Privacy Policy

Last modified on Apr 27, 2025

v4Guard values your privacy and aims to be fully compliant with GDPR and similar regulations. All data shared with v4Guard API, Connector and other endpoints are confidential and securely processed.

Overview

This Privacy Policy document outlines the privacy measures of v4Guard (referred to as "v4Guard", "the service", "we", or "us"), in relation to our website ("the Wesbite"), and any features, products, and online services (referred to as "services") provided by v4Guard. We value the privacy of our visitors and users. This Privacy Policy details the types of data and information that we collect and how we safeguard this data.

v4Guard provides services to help our customers detect and prevent fraud, spam, and abuse on their platforms, including websites, Minecraft servers and Discord communities.

In providing these services, v4Guard acts either as a data processor or a data controller, depending on the context, as outlined below.

We are fully committed to protecting the privacy of individuals and handling personal data responsibly and transparently.

Roles and Responsibilities

For data collected during fraud prevention validation activities performed on behalf of our customers (e.g., IP addresses, Discord user IDs, Minecraft usernames, etc...), v4Guard acts as a data processor. Our customers, the server owners/operators, are the data controllers and determine the purposes and means of processing.

For data related to v4Guard's services, when we collect and process personal data for our own purposes, such as when you create an account on our site, or contact us for support, v4Guard acts as a data controller. In this case, we determine the purposes and means of processing personal data.

What data we process (as a "data processor")

Depending on the service (Checkpoint, Minecraft or Discord verification), the information we collect and process may differ. The following minimal data is collected:

  • Platform's equivalent user id (e.g., Discord user ID, or Minecraft username)
  • The IP address at the time of verification
  • The domain or hostname used to verify
  • Geolocation information derived from the public IP address.
  • Platform-specific minimal information derived from the connection process (e.g., Minecraft version).
Please refer to the geolocation section to learn more about how do we handle IP geolocation and what does it mean to privacy.

Purpose and Legal Basis for Processing

The processing of the above data is necessary to support our customers' legitimate interest (Article 6(1)(f) GDPR) in:

  1. Preventing fraudulent activity.
  2. Detecting and blocking spammers, raiders, and abusive users.
  3. Detecting and blocking VPN, proxy, Tor and other anonymization services.
  4. Maintaining a secure and reliable environment for their services.

v4Guard also pursues its own legitimate interests in securing its services and infrastructure.

Data Subject Rights

For data we control

If you have a direct account with v4Guard (e.g., company profiles, or dashboard account), you may exercise your GDPR rights (such as access, rectification, deletion, restriction, objection) by contacting us at privacy@v4guard.io.

We will respond in accordance with GDPR requirements.

For data we process on behalf of customers

We do not independently handle data subject rights requests related to data processed on behalf of our customers (i.e., Discord verification or Minecraft connection data).

Such requests must be directed to the data controller (our customer/server operator) who is responsible for handling the request.

Upon valid instruction from the data controller, we will assist in fulfilling the request. You must take into consideration the following when sending a request:

  1. If you request deletion or limitation of processing of your information related to checks, and the data controller approves the request, this will result in the inability to access any services protected by v4Guard, including services provided by our customers.

  2. If the data controller denies the request, we must retain the data to fulfill the legitimate interest for security and fraud prevention.

Data Retention

  • We will retain your data for as long as it is necessary to fulfill the purpose and legitimate interests for which it was collected, unless otherwise required by law.
  • If formally instructed by the data controller, and where legally permitted, we will remove or anonymize the data.
  • The data controller does not have the right to delete or remove your data if it also affects our or other customers' legitimate interest.

Restriction on Deletion

We do not accept or process direct requests to delete entries from our fraud prevention databases unless formally instructed by the data controller, and even then, we might not be able to comply with such requests if the data is being used by more than one customer, or our own legitimate interests are affected.

Deleting such records without authorization would defeat the legitimate interest pursued by our customers and undermine our ability to protect their services and infrastructure, hence we do not allow such deletion requests.

International Transfers

We may process and store data on servers located outside the European Economic Area (EEA). When applicable, appropiate safeguards will be in place to ensure the protection of your data and the compliance with applicable laws.

We currently process and store data on servers located in the following regions: United States, Canada, Germany.

Security Measures

We maintain technical and organizational measures appropiate to protect your data from unauthorized access, use, disclosure, alteration, or destruction, including:

  • Access controls, such as firewalls, to prevent unauthorized access to our systems and data.
  • Encryption of data in transit and at rest.
  • Regular backups of data.
  • Physical security measures, such as access controls, to prevent unauthorized access to our systems and data.

IP Geolocation

We use the IP address of the user to determine an approximate geographical location. This process is essential for detecting the use of VPNs, proxies, Tor networks, or other anonymization services, as part of our fraud prevention measures.

We do not have access to the user's exact location (e.g: GPS, browser location, etc...), nor do we infer or store precise geolocation data. The information is not provided directly by the user but is derived from their public sources obtained upon TCP/IP connection, specifically geofeed files published by Internet Service Providers (ISPs). For example, you can view our own geofeed at this link.

Our geolocation results are based on third-party databases, primarily MaxMind and IPInfo, which aggregates publicly available information, such as ISP-assigned IP ranges. We use these databases to map IP addresses to a general country or region, but not to a specific address or user location.

No sensitive personal information such as a user's exact physical location, home address, or device geolocation is collected or stored by us. Geolocation is based solely on the public assignment of IP prefixes and is only used for legitimate interests such as fraud prevention, service security, and abuse mitigation.

Data Sharing and Third-Party Services

We only share user data with carefully selected third-party service providers when it is necessary to deliver our services, process payments, maintain communications, or ensure the security and functionality of our platform. Data is shared under strict confidentiality agreements and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

The categories of data and third parties involved are as follows:

  • Payment Processing: We use Stripe to securely process billing information, including payment details, invoices, and customer information necessary for transaction management. Stripe acts as an independent data controller for the payment information they collect.
  • Email and Communications: We use Google Workspace (G Suite) for our email communications. This means that email addresses, and any information you send to us by email, are stored and processed through Google's secure systems, subject to Google's own data protection measures.
  • Infrastructure and Hosting: Our infrastructure providers may have technical access to certain metadata (such as IP addresses) for operational reasons. We ensure that any providers we use meet strict security and data protection standards.

    You can expect the following providers to be used: OVH HISPANO SL, Hetzner Online GmbH, Datacamp Limited.
  • Geolocation Services: We use third-party services such as MaxMind or IPInfo to determine the approximate location of IP addresses for fraud prevention purposes. Refer to the IP Geolocation section for more details.
  • Security and WAF: We use Cloudflare to protect our website and API from DDoS attacks, malicious attacks, and other security threats.

We do not sell, rent, or otherwise disclose personal data to third parties for marketing purposes. Data sharing is limited strictly to what is necessary for the operation, security, compliance, and improvement of our services.

Legal Entity Identification

The legal entity responsible for the processing of data on the service is:

v4Guard, Ismael Muñoz Hernández
San Vicente del Raspeig, 03690
Alicante, Spain.

Contact:
+34 624 53 28 99
privacy@v4guard.io