/ trust & safety
I take your data seriously. Here's exactly how I handle your information — no fine print, no corporate nonsense. Just straight talk. I'm not Zuckerberg, relax.
We're not like topeaglerservers dw fr
When you register, we hash your password with bcrypt at cost factor 12 — that's 4,096 rounds of salting and hashing. Even if our database got leaked (which it won't, but still), cracking your password would take centuries, not hours.
We never log, email, or store your password in plaintext. Not in server logs, not in error reports, not in a sticky note on the monitor. I literally cannot see your password. If you forget it, I can only reset it — I can't tell you what it was.
After you log in, we give you a signed JWT token that expires after 24 hours. It's stored in your browser's session storage (not a cookie — cookies are annoying) and sent with every API request. The token contains only your user ID and role — no personal info.
The token is signed with a server-only secret key that never leaves Cloudflare Workers. If someone steals the token, it's useless after 24 hours. If they try to modify it, the signature breaks and we reject it.
We use Turso — a distributed SQLite database built on libSQL. Your data is stored in a secure cloud environment with encryption at rest. Our API runs on Cloudflare Workers, which means:
This site uses a single cookie preference stored in your browser's localStorage — not a tracking cookie. We have zero analytics scripts, no Google Analytics, no Facebook pixels, no ad trackers.
The only data we store locally is your session token (for keeping you logged in) and your cookie consent preference. That's it.
We removed email from the signup process entirely. You only need a username and password to create an account. No email to hand over, no inbox to check, no spam risk.
If you forget your password, reach out in our Discord and staff can reset it. Less friction for you, less data on our servers.
You have full control over your data. From your Profile Settings page, you can:
Account deletion is immediate and irreversible. We don't keep backups of deleted user data.
/ faq
Straight answers about your security and privacy. No legalese, I promise.
No. We don't sell, rent, or share your personal information with anyone. Not now, not ever. We don't even have analytics scripts running on this site.
No. Passwords are hashed with bcrypt before they ever touch the database. Not even the server owner can see your password. If you forget it, we can only reset it — we can't look it up.
Yes. The site is served over HTTPS (TLS 1.3) and all API requests go through Cloudflare's encrypted network. Your data is protected in transit between your browser and our servers.
Because passwords are hashed and tokens are short-lived, the practical damage of a breach would be limited. We would notify users via our Discord and force a password reset if a breach were detected.
This site is developed and operated by ExclamationStudios. It's a community educational resource for Minecraft server developers, not a commercial data-collection operation.
Yes. Contact us on Discord and we'll provide a JSON export of your account data within 30 days (GDPR compliance).