RConductor
DE EN
Open Panel

Privacy Policy

Last updated: March 4, 2026

1. Controller

Gonzi Tech UG (haftungsbeschränkt)
An der Mannsfaust 10
60599 Frankfurt am Main, Germany
Email: kontakt@gonzi.tech
Phone: +49 69 247422680

Managing Director: David Joswig

2. Overview

RCONductor ("Service") is a SaaS platform by Gonzi Tech UG (haftungsbeschränkt) for managing FiveM and RedM game servers via Discord. This privacy policy explains how we collect, use, and protect your personal data when you use our website (rconductor.app) and our services.

3. Data We Collect

3.1 Discord OAuth2 Data

When you log in via Discord, we receive the following data from Discord:

  • Discord User ID
  • Username and avatar
  • Email address (for account identification)
  • Guild (server) memberships and roles

Legal basis: Art. 6(1)(b) GDPR – necessary for the performance of a contract.

3.2 Payment Data

Payments are processed by Stripe, Inc. We do not store full credit card numbers. Stripe processes your payment data under their own privacy policy. We receive and store:

  • Stripe Customer ID
  • Subscription status and plan tier
  • Invoice history

Legal basis: Art. 6(1)(b) GDPR – necessary for billing and subscription management.

3.3 Server Configuration Data

To provide the service, we store:

  • RCON connection credentials (encrypted at rest with AES-256)
  • Command permissions and role mappings
  • Event mappings and panel configurations
  • Audit logs of actions performed through the bot

Legal basis: Art. 6(1)(b) GDPR – necessary for service delivery.

3.4 Analytics Data

If analytics is enabled for your server, we collect aggregated player count data (no individual player data). This data is used solely to display server statistics within the dashboard.

Legal basis: Art. 6(1)(b) GDPR – part of the subscribed service.

4. Cookies and Sessions

We use the following cookies:

  • rconductor_session – Session cookie for authentication (httpOnly, secure). Expires after 24 hours.
  • rconductor_promo – Promotional code storage (httpOnly, secure). Expires after 7 days.
  • rconductor_affiliate – Affiliate tracking (httpOnly, secure). Expires after 30 days.
  • rconductor_deal_dismissed – Remembers deal modal dismissal (httpOnly, secure). Expires after 7 days.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

5. Data Storage and Security

Your data is stored on servers within the European Union. We implement the following security measures:

  • Encryption in transit (TLS 1.3 via Cloudflare)
  • RCON credentials encrypted at rest (AES-256-GCM)
  • Session data stored in Redis with automatic expiry
  • Database access restricted to internal network only
  • Regular security updates and monitoring

6. Third-Party Services

ServicePurposeData Transferred
DiscordAuthentication & Bot IntegrationUser ID, guilds, roles
StripePayment ProcessingEmail, payment method
CloudflareCDN & DDoS ProtectionIP address (anonymized)
HetznerServer Hosting (EU)All service data

7. Data Retention

  • Session data: 24 hours (Redis, automatic expiry).
  • Account data: retained for the duration of the subscription, automatically deleted 30 days after cancellation.
  • RCON credentials: encrypted at rest, automatically deleted 30 days after subscription ends.
  • Audit logs: retained for 90 days, then automatically purged.
  • Usage logs (detailed): retained for 90 days, then automatically purged.
  • Rate limit logs: retained for 30 days.
  • RCON job results: retained for 48 hours.
  • Analytics data: aggregated player count statistics (no personal data) are retained indefinitely to provide long-term server insights.
  • Invoices: retained for at least 8 years (legal requirement under German tax law, § 147 AO).
  • Verified user status: retained for the duration of community membership plus 1 year.

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

To exercise these rights, contact us at kontakt@gonzi.tech.

9. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The responsible authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
https://datenschutz.hessen.de

10. Changes to This Policy

We may update this privacy policy from time to time. The current version is always available at /datenschutz.