Privacy Policy

Introduction

This Privacy Policy for Sonar ("Sonar," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services").

This includes, but is not limited to, when you:

• Visit our website at https://sonar.top/
• Use our software, Sonar
• Engage with us through sales, marketing activities, or events

We encourage you to read this policy carefully to understand your privacy rights and our practices. If you do not agree with this policy, please do not use our Services. For any questions or concerns, please reach out to us at [email protected].

Legal Bases for Processing (GDPR/UK GDPR)

We process your personal data under the following legal bases:

• Contract: To provide our Services, operate your account, and fulfill subscription obligations.
• Legitimate Interests: To secure our Services, prevent abuse, improve features, and maintain analytics that do not identify you.
• Consent: Where required for optional features or preferences (you can withdraw at any time).
• Legal Obligation: To comply with accounting, tax, and regulatory requirements.

Information We Collect

Our data collection is essential for delivering, maintaining, and enhancing our services. The specific data we collect depends on how you use our Services and the features you interact with.

Information You Voluntarily Provide

We collect personal information that you provide directly to us when you register for an account, show interest in our products, participate in community features (like forums), or contact us directly. This may include:

• Profile Information: We receive certain information from your Discord account as described in the "Information from Third Parties" section below.
• Payment Details: Data necessary to process your subscriptions or purchases, such as payment card details. Please note, this sensitive payment data is handled directly by our secure payment processor, Stripe, and not stored on our servers.

Information Collected Automatically

When you use or navigate our Services, we automatically gather certain data about your device and usage. While this data doesn't directly identify you, it may include your IP address, browser type, operating system, language settings, referring web pages, device name, general geographic location, and details about your activity within our Services. This data helps us ensure service security, operation, and provides insights for our analytics and reporting.

Plugin Statistics and Telemetry

The Sonar plugin securely transmits anonymous server information and usage statistics to our cloud service. This includes details like the plugin version, server software, and other performance metrics. This data is vital for diagnostics and continually improving our bot detection algorithms, and it is never linked back to specific servers or users.

Web Panel Server Data

Through your web panel, you can view various statistics about your server. We collect and process your server's hardware and software specifications, along with player statistics, which are securely sent from the plugin to our cloud service. This information is made available to you for monitoring your server's performance and activity.

Player Data for Real-Time Verification

For security checks, such as VPN detection and analyzing login patterns, the plugin may temporarily send player IP addresses and usernames to our cloud service for real-time verification. This data is handled with strict security, processed on the fly, and is never stored on our backend servers or in any database.

Information from Third Parties

In some instances, we may receive information about you from external sources. This includes information obtained through Discord Single Sign-On (SSO). From Discord, we may receive information such as your Discord user ID, username, email address, and avatar. We use this information to create and manage your Sonar account and to facilitate your access to our Services.

Cookies and Similar Technologies

We use cookies on our website to enhance your experience and understand how our Services are used.

We primarily use essential cookies that are necessary to operate the site (e.g., session management and theme preference). Where non-essential cookies are used, we will seek your consent.

These technologies help us:

• Manage user logins and maintain your authenticated session.
• Analyze website traffic and usage patterns to improve functionality.
• Remember your preferences for a personalized experience.
• Strengthen the security of our Services.

Third-Party Service Providers

We use trusted processors to help deliver our Services. These providers may process limited personal data on our behalf under data processing agreements:

• Cloudflare (including Turnstile/Captcha): network edge, DDoS protection, performance, and security.
• Stripe: payment processing and subscription management. Stripe stores and processes payment data; we do not store card numbers.
• Discord: authentication (SSO) and basic profile data (user ID, username, email, avatar) when you sign in via Discord.

