HBL is completely free-to-use with no paid tiers, you can support us on Ko-Fi!
Hytale Ban List
Menu

Privacy Policy

Last updated: February 2026

1. Overview

Hytale Ban List ("we", "us", "the Service") is committed to being transparent about the data we collect and how we use it. This policy explains what information we store and your rights regarding that information.

2. Information We Collect

Player Data

When a player is reported via a connected server, we store their Hytale username and, if available, their UUID. This information is submitted by server operators and is necessary for the core function of the Service.

Ban Records

Ban records include the player identifier, reason for the ban, the reporting server, ban date, expiry date (if applicable), and any evidence files uploaded by the operator.

Appeal Submissions

When a player submits a ban appeal, we collect their contact email address, their appeal message, and any evidence files they upload. This information is used solely to review and respond to the appeal.

Server Operator Data

Server operators provide an email address at registration. We store this along with the server name and a hashed API key.

Usage Data

We log API requests for rate limiting and abuse prevention purposes. Logs are retained for a limited period and are not shared with third parties.

3. How We Use Your Information

  • To provide the core ban list lookup and reporting service.
  • To process and respond to ban appeals.
  • To prevent abuse and enforce our Terms of Service.
  • To contact server operators about their account if necessary.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Public Information

Ban records (player username, reason, server, ban date, and status) are publicly visible on the platform. This is the intended purpose of the Service. If you believe a ban record about you is inaccurate, you may submit an appeal.

5. Data Retention

Ban records are retained indefinitely unless revoked through the appeal process or removed by an administrator. Appeal submissions are retained for audit purposes. Server operator accounts are retained until deletion is requested.

6. Cookies & Tracking

The public-facing website does not use tracking cookies or third-party analytics. The admin panel stores a JWT authentication token in your browser's local storage, which is used solely for authentication and expires after 8 hours.

7. Security

We use industry-standard security practices including bcrypt password hashing, HTTPS encryption in transit, and rate limiting to protect the Service. API keys are stored as bcrypt hashes and are never logged in plaintext.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or request deletion of personal data we hold about you. To make such a request, contact us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related enquiries, email us at [email protected].