Privacy Policy — The Command Platform

1. Who We Are

GUMP Hosting is a managed hosting service for the GUMP unit management platform, operated for military simulation communities. We are the data controller for personal data collected through gump-hosting.com and the central management hub.

For data collected within your GUMP instance (member profiles, forum posts, uploads, etc.), the instance operator is the data controller. GUMP Hosting acts as a data processor in that context, processing data on the operator's behalf in order to provide the service.

Contact us at [email protected] with any privacy questions.

2. Data We Collect

We collect only what is necessary to provide and improve the service.

Account data (collected by GUMP Hosting)

Data	Why we collect it
Email address	Account identification, login, transactional emails (billing, security)
Password	Stored as a one-way hash — we cannot read your password
Group name / slug	To provision and identify your instance
Subscription and billing records	To manage your plan, process payments, and meet legal obligations. Card details are handled entirely by our payment processors — we do not store them.
Support communications	Emails and Discord messages you send to us for support

Instance data (within your GUMP instance)

Your instance stores data entered by you and your members: member profiles, callsigns, avatars, service records, forum posts, documents, media uploads, operation logs, and audit trails. This data is yours. We only process it to provide the hosting service.

Technical data (automatic)

Data	Why we collect it
Server and error logs	Platform stability, debugging, and security monitoring. Retained for 30 days.
Session data	Keeping you logged in during a session. Stored as a secure cookie, cleared on logout or session expiry.

We do not collect advertising data, browsing history, or any data for the purpose of profiling or targeting. We do not use third-party analytics scripts on this site.

3. How We Use Your Data

We use the data we collect only for the following purposes:

Providing the service — provisioning and running your instance, processing your subscription, and delivering support
Account management — letting you log in, reset your password, and manage your account settings
Billing and payments — processing subscription payments and maintaining the transaction records required by law
Security — detecting and preventing abuse, fraud, and unauthorised access
Service communications — notifying you of billing events, security issues, planned maintenance, and material changes to the service or these policies
Legal compliance — meeting our obligations under applicable law

We do not use your data for advertising, profiling, or any purpose not listed above. We do not sell your data.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and equivalent laws, we process your personal data on the following bases:

Contract performance — processing your account data and subscription is necessary to deliver the service you've signed up for
Legal obligation — retaining billing records as required by tax and accounting law
Legitimate interests — security monitoring, fraud prevention, and service improvement, where these do not override your rights
Consent — where we rely on consent (for example, optional communications), you may withdraw it at any time

5. Data Sharing

We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances:

Payment processors (Stripe, PayPal) — to process subscription payments. These processors have their own privacy policies and are bound by GDPR where applicable.
Email delivery (Brevo/SMTP relay) — to send transactional emails such as password resets and billing notifications. Message content is limited to what is necessary.
Legal requirements — if required by law, regulation, or a valid legal order, we may disclose data to the appropriate authorities. We will notify you where legally permitted to do so.

No other third parties have access to your data. We do not use advertising networks, analytics services, or social media trackers.

6. Storage and Security

Your data is stored on our self-hosted server. We take reasonable technical and organisational steps to protect your data, including:

Passwords stored as one-way hashes (never in plain text)
Encrypted connections (HTTPS) for all traffic
Automated daily backups stored within your instance environment
Access controls restricting staff access to instance data
Two-factor authentication available on all accounts

No method of transmission or storage is 100% secure. If you become aware of a security issue, please report it to [email protected] immediately.

7. How Long We Keep Data

Data type	Retention period
Account and instance data	Retained while your account is active. On cancellation, instance data is held in the free tier until you request deletion. We process deletion requests within 30 days.
Billing and transaction records	Retained for as long as required by applicable tax and accounting law (typically 7 years).
Support communications	Retained for as long as reasonably necessary to resolve your query and handle any follow-up.
Server and error logs	Automatically purged after 30 days.
Session cookies	Cleared on logout or when the session expires.

8. Your Rights

Under GDPR and applicable data protection law, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete data. Much of this you can update yourself in your account settings.

Right to Erasure

You can request that we delete your personal data. Exceptions apply where we are required to retain it by law.

Right to Portability

You can request your instance data in a machine-readable format. The admin panel includes JSON and CSV export tools for this purpose.

Right to Restrict Processing

In certain circumstances you can ask us to stop using your data while a dispute is resolved.

Right to Object

You can object to processing based on legitimate interests where you believe your rights outweigh ours.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority if you believe we have handled your data unlawfully.

9. Cookies

We use only the cookies strictly necessary to operate the service:

Cookie	Purpose	Duration
Session cookie	Keeps you logged in during your visit. Required for the service to function.	Session (cleared on logout or browser close)
CSRF token	Protects against cross-site request forgery attacks. Required for security.	Session
Preferences	Remembers optional settings such as the transparency toggle on public pages.	Up to 1 year

We do not use advertising cookies, tracking cookies, or any third-party analytics cookies. You can disable cookies in your browser settings, but this will prevent you from logging in.

10. Children

GUMP Hosting is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data without appropriate consent, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify instance operators by email before they take effect. The date at the top of this page shows when the policy was last updated.

Continued use of the service after an update takes effect constitutes acceptance of the revised policy.

12. Contact

For privacy questions, data requests, or concerns about how we handle your data:

📧 [email protected]

💬 discord.gg/KqcEZ2S7MV

🌐 Contact form

We aim to respond to all privacy requests within 30 days. If you are not satisfied with our response, you have the right to complain to your national data protection authority.