Skip to main content
Last updated: January 27, 2026 At Sinaty Networks, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services. By using our services at https://sinaty.net, https://sinaty.business, https://sinaty.me, or any other Sinaty Networks domain, you agree to the terms of this Privacy Policy.

Data Controller

Sinaty Networks is the data controller for the personal data we process. For any privacy-related inquiries, please contact us at: [email protected] or [email protected] for security-related matters. We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):
  • Consent: When you voluntarily provide information to us and agree to this Privacy Policy
  • Legitimate Interest: To provide, secure, and improve our services, prevent fraud, and protect user accounts
  • Contract Performance: To fulfill our obligations under our terms of service
  • Legal Obligation: To comply with applicable laws and regulations

Information We Collect

Personal Data We Collect

Account Information

  • Email addresses: For account creation, communication, and service notifications
  • Usernames: For gaming services and community identification
  • Passwords: Stored securely using industry-standard encryption (hashed and salted)

Technical Data & Comprehensive Logging

We maintain detailed logs of all service activity for security, fraud prevention, and service reliability:
  • IP addresses: Logged with every request for security monitoring, DDoS protection, and geographic analysis
  • Device information: Browser type, operating system, device identifiers, and user agent strings
  • Timestamps: Exact date and time of every service request and account access
  • Geographic location: Country and region derived from IP address
  • Request details: All API calls, service requests, and system interactions
  • Access patterns: Login history, session information, and account activity
  • Usage data: Detailed records of how you interact with our services
Purpose of comprehensive logging: These logs enable us to:
  • Detect and mitigate DDoS attacks and security threats
  • Investigate suspicious account activity and unauthorized access
  • Assist users in recovering compromised accounts
  • Identify and resolve technical issues and service outages
  • Verify legitimate account access and provide security alerts
  • Comply with legal obligations and respond to valid legal requests

Communication Data

  • Support requests: Messages sent to our support channels
  • Community interactions: Discord messages and forum posts
  • Feedback: Voluntary feedback and suggestions

Data We Do NOT Collect or Store

  • Payment information: We do not store credit card numbers, bank account details, or any financial information
  • Sensitive personal data: Health information, political opinions, religious beliefs, etc.
  • Precise location data: Beyond country/region derived from IP address
  • Biometric data: No facial recognition, fingerprints, or similar data

How We Use Your Data

Service Provision

  • Account management: Creating and maintaining your user accounts
  • Service delivery: Providing gaming services, APIs, and web services
  • Communication: Sending important service updates and notifications
  • Support: Responding to your inquiries and providing technical assistance

Security & Protection

  • Security monitoring: Detecting and preventing unauthorized access attempts
  • DDoS protection: Identifying and mitigating distributed denial-of-service attacks
  • Fraud prevention: Protecting against abuse, account takeovers, and malicious activities
  • Account recovery: Using access logs to help users recover compromised accounts
  • Incident investigation: Analyzing security incidents and identifying attackers
  • Access verification: Confirming legitimate account access and alerting users to suspicious activity

Performance & Analytics

  • Performance optimization: Improving service reliability and speed
  • Usage analytics: Understanding how our services are used
  • System monitoring: Tracking service health and identifying technical issues
  • Capacity planning: Ensuring adequate resources for user demand
  • Regulatory compliance: Meeting legal obligations under GDPR and other applicable laws
  • Data retention: Maintaining records as required by law
  • Legal requests: Responding to valid legal process and law enforcement requests
  • Audit trails: Keeping logs for security, compliance, and accountability purposes

Data Storage & Security

Security Measures

  • Encryption in transit: All data is encrypted using SSL/TLS certificates
  • Encryption at rest: Data is stored on secure, encrypted servers
  • Password protection: All passwords are hashed using industry-standard algorithms with cryptographic salt
  • Access controls: Limited access to authorized personnel only with multi-factor authentication
  • Regular updates: Security patches and system updates applied promptly
  • Continuous monitoring: 24/7 security monitoring and threat detection
  • Intrusion detection: Advanced systems to detect and prevent unauthorized access
  • Regular audits: Periodic security reviews and vulnerability assessments

Data Location

  • Primary storage: Data is stored on secure servers within the European Union
  • Backup systems: Regular encrypted backups with the same security standards
  • CDN services: Limited data may be cached on trusted CDN networks for performance
  • Geographic redundancy: Data replicated across multiple secure locations for reliability

Password Security

  • Strong hashing: Industry-standard algorithms (bcrypt, Argon2, or similar)
  • No plain text: We never store passwords in readable format
  • Salt values: Unique cryptographic salt for each password
  • No recovery: Passwords cannot be recovered, only reset
  • Regular audits: Security reviews of our password handling practices

Data Retention Policy

Permanent Storage with User Control

Important: By default, we retain all account data and service logs permanently to ensure service quality, security, and account protection. However, you maintain full control over your data through deletion requests.

