Analyse

Legal

Privacy Policy

Last updated: March 25, 2026

This Privacy Policy explains how VertCode Development E.E. ("Company", "we", "us", or "our") collects, uses, shares, and protects your personal data when you use Analyse ("Service"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Greek Law N.4624/2019.

Quick Summary

We never sell your personal data to third parties
IP addresses are never stored — only the derived country
Passwords are hashed with Argon2id, never stored in plaintext
All data transfers are encrypted with TLS
You can request deletion of all your data at any time
Full GDPR rights including data portability and access
01

Introduction — Data Controller

VertCode Development E.E. is the data controller responsible for your personal data as defined under Art. 4(7) GDPR. This means we determine the purposes and means of processing your personal data.

VertCode Development E.E.

Ετερόρρυθμη Εταιρεία (Limited Partnership)

Valatsoritou 1, Athens, 10671, Greece

GEMI: 186520701000

AFM: 802973201

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above. We are committed to resolving any concerns you may have.

02

Information We Collect

We collect different categories of personal data depending on how you interact with our Service. Below is a detailed breakdown of each category.

Account Information

When you create an account, we collect:

  • Email address
  • Display name
  • Password (hashed with Argon2id — we never store your plaintext password)
  • OAuth data (if you sign in via Google or Discord): profile name, email, and account identifier provided by the OAuth provider

Minecraft / Hytale Player Data

When game server operators use our plugin or SDK, the following player data is transmitted to our Service:

  • Player UUIDs (unique identifiers assigned by Mojang / Hytale)
  • Player usernames
  • Connection timestamps (join and leave times)
  • Connection hostname (the address the player used to connect)
  • Country (derived from IP address at the time of connection — IP addresses are never stored)
  • Session duration
  • Platform (e.g., Java Edition, Bedrock Edition)

Purchase Data

If purchases are tracked through the Tebex integration, we receive the following data from Tebex:

  • Transaction IDs
  • Transaction amounts and currency
  • Package names purchased
  • Player information associated with the purchase (UUID, username)

Usage Data

We automatically collect certain information when you use the Service:

  • Browser type and version
  • Device type and operating system
  • Pages visited and features used within the dashboard
  • AI query history (questions submitted to our AI analytics features)
03

Legal Basis for Processing

Under Art. 6 GDPR, we process your personal data based on the following legal grounds. Each processing activity is mapped to its specific legal basis:

Contract Performance — Art. 6(1)(b)

Processing necessary for the performance of our contract with you, including: creating and managing your account, providing the analytics service, processing player data through the plugin/SDK, and delivering subscription features.

Legitimate Interests — Art. 6(1)(f)

Processing necessary for our legitimate interests, which are not overridden by your rights, including: usage analytics to improve the Service, security monitoring and fraud prevention, maintaining system performance and reliability, and generating aggregated, anonymized statistics.

Consent — Art. 6(1)(a)

Where we rely on your consent, including: marketing communications and newsletters, optional analytics cookies, and use of non-essential third-party services. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Legal Obligation — Art. 6(1)(c)

Processing necessary to comply with a legal obligation, including: retaining financial records for Greek tax law compliance, responding to lawful requests from authorities, and fulfilling obligations under applicable regulations.

04

How We Use Your Information

We use the information we collect for the following purposes:

  • Service provision — Operating and maintaining the analytics platform, including player tracking, attribution analytics, and dashboard features
  • Payment processing — Facilitating subscription payments through Stripe and integrating purchase data from Tebex
  • Analytics and improvement — Understanding how the Service is used to improve features, performance, and user experience
  • Communications — Sending transactional emails (account verification, password resets, billing notifications) and, with your consent, marketing communications
  • Fraud prevention and security — Detecting and preventing unauthorized access, abuse, and fraudulent activity
  • Legal obligations — Complying with applicable Greek and EU laws, including tax record-keeping and responding to lawful government requests
05

Data Sharing

We never sell your personal data to third parties. We share your data only with the following categories of recipients, and only to the extent necessary:

Service Providers

We use trusted third-party service providers who process data on our behalf under data processing agreements:

Stripe

Payment processing

Tebex

Purchase data integration

Vercel

Hosting and infrastructure

Resend

Transactional email delivery

Google

OAuth authentication

Discord

OAuth authentication

Legal Requirements

We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency), in accordance with applicable Greek and EU legislation.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy.

