SimVendor Hosting

Legal

Privacy policy

Last updated: 2026-05-23

1. Who we are

SimVendor Hosting is operated by SimVendor, based in Portugal. We comply with the EU General Data Protection Regulation (GDPR). Data controller contact: [email protected].

2. What we collect

  • Steam profile data — Steam ID, persona name, avatar, profile URL. Provided by Steam when you sign in via OpenID.
  • Email address — optional, used for receipts and notifications.
  • Payment data — held by Stripe, not by us. We store only a Stripe customer ID.
  • Server activity — your servers' status, slot/RAM configuration, billing history.
  • Support data — tickets and messages you submit.
  • Sessions — IP address and user-agent of each browser signed in.
  • Server contents — files you upload to your game server stay on our infrastructure but we don't index or analyze them.

3. Why we collect it

  • Service delivery — to provision and operate your game server.
  • Billing — to charge you, send receipts, comply with tax law.
  • Security — to detect abuse and respond to incidents.
  • Support — to answer your tickets.
  • Legal obligations — invoice records, tax compliance.

4. Who we share it with

  • Stripe — payment processing.
  • Our SMTP provider — transactional email delivery (receipts, server-ready notifications).
  • Cloudflare — storefront hosting + DDoS protection.
  • SimVendor — your Steam ID is shared if you link a SimVendor account, to verify mod entitlements.
  • Steam — Valve receives a login confirmation when you sign in.

We never sell your personal data. We never share it with advertisers or data brokers.

5. Cookies

We use first-party cookies only:

  • simhost-session — your signed-in session token. Required.
  • simhost-cookie-consent — remembers your cookie banner choice. Required to honor your consent.

We don't use third-party tracking cookies. No Google Analytics, no Facebook Pixel, no advertising tags.

6. Your GDPR rights

  • Access — download all data we hold about you via "Download my data" in Account settings.
  • Rectify — fix incorrect data.
  • Erase — delete your account. We retain invoice records for the legally-required period (typically 7 years in the EU) even after deletion, anonymized of personal identifiers.
  • Portability — the export feature delivers a machine-readable JSON.
  • Complain — your local data-protection authority.

7. Data retention

  • Account data — while your account exists. Deleted on request.
  • Server files — while the server exists, plus 7 days after termination before permanent deletion.
  • Invoice records — 7 years (legal requirement).
  • Support tickets — 3 years after last activity.
  • Audit logs (staff actions on your account) — 5 years.

8. International transfers

Infrastructure runs in EU and US regions. Where US transfers happen (Stripe, parts of Cloudflare's edge), they rely on Standard Contractual Clauses.

9. Security

Passwords are never used (Steam OpenID only). Sessions use signed cookies with hashed tokens in our DB. We don't store payment-card numbers. SimVendor mod content is AES-256-GCM encrypted on hosts with per-server keys.

10. Children

SimVendor Hosting is not directed at children under 16. If we discover we have collected data from a child under 16, we'll delete it.

11. Changes

We'll email signed-in users at least 14 days before any material change takes effect.

12. Contact

[email protected]