← Back to Orca
Legal

Privacy Policy

Last updated .

On this page
  1. Summary
  2. Who we are
  3. What we collect
  4. How we use it
  5. Legal bases (GDPR)
  6. Who we share with
  7. Retention
  8. International transfers
  9. Cookies and tracking
  10. Children's privacy
  11. Your rights
  12. California (CCPA / CPRA)
  13. United Kingdom (UK GDPR)
  14. Security
  15. Data Protection Officer
  16. Changes to this policy
  17. Contact

Summary

Orca is a Minecraft server hosting service. To run servers for you, we collect the data we need (account info, server config, support messages, AI chat transcripts, basic device info). We use it to operate, support, and improve the service, and to keep it safe.

We do not sell personal information. We share data only with vendors that help us run Orca (listed below) and when required by law.

Orca's minimum age is 16. If you're under 16, a parent or legal guardian must provide verifiable parental consent before you can use Orca. We never knowingly collect personal information from children under 13.

Who we are

"Orca", "we", "us", and "our" refer to Simplifine Corp, a Delaware C Corporation, doing business as "Orca", which operates the Minecraft server hosting product at orcaclient.com. Simplifine Corp is the data controller for the personal information described in this policy. If you have questions, email privacy@orcaclient.com.

What we collect

Information you give us

  • Account. Email address; display name; Discord OAuth ID and avatar URL when you sign in with Discord.
  • Server configuration. Server names, world data, mod and plugin lists, permission settings, and any files you upload to your server.
  • Support and chat. Messages you send to support and transcripts of conversations with the Orca AI assistant, including any code, configuration, or files attached.
  • Payment. If you upgrade to a paid plan, our payment processor (Stripe) collects card details directly. We receive only a customer token, the last four digits, card brand, and billing country.
  • Parental consent.If you're under 16, the parent or guardian email address and the Stripe-card-token used to verify identity (we do not store the card number).

Information collected automatically

  • Device and connection. IP address, user-agent, rough geographic region derived from IP, language preference, and referring URL.
  • Usage. Pages viewed, features used, in-product events, and the timing of those events.
  • Server logs. Operational logs from the Minecraft servers you run on Orca, including player join/leave events, chat (if your server has chat logging enabled), command usage, and crash reports.

How we use it

  • Provision, run, and monitor your Minecraft servers.
  • Power the Orca AI assistant (mod suggestions, config edits, plugin installation, error explanations).
  • Authenticate you and protect your account.
  • Bill you, process refunds, and detect fraudulent or abusive payments.
  • Respond to support requests.
  • Detect, prevent, and respond to abuse, fraud, attacks on the service, and violations of our Acceptable Use Policy.
  • Comply with legal obligations and respond to legal process.
  • Improve Orca: debugging, analytics, and product research. Where required by law, we anonymize or aggregate data before using it for improvement purposes.

Legal bases for processing (GDPR)

If you are in the European Economic Area, UK, or Switzerland, we process your personal data on these legal bases:

  • Contract. To provide Orca after you sign up.
  • Legitimate interests. Security, fraud prevention, product analytics, and customer support.
  • Consent. Optional cookies and marketing emails. You can withdraw consent at any time.
  • Legal obligation. Tax, accounting, and responding to lawful requests.
  • Parental consent. Processing data of users under 16, where applicable.

Who we share with

We share personal information only with these categories of recipients:

  • Hosting and infrastructure. Microsoft Azure (server compute), Vercel (web frontend hosting), Supabase (database and authentication).
  • AI assistant. Anthropic, accessed through our managed AI gateway, processes chat transcripts to generate responses. Anthropic does not train models on Orca user content.
  • Payments. Stripe processes card payments and performs identity-verification card tokens for parental consent.
  • Analytics and error monitoring. Aggregated and pseudonymized product analytics providers.
  • Legal and safety.Law enforcement and other parties when required by valid legal process, or to protect the rights, property, or safety of Orca, our users, or the public, including reports of child sexual abuse material to the National Center for Missing & Exploited Children (NCMEC).
  • Successors. A buyer or successor entity in a merger, acquisition, or asset sale, subject to this policy.

We do not sell personal information and do not share it for cross-context behavioral advertising.

Retention

  • Account data. Kept while your account is active, plus up to 90 days after deletion for backups and dispute resolution.
  • Server worlds and files. Kept while your subscription is active. Deleted within 30 days after a server is permanently terminated.
  • Server logs. 30 days for operational logs. Security event logs may be kept up to 1 year.
  • AI chat transcripts. Kept while your account is active. You can delete individual conversations from the console at any time.
  • Billing records. Kept for 7 years to comply with tax and accounting requirements.

International transfers

Orca is operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the U.S. and in any other country where our vendors operate. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, plus supplementary measures where appropriate. You may request a copy of the safeguards used by emailing privacy@orcaclient.com.

Cookies and tracking

We use a small number of first-party cookies and similar technologies. They are used to keep you signed in, remember preferences, secure the service against attacks, and measure how the product is used. We do not use third-party advertising cookies. You can clear cookies in your browser at any time. Disabling strictly necessary cookies will break authentication.

Children's privacy

Orca's age floor is 16. We do not knowingly collect personal information from children under 13. If you're between 13 and 15, your parent or legal guardian must provide verifiable parental consent before you can use Orca. The mechanism, the data we collect from minors, and parent rights are described in detail in our Children's Privacy Addendum.

Your rights

Subject to local law, you have the right to access, correct, delete, port, restrict, or object to our processing of your personal data, and to withdraw consent where processing is based on consent.

  • Access. Request a copy of the personal information we hold about you.
  • Rectification. Ask us to correct information that is inaccurate.
  • Erasure. Ask us to delete your personal information. We will honor this unless we are legally required to retain it.
  • Portability. Receive a copy of your data in a structured, commonly used, machine-readable format.
  • Object. Object to processing based on legitimate interests.
  • Restrict. Ask us to restrict processing while a dispute is resolved.
  • Complain.Lodge a complaint with your local data protection authority. We'd appreciate the chance to address your concern first by emailing privacy@orcaclient.com.

To exercise any right, email privacy@orcaclient.com. We respond within 30 days.

California (CCPA / CPRA)

California residents have the right to know the categories and specific pieces of personal information we have collected, to delete personal information, to correct inaccurate information, and to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CPRA. We do not use sensitive personal information for inferring characteristics about consumers.

To submit a CCPA request, email privacy@orcaclient.com with the subject line "CCPA Request". We will verify your identity using the email tied to your account before responding. You may also designate an authorized agent.

United Kingdom (UK GDPR)

UK residents have the rights set out in the UK GDPR and the Data Protection Act 2018, equivalent to those listed above. You may complain to the Information Commissioner's Office at ico.org.uk.

Security

We use industry-standard safeguards: TLS in transit, encryption at rest for stored data, role-based access controls, audit logging, and regular dependency scans. No system is perfectly secure; if you believe your account has been compromised, contact us immediately at security@orcaclient.com.

Data Protection Officer

Orca has not formally appointed a Data Protection Officer because we do not meet the GDPR thresholds that require one. For privacy questions, the responsible contact is privacy@orcaclient.com. If a DPO is required for a future jurisdiction, we will update this notice.

Changes to this policy

If we make material changes, we will notify you by email or by an in-product banner before the changes take effect. The latest version is always available at this page with the "last updated" date at the top.

Contact

For any privacy question, email privacy@orcaclient.com.