beaconAlpha
Legal

Privacy Statement

Effective June 4, 2026

This Privacy Statement explains what Beacon Atlas collects, uses, shares, and keeps when we operate the public directory, documentation site, and Minecraft sign-in broker at beacon-mc.io.

We run no advertising, no analytics, and no third-party tracking cookies. Individual beacons are run by their own operators on their own infrastructure; this statement does not cover the private data those servers collect from their players.

1. Who we are and scope

Beacon Atlas is operated by ThoughtsOnThings LLC, a limited liability company based in Brooklyn, New York, USA. We are the controller for the Atlas data described here. Contact us at admin@beacon-mc.io.

This statement applies to Atlas only: the public directory, documentation site, and Minecraft sign-in broker.

This statement does not apply to an individual beacon's dashboard, allowlist, world files, backups, chat history, audit logs, gameplay records, or server connection logs. Those are controlled by that beacon's operator, not by us.

2. Information we collect

Beacon registration

Atlas has no website accounts — there is no name, email address, or password to create. When a beacon registers, we store a generated beacon ID (its client ID), a hashed client secret, a display name, a unique slug, the redirect-URI allowlist used for sign-in, and creation, update, and rotation timestamps. The raw client secret is shown to the operator once and is never stored. Operators manage the registration over HTTPS using HTTP Basic authentication with the beacon ID and secret; there is no Atlas login session.

Listings, heartbeats, and public profile data

A listing stores the information an operator chooses to publish, such as server name, description, tags, region, Minecraft address, public links, profile text, rules, events, and visibility settings. A listed beacon also sends heartbeat data, such as online status, compatible version, loader, installed mods or plugins, player counts, and optional thumbnail imagery. Atlas may independently ping the advertised Minecraft address and stores hourly aggregate availability statistics.

Roster and activity data are opt-in. If enabled by an operator, those sections may include Minecraft usernames, account IDs, roles, online status, and recent gameplay activity. Atlas drops those sections unless the operator has enabled the matching consent controls.

Minecraft sign-in broker

When a player signs in to a beacon through Atlas, we process the minimum needed to confirm their Minecraft identity: Microsoft sign-in artifacts, a Microsoft access token used once to look up the Minecraft profile, the Minecraft username, and the Minecraft account ID (UUID). We do not receive the player's Microsoft password or email address, do not request offline access, and do not store Microsoft, Xbox, or Minecraft tokens.

The broker client and the listing are the same beacon record described above — a beacon does not register a second time to offer sign-in. Each sign-in attempt creates a short-lived record (the request state, nonce, and PKCE challenge) that expires within minutes.

Reports

If you report a listing, we store the reason you select, any detail you add, and a hashed form of your IP address used for rate-limiting and abuse prevention. We do not store your raw IP address with a report.

Communications and technical delivery

Atlas does not send transactional email — there are no account, verification, or password-reset messages. If you email us at admin@beacon-mc.io, we process the contact details and message content needed to respond. Our hosting and database providers process technical data such as IP addresses and request metadata as needed to deliver, secure, and maintain the service.

3. Why we use information

  • Provide the service, including beacon registrations, listings, heartbeats, public pages, documentation, and the sign-in broker.
  • Secure the service, including secret hashing, redirect URI checks, abuse prevention, and reliability monitoring.
  • Communicate with you, including support replies and security notices when you contact us.
  • Operate the public directory, including search, discovery, live status, aggregate statistics, and public profile pages.
  • Comply with law and enforce our Terms, including responding to valid legal requests and protecting users, operators, and the service.

For EEA and UK users, our legal bases are contract where needed to provide the service, legitimate interests where needed to operate and secure Atlas, consent where we ask for it, and legal obligation where the law requires processing.

4. Public listings and operator control

Atlas listings are public by design. Public listing data may be viewed, indexed by search engines, cached, copied, and shared by others.

Operators decide what their beacons publish to Atlas and are responsible for any player information they choose to expose. For player data stored on an individual beacon after sign-in, the operator is the independent controller and should provide their own privacy notice.

5. Cookies and tracking

We use only strictly necessary cookies that carry the Minecraft sign-in flow between its steps. We do not use analytics cookies, advertising cookies, cross-site tracking cookies, or fingerprinting.

6. Who we share information with

We do not sell personal information and do not share it for cross-context behavioral advertising. We share information only as needed to operate Atlas:

We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, and security of Atlas, users, operators, or others.

7. How long we keep information

  • Beacon registrations are kept until the operator deletes the beacon or it is removed under our Terms, subject to limited backup retention and legal/security needs.
  • Listings and listing content are kept until deleted by the operator or removed under our Terms.
  • Broker sign-in attempts expire after about 10 minutes; one-time codes expire after about 2 minutes; signed identity statements expire after about 5 minutes and are not stored by us.
  • Hourly heartbeat statistics are kept for about 90 days.
  • Backups age out under our database provider's backup retention process.
  • Support and legal communications are kept as long as reasonably needed to handle the request and maintain business records.

8. Where information is processed

We are based in the United States and process Atlas information primarily in the United States. Our providers may process information in the United States or other countries. Where transfer safeguards are required, we rely on provider terms, data-processing terms, Standard Contractual Clauses, Data Privacy Framework participation, or other lawful transfer mechanisms made available by those providers.

9. Your choices and rights

Operators can edit, pause, or delete their listing from their beacon's dashboard. To delete a beacon registration, or for access, correction, deletion, export, objection, restriction, withdrawal of consent, or other privacy requests, email admin@beacon-mc.io.

Your rights depend on where you live. If you are in the EEA or UK, you may also complain to your local supervisory authority. If you are in a US state with privacy rights, you can contact us to exercise them. Because we do not sell personal information or share it for targeted advertising, there is no sale/share opt-out to offer.

10. Security

We use reasonable safeguards for the type and amount of information Atlas handles, including TLS for traffic, hashing of client secrets and other tokens where appropriate, short-lived broker artifacts, exact redirect URI allowlists, limited cookies, and service providers with published security and privacy terms. No online service is perfectly secure. If a breach requires notice, we will provide notice as the law requires.

11. Children

Beacon Atlas is not directed to children under 13, and children under 13 may not register a beacon or use the sign-in broker. If we learn that we collected personal information from a child under 13 without the required consent, we will delete it.

Minecraft players may use a beacon operated by someone else. That operator is responsible for age-appropriate notices, consent, and privacy rights for their own server. If you are a parent or guardian with a concern about Atlas itself, contact us at admin@beacon-mc.io.

12. Changes and contact

We may update this statement as Atlas changes. We will revise the effective date when we do. Questions, requests, or complaints can be sent to admin@beacon-mc.io.