Register   Log In
Discord Join us now
Grand Opening
00
Days
:
00
Hours
:
00
Minutes
:
00
Seconds
🔥 April 17, 2026  •  16:00 UTC 🔥
100
Server Time:
 
Privacy Policy

Effective Date: May 1, 2026
Website: https://www.doommu.com

This Privacy Policy explains what personal data Doom-MU (“we”, “us”) collects when you visit our website or play on our private MU Online server, why we collect it, how it is used, who it is shared with, and the rights you have over it. We comply with the EU General Data Protection Regulation (GDPR) and other applicable data-protection laws.

1. Who We Are (Data Controller)

Doom-MU is a non-commercial private game server operated by an independent operator. Doom-MU is not affiliated with, sponsored by, or endorsed by Webzen Inc. or any other rights-holder of the MU Online IP. For any privacy-related question, contact us through the channels listed in section 14.

2. Data We Collect

We collect only what is necessary to operate the game service, process voluntary donations, and protect the server and its players.

2.1 Information you provide directly

  • Account data: username, password (hashed), e-mail address, security question/answer.
  • Donation data: in-game username, the donation tier and amount, transaction reference, and any message you include with the donation.
  • Support data: the content of contact-form messages, Discord direct messages to staff, or any communication you send to us.

2.2 Information collected automatically

  • Connection data: IP address (game and website), HWID-style hardware fingerprint, login/logout timestamps, client launcher version, and country derived from IP for anti-cheat and rate-limiting.
  • Gameplay data: character names, level, resets, items, in-game economy actions, chat logs, party/guild membership, deaths, events attended — the standard data the MU Online server records for the service to function.
  • Website telemetry: referrer, browser/user-agent, requested page, error logs.
  • Cookies and similar technologies: see section 9.

2.3 Information we do not collect

  • We do not collect your real name, real address, or full payment-card number. Donations go through third-party processors (see section 5) which handle card details on their own infrastructure; we only receive a transaction reference and payer e-mail.
  • We do not knowingly collect data from children under 16 (see section 12).

3. How We Use Your Data

We process your personal data only for the purposes listed below:

  • Providing and operating the game and website (creating your account, letting you log in, displaying rankings, etc.).
  • Processing voluntary donations and delivering website credits.
  • Detecting and preventing cheating, account theft, fraud, and abuse (this includes IP, HWID, and chat-log review).
  • Responding to support requests, complaints, and disputes.
  • Defending ourselves against payment chargebacks and legal claims, by providing the payment provider with transaction logs, account history, and Terms-of-Service evidence as described in our Refund Policy.
  • Communicating about server status, planned maintenance, and important rule changes.
  • Producing aggregate, non-identifying statistics about server activity (e.g. average online players, class distribution).

4. Legal Basis for Processing (GDPR Article 6)

  • Contract performance (Art. 6(1)(b)): creating and maintaining your game account, delivering credits for donations.
  • Legitimate interests (Art. 6(1)(f)): anti-cheat, fraud prevention, server security, defending against chargebacks, network and information security.
  • Legal obligation (Art. 6(1)(c)): tax/accounting records of donations where applicable, responding to lawful requests from authorities.
  • Consent (Art. 6(1)(a)): for non-essential cookies and any optional newsletter or notification service. You can withdraw consent at any time.

5. Third-Party Processors

We share the minimum data necessary with the following processors. These companies act as independent or joint controllers under their own privacy policies, which we link below.

  • PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg) — processes donations made by PayPal balance, card, or local methods. We receive the payer e-mail and a transaction ID. PayPal Privacy Statement.
  • NowPayments (NOWPayments OU, Estonia) — processes cryptocurrency donations and card-to-crypto conversion. We receive the transaction ID, status, and amount. NowPayments Privacy Policy.
  • Tebex (Overwolf Ltd / Tebex Limited, UK) — when enabled, processes card donations. We receive the package ID, transaction ID, and the in-game username submitted at checkout. Tebex Privacy Policy.
  • Cloudflare, Inc. (USA) — provides CDN, DDoS protection, and IP filtering for our website. Processes IP addresses and HTTP request metadata. Cloudflare Privacy Policy.
  • Discord (Discord Inc., USA) — our official community server. If you join, your Discord username, ID, and message content are processed by Discord under their policy. Discord Privacy Policy.
  • Hosting provider — the physical/virtual machine running our server stores log data on disk; the provider has access only as a data processor on our instructions.

We do not sell, rent, or trade your personal data with advertisers, data brokers, or any other third party.

6. International Transfers

Some of the processors listed in section 5 are based outside the EU/EEA (notably the United States). Where data is transferred internationally, the processors rely on the European Commission’s Standard Contractual Clauses or equivalent safeguards under GDPR Chapter V. By creating an account or making a donation, you acknowledge that this transfer is necessary for the service.

7. Data Retention

  • Account data: kept for as long as the account exists. Inactive accounts may be archived after extended inactivity per the Terms of Service.
  • Donation/transaction logs: kept for at least 5 years for accounting, anti-fraud, and chargeback-defense purposes.
  • Anti-cheat / security logs: kept for up to 24 months.
  • Chat logs: kept for up to 12 months unless flagged for moderation.
  • Backups: rolling encrypted backups are kept for up to 90 days.

8. Security

We use commercially reasonable technical and organisational measures to protect your data, including hashed passwords, restricted database access, TLS encryption for the website, DDoS protection through Cloudflare, and isolation of payment-provider credentials. No internet service can guarantee absolute security; you are responsible for keeping your account password and Discord credentials private.

9. Cookies

The website uses a small number of cookies, all strictly necessary for the service to function:

  • Session cookie (PHPSESSID) — keeps you logged in between pages.
  • CSRF token cookie — protects forms (donation, contact, account changes) against cross-site request forgery.
  • Cloudflare cookies (e.g. __cf_bm) — bot mitigation and DDoS protection.

We do not use advertising or analytics cookies. Strictly-necessary cookies do not require explicit consent under GDPR / ePrivacy.

10. Your Rights (GDPR)

If you are in the EU/EEA, UK, or another jurisdiction with comparable data-protection law, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) — request deletion of your account and associated personal data, subject to our retention obligations (section 7) and legitimate interests (e.g. fraud / chargeback evidence).
  • Restriction — ask us to limit processing while a dispute is investigated.
  • Portability — receive your account and donation data in a machine-readable format.
  • Object — object to processing based on our legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
  • Lodge a complaint — with your national data-protection authority. A list of EU authorities is available at edpb.europa.eu.

To exercise any of these rights, contact us using section 14. We respond within 30 days. We may need to verify your identity (e.g. by asking you to confirm details from your account) before acting on a request.

11. Automated Decision-Making

We do not use your personal data for automated decision-making that produces legal or similarly significant effects on you, beyond purely technical anti-cheat detection (which a human reviews before any account suspension that affects donations).

12. Children’s Privacy

The service is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, contact us and we will delete the account and any associated personal data.

13. Account Deletion

You can request deletion of your account and personal data at any time through the contact channels in section 14. We will:

  • Delete or anonymise your account, characters, items, and chat logs.
  • Retain donation/transaction records for the period stated in section 7 (legal/accounting obligation).
  • Retain anti-cheat evidence where required to protect other players.

Deletion is permanent and irreversible.

14. Contact

For privacy questions, GDPR rights requests, or to report a data-protection concern:

15. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective Date” at the top of the page reflects the latest version. Material changes will be announced on the website and/or our Discord server.

📅 Event Calendar
EVENT & INVASION CALENDAR
Daily Schedule  ·  Server Time  · 
Events Invasions Active Now
⏰ Hover a block for details  ·  Times shown in server time