Account Data

  • Active accounts: All account information is retained permanently while your account remains active
  • User-requested deletion: Data is permanently deleted within 30 days of receiving a verified deletion request
  • Account closure: You may request account deletion at any time by contacting [email protected]

Security & Access Logs

  • Comprehensive logging: All service requests, API calls, and account access attempts are logged with full details
  • Log retention period: Security logs are retained for 3 years from the date of creation
  • Purpose: Logs enable long-term security analysis, fraud investigation, and account protection
  • User benefit: Historical logs help us recover your account if compromised and prove unauthorized access

Communication Records

  • Support requests: Retained for 3 years for service improvement and quality assurance
  • Community content: Retained according to platform-specific policies
  • Email communications: Service emails retained for 2 years

Automatic Deletion

  • Log expiration: Security logs older than 3 years are automatically and securely deleted
  • Anonymization: Where possible, old data is anonymized rather than deleted to preserve analytics

Your Right to Deletion

You can request immediate deletion of your personal data at any time. Upon receiving a verified deletion request:
  1. We will confirm your identity to prevent unauthorized deletions
  2. All personal data will be permanently deleted within 30 days
  3. You will receive confirmation once deletion is complete
  4. Deletion is irreversible and cannot be undone
Note: We may retain minimal information if required by law or for legitimate legal purposes (e.g., preventing abuse, complying with legal obligations).

Data Sharing & Third Parties

Internal Use Only

  • No selling: We never sell, rent, or trade your personal data to third parties
  • Internal processing: Data is processed only by Sinaty Networks and authorized personnel
  • Team access: Limited access to authorized team members on a need-to-know basis
  • Confidentiality: All team members are bound by strict confidentiality agreements

Trusted Service Providers

We may share limited data with carefully vetted third-party services that meet GDPR standards:

Essential Services

  • Hosting providers: Secure server infrastructure and data center services
  • SSL certificate authorities: For website security and encrypted connections
  • CDN providers: Content delivery for performance optimization
  • Backup services: Secure, encrypted data backup solutions
Data Protection Agreements: All third-party service providers are bound by data processing agreements ensuring GDPR compliance.

API Dependencies

  • External APIs: Some of our services may rely on trusted external APIs
  • Data minimization: Only necessary data is shared with external services
  • Privacy compliance: All third parties must meet or exceed GDPR standards
  • Contractual obligations: Third parties are contractually prohibited from using your data for their own purposes

No Third-Party Marketing

  • No advertising networks: We do not share your data with advertising platforms
  • No analytics tracking: We do not use third-party behavioral tracking
  • No data brokers: We do not share your data with data brokers or aggregators
We may disclose your data when required by law, including:
  • Valid court orders or subpoenas
  • Legal obligations under applicable laws
  • Protection of our rights, property, or safety
  • Protection of user safety or prevention of fraud
  • National security or law enforcement requests where legally required
User notification: We will notify affected users of legal requests unless prohibited by law.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access

  • Request your data: You can request a complete copy of all personal data we hold about you
  • Response time: We will respond within 30 days
  • Format: Data will be provided in a clear, structured format
  • Free of charge: First request is free; excessive requests may incur a reasonable fee

Right to Rectification

  • Correct inaccuracies: You can request correction of inaccurate or incomplete personal data
  • Update information: You can update your account information at any time
  • Verification: We may verify your identity before making corrections

Right to Erasure (“Right to be Forgotten”)

  • Delete your data: You can request permanent deletion of your personal data
  • Complete removal: All personal data will be securely and permanently deleted within 30 days
  • Exceptions: We may retain minimal data if required by law or for legitimate legal purposes
  • Confirmation: You will receive confirmation once deletion is complete

Right to Restrict Processing

  • Limit processing: You can request that we limit how we process your personal data
  • Temporary restriction: During disputes about accuracy or lawfulness of processing
  • Account suspension: We can restrict processing while maintaining your account

Right to Data Portability

  • Receive your data: You can request a copy of your data in a structured, machine-readable format (JSON, CSV, etc.)
  • Transfer to others: You can request we transfer your data directly to another service where technically feasible
  • Common formats: We provide data in commonly used, interoperable formats

Right to Object

  • Object to processing: You can object to processing based on legitimate interests
  • Marketing communications: You can opt-out of marketing communications at any time
  • Automated decisions: You can object to automated decision-making
  • Withdraw anytime: You can withdraw consent for data processing at any time
  • Easy process: Simple withdrawal process through account settings or email
  • No penalty: Withdrawal does not affect the lawfulness of processing before withdrawal
  • Effect: We will stop processing your data unless we have other legal grounds

How to Exercise Your Rights

To exercise any of these rights, contact us at:
  • Email: [email protected]
  • Subject: GDPR Rights Request - [Specify Right]
  • Include: Your account email, username, and clear description of your request
We will respond to all requests within 30 days and may request additional information to verify your identity.

