Privacy Policy

Effective Date: March 31, 2026

1. Introduction

The services are provided by VENDO GROUP LLC (Armenia, 70 Axayan St, Gyumri), hereinafter referred to as the "Company", "We", or "Us". We are committed to protecting your privacy and processing your personal data in accordance with international data protection standards and the laws of the Republic of Armenia.

2. Information We Collect

We collect information necessary to provide game hosting services and ensure network security:

  • Profile Data: Email address, first and last name.
  • Technical Data: IP address, browser type, and operating system.
  • Authorization Data: Detailed logs of logins and activities within the control panel.
  • Payment Data: We do not store your credit card details. All transactions are processed by secure third-party payment providers (Paddle, Stripe, OxaPay, NOWPayments).

3. Purposes and Legal Basis

We process your data for contract fulfillment and legitimate security interests:

  • Providing access to isolated game containers and the control panel.
  • Preventing DDoS attacks, unauthorized access, and investigating Abuse complaints.
  • System Notifications: Sending invoices, password resets, and server status alerts.
  • Incentive Communications: We may send individual promo codes or discount offers based on your account activity (e.g., an incentive offer if no order was placed within 14 days after registration).

4. Communications and Account Deletion

The Company does not engage in general mass marketing or third-party advertising.

We send two categories of emails:

Transactional emails (mandatory): invoices, password resets, server status alerts, security notifications. These are required to provide the service and cannot be disabled.

Promotional emails (optional): personalised incentive offers based on account activity (e.g., if no order was placed within 14 days after registration). To stop receiving them, disable promotional notifications in your Profile Settings: servox.pro/main/acc. Promotional emails include a footer note with a direct link to this setting.

To stop all communications including transactional emails, request account deletion via the ticket system: servox.pro/tickets/create.

5. Data Retention

  • Server Data: Game server files and databases are permanently deleted 7 calendar days after the expiration of the paid period.
  • Security Logs: Authorization logs and IP addresses are retained for 3 (three) years from the date of recording for the purposes of fraud prevention, abuse investigation, and security incident response. Upon expiry of this period, logs are permanently deleted or irreversibly anonymised. Aggregated statistical data (without personal identifiers) may be retained indefinitely.

6. Data Disclosure

We share data only with trusted partners:

  • Paddle.com (UK / USA / Canada) — Merchant of Record for payment processing, invoicing, tax collection, refunds, and fraud prevention. Paddle may receive your name, email address, IP address, and payment details necessary to complete transactions. Data transfers covered by Paddle's Privacy Notice and Standard Contractual Clauses (SCCs).
  • Stripe, Inc. (USA) — payment processing and fraud prevention. Data transfers covered by Stripe's Data Processing Agreement.
  • OxaPay — cryptocurrency payment processing. Receives transaction amount and a unique order identifier only. No personal data is shared beyond what is necessary to complete the payment.
  • NOWPayments (Netherlands) — cryptocurrency payment processing. Receives transaction amount and a unique order identifier. Data processing governed by NOWPayments' Privacy Policy.
  • Google LLC (USA) — site analytics (Google Analytics) and/or Google infrastructure services. Transfers covered by Standard Contractual Clauses (SCCs).
  • smtp.bz — transactional and promotional email delivery. Receives email address and email content only.
  • Legal Authorities: when required by the laws of the Republic of Armenia or international legal cooperation.

7. Your Rights Under GDPR and Applicable Law

If you are located in the European Economic Area (EEA) or another jurisdiction with data protection legislation, you have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): Request a copy of your personal data we hold.
  • Right to Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17 GDPR): Request deletion of your data, subject to legal retention obligations (e.g. open Abuse reports, unresolved financial disputes, or mandatory retention periods).
  • Right to Restriction (Art. 18 GDPR): Request that we limit processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests, including disabling promotional emails via your Profile Settings.

How to submit a request: All requests must be submitted via our ticket system: servox.pro/tickets/create. Please state clearly: (a) which right you are exercising; (b) any additional information required to verify your identity.

We will respond within 30 calendar days of receiving your request. In complex cases, we may extend this period by an additional 60 days, in which case we will notify you within the initial 30-day period.

Right to lodge a complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence. For EEA residents, this is typically your national Data Protection Authority (DPA).

8. Cookies and Similar Technologies

We use cookies and similar technologies to operate our website and control panel. Below is a description of the types of cookies we use.

8.1 Strictly Necessary Cookies

These cookies are essential for the website and control panel to function. They are set automatically and cannot be disabled. Examples:

  • Session cookie — keeps you logged in to your account.
  • CSRF token — protects against cross-site request forgery.

Legal basis: Necessary for performance of the contract (Art. 6.1.b GDPR). These cookies do not require your consent.

8.2 Analytics Cookies (if applicable)

We may use Google Analytics to collect anonymised data about how visitors use our website (pages visited, session duration, referral source). No personally identifiable information is collected. These cookies are only set with your consent.

Provider: Google LLC. Retention: up to 26 months.

8.3 Managing Cookies

You can control or delete cookies via your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in to your account. For guidance on managing cookies, visit allaboutcookies.org.

9. Contact Us

For any privacy-related inquiries, please contact us via our ticket system: servox.pro/tickets/create.