Skip to content

Privacy Policy

This explains what personal data berrybyte collects, why, and what you can do about it. We've kept it plain and honest. We use personal data to operate berrybyte, and selling it to third parties is outside our business model.

1. Who we are

BerryByte Limited ("berrybyte", "we", "us") is the data controller for your personal data. We're registered in England and Wales (company no. 14136989), at 61 Bridge Street, Kington, United Kingdom, and we're registered with the UK's Information Commissioner's Office (ICO) (registration no. ZB597037).

For anything privacy-related, reach the responsible team at privacy@berrybyte.net.

2. What we collect

  • Account info: your name and email address, plus the ID from Google or Discord if you sign in with them.
  • Billing info: your transaction and subscription history. Card details are handled directly by Stripe; we receive billing records only.
  • Technical info: IP address, device and browser details, and logs of how you use the service. We also derive a device fingerprint from technical characteristics of your device and browser, which we use to detect fraud and abuse.
  • Server content: information related to the servers you run, where it contains personal data. We treat your server content as yours.
  • Messages: anything you send us through support, email, or Discord.
  • Cookies: see section 7.

3. How we use it

Under UK GDPR we need a lawful basis for everything we do with your data. Here's the short version:

What we doWhy (lawful basis)
Set up and run your account, provide what you bought, take payment, give supportPerforming our contract with you
Keep the service secure, prevent fraud and abuse, keep logsOur legitimate interests in running a safe, reliable service
Improve and develop the serviceOur legitimate interests
Send you service emails (order confirmations, security and billing notices)Contract / legitimate interests
Send marketing, if you've opted inYour consent (withdraw anytime)
Optional cookies and analyticsYour consent
Meet legal, tax, and safety obligationsLegal obligation

We run automated fraud and abuse checks on sign-ups, trials, and orders. Those checks may restrict trials, or hold or flag an order for review. A human reviews held or contested cases. Legal or similarly significant decisions about you rely on more than automated processing alone.

Where accounts share device, IP, or payment signals, we may associate them for fraud detection.

4. Who we share it with

We share data only where it's needed to run berrybyte:

  • Stripe (including Stripe Radar): to process payments and subscriptions, and to help detect payment fraud.
  • Fraud-prevention and IP-intelligence providers: who help us detect and prevent fraud, abuse, and automated attacks — for example, checking whether an IP address is linked to a VPN, proxy, or hosting network, or assessing the risk of a payment.
  • Google & Discord: when you choose to sign in with them.
  • Postmark: to send you service emails.
  • Plausible & PostHog: to understand how the site and service are used.
  • Our data-centre and infrastructure providers: who host the servers that run the service.
  • Advisers and authorities: where the law requires it, or to protect our users and the public (including child-safety reporting).

Anyone processing data on our behalf is bound by a contract to keep it secure and use it only on our instructions. We use personal data to operate berrybyte, and selling it to third parties is outside our business model.

5. Sending data abroad

Some of these providers may process data outside the UK. When that happens, we use approved safeguards such as a UK adequacy decision or the UK's International Data Transfer Agreement / Addendum so your data stays protected.

6. How long we keep it

We keep your data only as long as we need it. In practice:

  • Account data: while your account is open, and a short period afterwards in case you come back or we need to handle a dispute.
  • Billing records: around 6 years, because UK tax law requires us to keep them.
  • Logs and technical data: for a limited period for security purposes.
  • Fraud-prevention signals: device fingerprint and IP observations are kept for up to 24 months from when we last see them, with older observations given progressively less weight. Records of fraud decisions may be kept longer where we need them to handle disputes or prevent repeat abuse.

Once retention periods end, we securely delete or anonymise your data.

7. Cookies & analytics

Strictly necessary cookies keep the site working and keep you signed in as part of core site operation. This includes a security cookie that acts as a device identifier so we can detect fraud and abuse; because it protects the service, it doesn't require consent and can't be switched off. For analytics we use Plausible (privacy-friendly) and PostHog to see how the service is used. Optional analytics run only with your consent, which you can change anytime through our cookie banner.

8. How we protect it

We use appropriate measures to keep your data safe, including encryption where suitable, hashed passwords, access controls, and off-site backups taken every couple of days. We take protecting your data seriously, and if something goes wrong we'll notify the ICO and affected people where the law requires.

9. Your rights

You have the right to:

  • access the data we hold on you;
  • correct anything that's wrong;
  • delete your data (in certain cases);
  • restrict or object to how we use it;
  • port your data elsewhere;
  • withdraw consent anytime, where we rely on it.

To use any of these, email privacy@berrybyte.net. We'll respond within the time the law allows (usually one month), and we may need to confirm your identity first.

10. Complaints

If something's wrong, please contact us first at privacy@berrybyte.net so we can help. You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.

11. Children

berrybyte is for adults. We collect data only from users who meet the age UK data protection law requires. If you think a child has given us their data, email us and we'll remove it.

12. Changes & contact

We may update this policy from time to time. If we make meaningful changes, we'll update the date above and let you know where we reasonably can.

BerryByte Limited · 61 Bridge Street, Kington, United Kingdom · Company no. 14136989
Privacy: privacy@berrybyte.net

Start a game
server in seconds

Join the Discord

106 servers started with berrybyte this week