Cookies & Tracking

Essential Cookies

We use cookies and similar technologies that are strictly necessary for service functionality:
  • Session management: Required for maintaining your logged-in state
  • Security: CSRF protection and authentication tokens
  • Preferences: Your language and display settings
  • Load balancing: Ensuring optimal server distribution

Analytics & Performance

  • Usage statistics: Anonymized data about service usage patterns
  • Performance monitoring: Service reliability, speed metrics, and error tracking
  • No personal identification: Analytics data is anonymized and cannot identify individual users
  • First-party only: We do not use third-party tracking cookies
  • Browser controls: You can control cookies through your browser settings
  • Service impact: Disabling essential cookies may prevent service functionality
  • Clear cookies: You can clear cookies at any time through your browser
  • Cookie policy: Detailed information about cookies is available in our Cookie Policy

No Third-Party Tracking

  • No advertising cookies: We do not use advertising or marketing cookies
  • No social media tracking: We do not use social media tracking pixels
  • No cross-site tracking: We do not track you across other websites

International Data Transfers

EU Data Protection

  • Primary location: All data is primarily stored and processed within the European Union
  • GDPR compliance: We adhere to all EU data protection standards
  • Adequacy decisions: We only transfer data to countries with adequate protection as recognized by the EU Commission
  • Standard contractual clauses: Legal safeguards for any international transfers
  • Data localization preference: We prioritize EU-based data processing and storage

Third-Party Transfers

  • Limited transfers: Only essential data is transferred internationally when necessary
  • Service providers: Some service providers (hosting, CDN) may have international presence
  • Safeguards: Appropriate legal and technical safeguards are in place for all transfers
  • Encryption: All international data transfers are encrypted
  • Transparency: We maintain records of all international data transfers

Your Rights Regarding Transfers

  • Information: You can request information about international data transfers
  • Object: You can object to transfers that don’t meet adequate protection standards
  • Withdrawal: You can withdraw consent for international transfers where applicable

Children’s Privacy

Age Restrictions

  • Minimum age: Our services are not intended for children under 13 years of age
  • Parental consent: Required for users between 13-16 years of age in the European Union
  • No targeting: We do not knowingly market to or collect data from children
  • Age verification: We take reasonable steps to verify user age during registration

Protection Measures

  • Prohibited use: Children under 13 are prohibited from creating accounts
  • Immediate deletion: If we discover a user is under 13, we immediately delete their account and data
  • Parental rights: Parents can request deletion of their child’s data at any time
  • Educational content: We provide information about online safety for young users

Parental Notification

If we discover we have collected data from a child under 13:
  1. We will notify the parent/guardian if contact information is available
  2. We will immediately cease processing the child’s data
  3. We will permanently delete all collected data within 24 hours
  4. We will take steps to prevent future access

Data Breach Procedures

Incident Response

We maintain a comprehensive data breach response plan:
  1. Detection: Automated monitoring, intrusion detection systems, and manual security oversight
  2. Assessment: Rapid evaluation of breach scope, affected users, and potential impact
  3. Containment: Immediate steps to stop the breach and secure systems
  4. Investigation: Forensic analysis to understand cause and extent
  5. Notification: Prompt notification to authorities and affected users as required by law
  6. Remediation: Immediate steps to prevent future breaches and improve security

User Notification

If a data breach affects your personal data:
  • Timely notice: You will be notified within 72 hours when legally required
  • Clear information: Details about what data was affected and when the breach occurred
  • Impact assessment: Explanation of potential consequences
  • Protective measures: Steps you can take to protect yourself
  • Support: Dedicated support for affected users
  • Updates: Regular updates as we learn more about the breach

Regulatory Notification

  • Supervisory authority: We will notify the relevant data protection authority within 72 hours of becoming aware of a breach
  • Documentation: Complete documentation of the breach, impact, and response
  • Cooperation: Full cooperation with regulatory investigations

Prevention Measures

  • Regular audits: Frequent security audits and penetration testing
  • Employee training: Ongoing security awareness training for all personnel
  • Access controls: Strict access controls and monitoring
  • Incident drills: Regular security incident response drills

Changes to This Policy

Policy Updates

  • Regular review: This policy is reviewed and updated at least annually
  • Material changes: Significant changes will be communicated to users via email and prominent website notice
  • Version control: Clear versioning with dates and change summaries
  • Archive: Previous versions available upon request

User Notification

When we make material changes to this Privacy Policy:
  1. We will email all registered users at least 30 days before changes take effect
  2. We will display a prominent notice on our websites
  3. We will provide a clear summary of changes
  4. You will have the opportunity to review and accept the new policy

