flagged as high risk.
• You may request information about what we store, and you may request deletion where legally required.

Changes to this policy

We may update this policy from time to time. The “Effective date” at the top will show the latest version.

Contact

For privacy questions or requests, email: info@luibara2.network

For general support, you can also join our Discord: luibara2 Network Discord