Privacy Policy

Minecraft Basketball Association (MBA) · Effective June 24, 2026 · Data controller: MBA

This policy explains how we collect, use, store, share, and delete personal data when you play on the Minecraft Basketball Association server and use this website. We operate security and identity tools (including the Proctor plugin) to prevent cheating, ban evasion, VPN abuse, and account sharing.

In-Game Notice and Acceptance

On your first login — and again after material policy updates — the MBA (Basketball) plugin shows a short Server Terms prompt before you can play. Until you click Accept, we do not collect your IP or connection details through Proctor and do not send your IP to third-party security services. Declining disconnects you.

(Connecting to any Minecraft server still exposes your IP to our hosting provider at the network level, as with any online service. We do not use that connection for Proctor enforcement until you accept.)

Information We Collect

Website (Discord login)

When you sign in with Discord, we collect your Discord username, user ID, and profile picture to create and manage your MBA player profile.

In-game, after you accept the terms

When you connect or play, we collect:

  • IP address (IPv4/IPv6 of your connection)
  • Minecraft UUID and username
  • Login timestamps
  • Client details — client brand, locale, and view distance reported by your client

IP addresses are personal data under GDPR, UK GDPR, CCPA, and similar laws.

Derived and correlated data

  • IP ↔ account links (which accounts have used which IPs).
  • VPN/proxy verdicts cached per IP (VPN, proxy, Tor, datacenter, clean, unknown).
  • Identity baselines — learned "home" IP and session patterns per account, for ringer detection.
  • Alert records when VPN, alt, or ringer signals fire, and ban correlation between accounts.
  • Terms acceptance — whether you accepted, the version accepted, and the timestamp.

How We Use Your Information

  • Create and maintain your player profile, statistics, and game history.
  • Operate the multiplayer server and enable league activities and team communication.
  • Enforce server rules and bans, and detect VPNs/proxies, ban-evasion alts, and account sharing.
  • Notify staff of suspicious activity and deny login for high-confidence violations.
  • Respond to appeals and legal requests, and diagnose misconfiguration.

We do not use this data for advertising and we do not sell it.

Third Parties We Share Data With

VPN / IP intelligence providers

When VPN detection is enabled, we send your IP address to one or more of these services to check whether the connection is a VPN, proxy, Tor node, or hosting/datacenter IP. Only the IP address (and data required by the request) is transmitted; each provider logs requests under its own policy:

If no provider is configured, no IP is sent externally for VPN checks.

Infrastructure and storage

  • Bloom.host — runs the game server and may process connection logs and on-disk files.
  • Supabase — stores website/profile data securely.
  • Mojang / Microsoft — handle Minecraft authentication; we receive your UUID and username, not your password.

Authorized administrators may access this data via staff-only in-game commands and logs. We may also disclose data where required by law. We do not sell personal data.

Retention

  • IP history, sessions, and identity baselines: 90 days, then automatic purge.
  • IPs linked to a banned account: retained for as long as the ban is in force, and deleted when the ban is lifted. This is a limited exception to the 90-day rule so that ban-evasion alts returning from the same IP remain detectable.
  • VPN verdict cache (per IP): 7 days, then refreshed or removed.
  • Security/alert logs: aligned with the IP retention period in practice.
  • Terms acceptance records: for the duration of your account relationship plus a reasonable period for disputes.
  • Ban records: until the ban expires or is overturned; longer for repeat offenders.

We may retain data longer where required for legal claims or investigations.

Automated Decisions

Proctor may automatically deny login (disconnect you at connect) when configured in enforcement mode and a high-confidence VPN or alt signal is detected. Ringer detection is alert-only by default — staff review before any action. You may request human review of an automated denial through our Discord server.

Your Rights

Depending on where you live, you may have the right to:

  • Access the data we hold about you and correct inaccurate data.
  • Request deletion of your account and data (subject to exceptions for bans, legal holds, and ongoing security needs).
  • Object to or restrict certain processing, and request portability where applicable.
  • Complain to your local data protection authority.

California residents may have rights to know, delete, and correct personal information, and to opt out of "sale" or "sharing" — we do not sell personal information. We may need to verify control of your Minecraft or Discord account before responding.

Children

The server is not directed at children under 13 (or 16 in some regions). We do not knowingly collect data from children below the applicable age without parental consent.

Changes & Contact

We will update the effective date when this policy changes; material changes may require renewed in-game acceptance. For privacy questions or requests, contact the MBA administration team through our Discord server. See also our Terms of Service.

Last updated: June 25, 2026