Privacy Policy
Last updated: 14.04.2026
Introduction
Hytale.Surf (the "Site") respects the privacy of its users. This Privacy Policy describes what data we collect, how we use, store, and protect it. By using the Site, you agree to the terms of this Policy.
What data we collect
Registration data
Username, email address, and password. Your password is stored in encrypted form (bcrypt) and is not accessible even to site administrators.
Server data
When adding a server, you provide its name, IP address, description, tags, country, Discord/website links, and images (avatar, banner).
User activity
Reviews (rating and text), server votes (limited to one per day).
Analytics data
IP address, pages visited, referral source, on-site search queries, browser User-Agent. This data is used solely to improve the site and is never shared with third parties. Analytics are only collected with your consent.
Automatically detected data
To determine the interface language, we use a local geolocation database (by IP) and browser headers. No requests are sent to external geolocation services.
Cookies and local storage
| Cookie / Key | Type | TTL |
|---|---|---|
auth_token | HttpOnly cookie | 7 days |
hs_theme | localStorage | — |
hs_lang | localStorage | — |
hs_cookie_consent | localStorage | — |
auth_token — HttpOnly cookie for authentication. Expires after 7 days. Not accessible from JavaScript.
Local storage (localStorage) — Theme preference (hs_theme), language (hs_lang), cookie consent (hs_cookie_consent). This data is stored only in your browser and is never sent to the server.
How we use your data
- Site functionality: authentication, server display, voting, reviews
- Site improvement: analyzing traffic and user behavior
- Security: spam protection, rate limiting
- Personalization: automatic interface language detection
Third parties
We do not share your personal data with third parties. The site does not use third-party analytics (Google Analytics, etc.) or advertising networks. For default server avatars, the external service ui-avatars.com may be used.
Data protection
Passwords are stored in encrypted form (bcrypt). Authentication cookies are protected with HttpOnly and SameSite flags. Rate limiting is applied to prevent brute-force attacks. Database access is restricted.
Your rights
You can delete your account at any time, withdraw analytics consent through cookie settings, and request information about your stored data by contacting the administration.
Children
The site is not intended for persons under 16 years of age. We do not knowingly collect data from minors.
Policy changes
We may update this Policy. The current version is always available on this page. By continuing to use the site after changes are made, you accept the updated Policy.
Contact
For privacy-related questions, you can reach us through our Discord community or by email listed on the site.