Your Rights Regarding Changes

  • Continued use: Continued use of our services after changes take effect constitutes acceptance
  • Withdrawal: You can withdraw consent or request account deletion at any time
  • Questions: Contact us with any questions about policy changes
  • Transition period: Reasonable time to review and decide whether to accept changes

Change Log

We maintain a detailed change log documenting:
  • Date of each policy update
  • Summary of changes made
  • Reason for changes
  • Effective date of changes

Contact Information

Privacy Inquiries

For any questions about this Privacy Policy or your personal data: Email: [email protected]
Subject: Privacy Policy Inquiry
Response time: Within 72 hours for general inquiries, 30 days for formal GDPR requests

Security & Data Protection

For security-related privacy matters and data protection issues: Email: [email protected]
Subject: Security & Privacy Inquiry
Response time: Within 24 hours for security issues

Data Protection Officer

For formal data protection matters and GDPR-related requests: Email: [email protected]
Subject: Data Protection Officer - [Your Request Type]
Response time: Within 30 days as required by GDPR

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

Service-Specific Privacy Information

Gaming Services

  • Server logs: Comprehensive logging of all game server activity for security and anti-cheat purposes
  • Player data: Usernames, game statistics, and gameplay data
  • IP logging: All connections logged with timestamps for security
  • Anti-cheat: Monitoring of game client behavior for fair play
  • Geographic data: Country-level location for server routing and security

API Services

  • Request logging: Every API call is logged with full details (IP, timestamp, endpoint, parameters)
  • Rate limiting: IP-based rate limiting for fair usage and DDoS protection
  • Usage tracking: Detailed API usage statistics for security and billing
  • Authentication logs: All API authentication attempts logged for security
  • Permanent storage: API logs retained for 3 years for security analysis

Email Services

  • Account management: Standard account information (email address, username)
  • Email metadata: Sender, recipient, timestamp logged for security
  • No content monitoring: Email content is not monitored, stored, or analyzed
  • Encrypted transmission: All email transmission uses TLS encryption
  • Spam protection: Automated spam filtering without content analysis

Web Services

  • Access logs: All web requests logged with IP, timestamp, and request details
  • Session management: Session cookies for maintaining logged-in state
  • Error logging: Detailed error logs for troubleshooting and security
  • Performance monitoring: Response times and service health metrics
  • Security monitoring: Real-time monitoring for attacks and suspicious activity

GDPR Compliance

This Privacy Policy and our data practices comply with:
  • General Data Protection Regulation (GDPR) - EU Regulation 2016/679
  • National data protection laws of EU member states
  • ePrivacy Directive and national implementations

Data Protection Principles

We adhere to the GDPR principles:
  1. Lawfulness, fairness, and transparency: We process data lawfully and inform you clearly
  2. Purpose limitation: Data is collected for specific, legitimate purposes
  3. Data minimization: We collect only data necessary for our purposes
  4. Accuracy: We keep data accurate and up-to-date
  5. Storage limitation: Data is kept only as long as necessary (or until you request deletion)
  6. Integrity and confidentiality: We ensure appropriate security
  7. Accountability: We demonstrate compliance with GDPR

Your Right to Complain

If you believe we have violated your privacy rights, you can:
  1. Contact us directly to resolve the issue
  2. File a complaint with your national data protection authority
  3. Seek judicial remedy through the courts

Cooperation with Authorities

We cooperate fully with data protection authorities and respond promptly to:
  • Formal inquiries and investigations
  • Compliance audits
  • User complaints forwarded by authorities
  • Data protection impact assessments when required

Summary

What we collect: Account information, comprehensive security logs, IP addresses, device information, timestamps, and communication data. What we DON’T collect: Payment information (credit cards, bank accounts), sensitive personal data, precise location data, or biometric data. How long we keep it: Permanently by default for security and service quality, but you can request deletion at any time. Security logs are retained for 3 years. Why comprehensive logging: To protect your account, prevent fraud, detect attacks, investigate security incidents, and ensure service reliability. Your control: You can request access, correction, or deletion of your data at any time. Deletion requests are completed within 30 days. Security: Industry-standard encryption, secure servers, comprehensive monitoring, and strict access controls. No selling or sharing: We never sell your data. Limited sharing only with essential, GDPR-compliant service providers. Your rights: Full GDPR rights including access, rectification, erasure, restriction, portability, and objection.
This Privacy Policy is designed to be transparent and comprehensive about our actual data practices. We believe in honest communication about how we protect and use your data. If you have any questions or concerns about how we handle your personal data, please contact us at [email protected] or [email protected] for security-related matters. We are committed to protecting your privacy and ensuring the security of your personal information in full compliance with EU GDPR regulations. Our domains: https://sinaty.net | https://sinaty.business | https://sinaty.me Last updated: January 27, 2026
Effective date: January 27, 2026