How We Utilize Your Information

The information we gather serves various purposes:

• Service Provision: To deliver and maintain the core functions of Sonar, including account management, customer support, and ensuring the smooth operation of both the plugin, cloud components, and web panel.
• Service Improvement: To analyze usage trends, monitor performance, and develop new features, specifically enhancing our bot detection and IP reputation systems.
• Security and Integrity: To safeguard our Services and your Minecraft server against fraud, unauthorized access, and to uphold system integrity.
• Personalized Insights: To present real-time statistics and valuable insights to you via the web panel.
• Communication: To send you important administrative messages, product updates, security alerts, and support communications related to your use of our Services.
• Subscription & Payment Management: To process your payments and manage your subscriptions effectively.
• Legal Compliance: To respond to legal requests, subpoenas, or court orders, ensuring compliance with applicable laws and preventing harm.

When and How We Share Your Information

We only disclose your information in specific circumstances:

• Legal Requirements: When mandated by law, government requests, judicial proceedings, court orders, or other legal processes, such as responding to a subpoena or for national security requirements.
• Protecting Rights and Safety: Where we believe it's necessary to investigate, prevent, or address potential policy violations, suspected fraud, threats to personal safety, illegal activities, or as evidence in legal disputes.
• With Your Consent: For any other purpose, when we have obtained your explicit consent.

Data Security Measures

We implement robust security measures to protect your data. We employ firewalls, access controls, and conduct regular security audits to safeguard your information. As highlighted, sensitive player data (IP addresses and usernames) involved in real-time verification is processed transiently and never stored. While we strive for maximum security, it's important to understand that no online transmission or storage method is entirely infallible.

Data Retention Policy

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy policy, or as required by law (e.g., for tax or accounting purposes).

Once there is no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If immediate deletion isn't feasible (for instance, if data resides in backup archives), we will securely store it and isolate it from further processing until deletion becomes possible.

If you request account deletion, we use a multi‑step confirmation flow in the account settings and will then soft-delete your account, scheduling permanent anonymization/purge after 30 days. During this retention window you may contact support to restore your account. Server statistics and anonymized telemetry may be retained for analytics, but without identifiers that link back to you.

Children's Privacy

Our services are designed for a general audience and are not directed at children. Consistent with data protection laws, particularly within the European Union (EU) and other jurisdictions, our services are available only to individuals aged 16 or older.

If you are under 16, you are not permitted to use our services without explicit consent from a parent or guardian. Should we discover that we have inadvertently collected personal data from a child under 16 without appropriate consent, we will promptly take steps to delete that information. If you believe this may have occurred, please contact us immediately.

Your Data Rights (EU & UK GDPR)

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you are granted specific rights concerning your personal data under the General Data Protection Regulation (GDPR) and the UK GDPR. These rights include:

• Right to Information: The right to be informed about how your data is collected and used.
• Right to Access: The right to request a copy of the personal data we hold about you.
• Right to Rectification: The right to have inaccurate personal data corrected.
• Right to Erasure ("Right to be Forgotten"): In certain situations, you can request that your personal data be deleted.
• Right to Restrict Processing: The right to ask us to limit the processing of your personal data.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: The right to object to the processing of your personal data in specific scenarios (e.g., for direct marketing).
• Right to Withdraw Consent: Where our processing relies on your consent, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint: The right to file a complaint with a supervisory authority if you believe your rights have been infringed.

You can self‑serve certain rights directly in the product:

• Data export (portability/access): From your account page, use Export my data to download a structured JSON export containing your profile, servers, and summary counts.
• Account deletion: Start the multi‑step Delete my account flow in account settings. Deletion is scheduled (soft‑delete) with a 30‑day grace period before permanent anonymization/purge.

For other requests, please contact us using the information provided in the "Contact Us" section. We are committed to responding within the timeframe required by applicable law.

Billing & Subscriptions

Please note that all payments for Sonar are non-refundable. You retain the flexibility to cancel your subscription at any time; however, no refund will be issued for the current billing period once it has begun.

Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this policy will indicate when it was last revised, and the updated version will become effective immediately upon being accessible. For significant changes, we may notify you through a prominent notice on our website or by direct communication. We encourage you to review this policy regularly to stay informed about how we are protecting your information.

Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your data, please do not hesitate to contact us at [email protected].