06

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our service providers are based (such as Stripe, Vercel, and Resend).

When we transfer data outside the EEA, we ensure adequate protection through the following safeguards:

  • Standard Contractual Clauses (SCCs) — Approved by the European Commission under Art. 46(2)(c) GDPR, ensuring contractual obligations on the data recipient to protect your data
  • Adequacy Decisions — Where available, we rely on the European Commission's adequacy decisions under Art. 45 GDPR confirming that the recipient country provides an adequate level of data protection

You may request a copy of the safeguards we have in place by contacting us at contact@vertcodedevelopment.com.

07

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations.

Analytics Data Retention by Plan

Starter30 days
Pro1 year
BusinessUnlimited

Other Retention Periods

  • Account data — Retained until you delete your account. Upon account deletion, your personal data is deleted within 30 days
  • Purchase records — Retained for 5 years after the transaction in compliance with Greek tax law (Κώδικας Φορολογικής Διαδικασίας, N.4987/2022)
  • Backups — Purged within 90 days of the data being deleted from our primary systems
08

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, in accordance with Art. 32 GDPR.

TLS Encryption

All data in transit is encrypted using TLS 1.2 or higher

Argon2id Hashing

Passwords are hashed using the Argon2id algorithm, never stored in plaintext

Access Controls

Strict role-based access controls limit who can access personal data

Monitoring & Audits

Regular security audits and continuous monitoring for threats

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to taking all reasonable steps to protect your personal data.

09

Your Rights Under GDPR

As a data subject, you have the following rights under GDPR. You may exercise any of these rights by contacting us at contact@vertcodedevelopment.com. We will respond to your request within 30 days in accordance with Art. 12(3) GDPR.

Art. 15Right of Access

You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.

Art. 16Right to Rectification

You have the right to request correction of inaccurate personal data or completion of incomplete data.

Art. 17Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.

Art. 18Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy.

Art. 20Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Art. 21Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

Art. 7(3)Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Art. 22Right Not to be Subject to Automated Decisions

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you.

10

Right to Complain

If you believe that we have not handled your personal data properly or that we have not complied with your rights under GDPR, you have the right to lodge a complaint with the supervisory authority.

Hellenic Data Protection Authority (ΑΠΔΠΧ / HDPA)

Kifisias 1-3, 115 23 Athens, Greece

Website: www.dpa.gr

Email: complaints@dpa.gr

We encourage you to contact us first at contact@vertcodedevelopment.com so we can try to resolve your concern before you file a complaint with the authority.

11

Cookies

We use cookies and similar tracking technologies to enhance your experience, analyse usage, and assist in our marketing efforts. Essential cookies are required for the Service to function properly and cannot be disabled.

For detailed information about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

12

Children's Privacy

Our Service is not directed at individuals under the age of 16. In accordance with Greek Law N.4624/2019 Art. 21, we do not knowingly collect or process personal data from children under 16 years of age.

If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will take steps to delete that data as quickly as possible. If you believe that a child under 16 has provided us with personal data, please contact us at contact@vertcodedevelopment.com.

13

Third-Party Services

Our Service integrates with the following third-party services. Each service has its own privacy policy governing how they handle your data:

Tebex (Overwolf)

Tebex processes purchase and payment data for game server monetisation. When a purchase is made, Tebex shares transaction details with us for analytics purposes. Tebex's processing is governed by their own privacy policy.

Google & Discord OAuth

If you choose to sign in using Google or Discord, we receive limited profile information (name, email, account identifier) from the provider. We do not receive your password or access your accounts beyond the initial authentication scope.

Stripe

Stripe handles all direct payment processing for subscriptions. Payment card details are processed and stored exclusively by Stripe — we never have access to your full card number. Stripe is certified as a PCI Level 1 Service Provider.

14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

For significant changes, we will notify you at least 30 days in advance via the email address associated with your account before the changes take effect. We will also update the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

15

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

VertCode Development E.E.

Ετερόρρυθμη Εταιρεία (Limited Partnership)

Valatsoritou 1, Athens, 10671, Greece

GEMI: 186520701000 | AFM: 802973201

Email: contact@vertcodedevelopment.com