Legal / Effective July 15, 2026
Privacy Policy
What information hardcoreminecraft.net handles, why it is handled, and the choices available to visitors.
Scope and operator
This Privacy Policy applies to hardcoreminecraft.net and the public news and storefront pages operated as The Hardcore Minecraft Network (the “Network,” “we,” “us,” or “our”). It explains the website’s current data practices. It does not govern Minecraft, Microsoft, Mojang, payment providers, social platforms, or other independently operated services.
The public website does not provide visitor accounts, comments, mailing-list forms, or public support forms. Its storefront does provide a basket and redirects customers to Stripe’s hosted checkout when they choose to purchase published items.
Store orders and Minecraft usernames
When you use the basket, the Network handles the product identifiers you select, an applied coupon code, and the Minecraft username you enter. A pending order record contains an order number, username, item and price snapshot, coupon and discount information, total, currency, checkout status, fulfillment status, timestamps, and Stripe checkout identifiers.
After Stripe confirms payment, Stripe provides the Network with transaction status, payment, customer, invoice, and—when applicable—subscription identifiers, plus the customer email entered during checkout. The Network records subscription status, current items, renewal periods, cancellation state, and fulfillment actions so it can deliver, change, pause, resume, renew, or remove Minecraft entitlements. The customer is responsible for entering the correct username.
Stripe payment processing
Payment is completed on a Stripe-hosted checkout page. Stripe may collect email address, billing details, payment-method information, IP address, device and browser information, transaction amount, items purchased, and fraud-prevention signals. The Network does not receive or store the full payment-card number or card security code.
Stripe processes information under its own privacy terms and may share transaction, invoice, and subscription status and limited customer details with the Network, financial institutions, payment networks, fraud-prevention providers, and other parties needed to complete or protect the transaction. Stripe also hosts the customer billing portal used to authenticate by email, update payment methods, view invoices, change eligible plans, and cancel subscriptions.
Information handled automatically
Like most websites, the web server may create access and error logs when a page or asset is requested. Those records can include an IP address, date and time, requested URL, referring page, response status, browser or device user-agent, and diagnostic information about errors.
We do not use these logs to build advertising profiles. They are used to deliver the website, investigate faults, prevent abuse, maintain security, and understand aggregate service reliability.
Cloudflare Web Analytics
Cloudflare can automatically add a performance-measurement beacon to public pages served through its network. The browser loads that beacon from static.cloudflareinsights.com and sends performance measurements to this website at /cdn-cgi/rum. Measurements can include page-load timing, browser and device characteristics, referring page, and approximate location derived from network information.
We use the resulting aggregate reports to understand website reliability and performance, not for behavioral advertising or to create visitor accounts. Cloudflare states that its Web Analytics service is privacy focused and does not track individual users across customers. Cloudflare handles the beacon data under its own privacy policy and service documentation.
Administrator information
The restricted content-management area handles administrator usernames, password hashes, session identifiers, sign-in timestamps, IP addresses associated with security events, failed-login records, and an audit history of publishing or account actions.
Administrator passwords are stored as one-way password hashes rather than readable passwords. Administrative records are used only to authenticate authorized operators, protect the control area, recover from misuse, and maintain accountability for published content.
Cookies and local storage
Public news pages do not currently set analytics or advertising cookies. Store and product pages use a strictly necessary session cookie named “hcmn_store” to secure basket actions and retain selected item identifiers, coupon state, and the submitted username between requests. It expires with the browser session, is HttpOnly and SameSite=Lax, and is marked Secure over HTTPS. The private administration area separately uses “hcmn_control,” an HttpOnly, SameSite=Strict session cookie.
The detailed administrator post editor can save an unpublished recovery draft in that administrator’s browser using local storage. The recovery copy remains on that device until it is cleared by the administrator or browser. It is not the authoritative published version.
Google Fonts
The website currently requests display fonts from Google Fonts. When a browser makes that request, Google receives technical request information such as the visitor’s IP address, the requested font resource, the page referrer, and browser or operating-system user-agent. Google states that the Google Fonts Web API does not set cookies and does not use this information to create end-user profiles or targeted advertising.
Google processes that request under its own terms and privacy practices. Visitors who block fonts.googleapis.com or fonts.gstatic.com can still use the website, but fallback typefaces may be displayed.
Purposes and legal grounds
We handle the limited information described above to provide requested pages, secure the website and administrator area, diagnose problems, prevent fraud or abuse, preserve publishing records, comply with legal obligations, and establish or defend legal claims.
Where data-protection law requires a legal basis, the basis will generally be our legitimate interests in operating and securing the website, performance of a contract where a service has been requested, compliance with law, or consent when consent is specifically requested. We balance legitimate interests against the rights and expectations of affected people.
Sharing and disclosure
We do not sell personal information. Limited information may be available to hosting, infrastructure, security, analytics, or professional-service providers only when reasonably necessary for them to provide services to the Network. Cloudflare handles the performance-beacon information described above, and Google receives the font-request information described above.
Order and transaction information is shared with Stripe and the financial or fraud-prevention parties involved in payment processing. Information may also be preserved or disclosed when reasonably necessary to comply with law or valid legal process, protect people or the website, investigate abuse, enforce our terms, or support a merger, reorganization, financing, or transfer of the website.
Retention and security
Basket-session data lasts for the browser session. Order, invoice, subscription, refund, dispute, and fulfillment records may be retained for the period reasonably needed for delivery, customer support, fraud prevention, accounting, tax, dispute handling, and legal obligations, including after cancellation. Other information is kept only as long as reasonably necessary for its purpose. Unneeded failed-login records are periodically removed by the application.
We use measures appropriate to this website’s present scale, including access controls, password hashing, rate limiting, secure session settings, request-forgery protection, restricted filesystem paths, and activity logging. No internet transmission or storage system can be guaranteed completely secure.
Children and younger visitors
The website is a general-audience service and does not knowingly permit a child who cannot legally consent to make a purchase or provide personal information without involvement from a parent or legal guardian. A minor must obtain permission and payment authorization from a parent or guardian before using checkout.
If a parent or guardian believes a child submitted an order or personal information without appropriate permission, they should use the official privacy contact so the request can be reviewed and information deleted where legally appropriate.
Your privacy choices and rights
Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, or portability of personal information, or to withdraw consent. You may also have the right to complain to a local data-protection authority. These rights can be subject to legal exceptions, identity verification, and record-retention duties.
The site does not currently use cross-site behavioral advertising or respond differently to browser “Do Not Track” signals. Browser controls can block external fonts, clear local storage, and remove cookies. Blocking the administrator session cookie will prevent the private control area from working.
Changes and contact
We may revise this Policy as the website changes. The effective date at the top will be updated when a material revision is published. If changes materially affect information already collected, notice will be provided when reasonably required by law.
Privacy, order-data, and legal requests may be sent to [email protected]. The operator may need to verify identity before acting on a request and will respond within the period required by applicable law.