PRIVACY POLICY

Last updated: February 19, 2026

1. Controller Information

The data controller responsible for the processing of your personal data is:

Rushed Bytes LLC

5830 E 2nd St, Ste 7000 #30092
Casper, Wyoming 82609, United States

Phone: +1 (307) 555-0142
Email: [email protected]
Website: https://diamondfinder.io

Given the nature and scale of our data processing activities, we are not required to appoint a Data Protection Officer pursuant to Article 37 GDPR. For all data protection inquiries, please contact us at the address above or via our Contact Us page.

2. Overview

This Privacy Policy describes how Rushed Bytes LLC ("we", "us", or "our") collects, uses, stores, and protects personal data when you access or use Diamond Finder, available at diamondfinder.io and through our web application (collectively, the "Service").

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), and with applicable U.S. and other data protection laws where relevant.

3. Legal Bases for Processing

We process personal data based on the following legal grounds under Article 6(1) GDPR:

  • Consent (Art. 6(1)(a) GDPR): For analytics cookies, advertising cookies, and optional sign-in with Google. You may withdraw your consent at any time.
  • Contract Performance (Art. 6(1)(b) GDPR): For processing necessary to provide the Service, including search queries, user account management, and premium purchase fulfillment.
  • Legitimate Interest (Art. 6(1)(f) GDPR): For service security, fraud prevention, basic analytics for service improvement, and technical logging. Our legitimate interest is to ensure the secure and efficient operation of our Service.

4. Types of Data Collected

4.1 Account Data (Firebase Authentication)

We use Firebase Authentication provided by Google LLC to manage user accounts. Depending on how you use the Service, the following data may be collected:

  • Google sign-in: Name, email address, and Google UID.
  • Authentication tokens and session data.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest).

4.2 Usage Data

  • World seeds submitted for searches (processed temporarily and not permanently stored).
  • Search parameters such as item type, Minecraft version, and coordinates.
  • Search results viewed and features used.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

4.3 Technical Data

  • IP address (anonymized for analytics purposes).
  • Browser type and version.
  • Operating system and device type.
  • Screen resolution and referral URL.
  • Date and time of access.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security and service optimization).

4.4 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. We receive from Stripe only the transaction ID, payment status, currency, and amount paid. Your Firebase UID is associated with your premium status.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

4.5 Advertising Data

For free-tier users, we display advertisements through Google AdSense and other advertising partners. These services may collect data such as cookies, device identifiers, and browsing behavior for the purpose of personalized advertising. This data is only collected with your consent. Legal basis: Art. 6(1)(a) GDPR (consent).

5. Third-Party Services and Data Processors

5.1 Firebase Authentication (Google LLC) — Purpose: User authentication and account management. Data processed: UID, email, name, authentication tokens. Privacy policy: firebase.google.com/support/privacy. Data location: USA (see Section 8).

5.2 Google Analytics (Google LLC) — Purpose: Understanding user behavior and improving the Service. Data processed: Page views, session duration, device info, anonymized IP address. IP anonymization: Enabled. Privacy policy: policies.google.com/privacy. Opt-out: Google Analytics Opt-out Browser Add-on. Data location: USA (see Section 8).

5.3 Google AdSense (Google LLC) — Purpose: Displaying advertisements to free-tier users. Data processed: Cookies, device identifiers, browsing behavior for ad personalization. Privacy policy: policies.google.com/technologies/ads. Ad preferences: adssettings.google.com. Data location: USA (see Section 8).

5.4 Stripe, Inc. — Purpose: Payment processing for premium purchases. Data processed: Payment method details, billing address, transaction data. We never receive or store full payment card details. Privacy policy: stripe.com/privacy. Data location: USA (see Section 8).

6. Cookies and Local Storage

6.1 Essential Cookies and Storage

Firebase authentication session data is stored in your browser's local storage. This is required for the Service to function and cannot be disabled without breaking core functionality. Premium status is also cached locally.

6.2 Analytics Cookies

Google Analytics may set cookies such as _ga (distinguish users), _gid, _gat. These cookies require your consent.

6.3 Advertising Cookies

Google AdSense and other ad partners set cookies for ad personalization. These cookies require your consent.

You can manage or delete cookies through your browser settings. Disabling essential cookies may impair the Service. You can withdraw consent for analytics and advertising cookies at any time.

7. Data Retention

  • Firebase authenticated accounts: Retained until you request deletion.
  • Search data (world seeds): Processed in real-time and not permanently stored on our servers.
  • Google Analytics data: Retained per Google's retention settings (e.g. 26 months).
  • Payment records: Retained as required by applicable tax and legal requirements.
  • Server logs: Retained for a limited period (e.g. 30 days).

8. International Data Transfers

Several of our third-party service providers — including Firebase, Google Analytics, Google AdSense, Stripe, and our hosting provider — are based in the United States. Personal data may therefore be transferred to and processed in the United States.

These transfers are safeguarded by mechanisms such as the EU-US Data Privacy Framework (where applicable) and Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR where required.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

9.1 Right of Access (Art. 15 GDPR) — You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data along with supplementary information.

9.2 Right to Rectification (Art. 16 GDPR) — You have the right to have inaccurate personal data corrected without undue delay.

9.3 Right to Erasure (Art. 17 GDPR) — You have the right to request the deletion of your personal data. Certain data may need to be retained to comply with legal obligations.

9.4 Right to Restriction of Processing (Art. 18 GDPR) — You have the right to request the restriction of processing under certain conditions.

9.5 Right to Data Portability (Art. 20 GDPR) — You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

9.6 Right to Object (Art. 21 GDPR) — You have the right to object to processing based on legitimate interest and to processing for direct marketing purposes.

9.7 Right to Withdraw Consent (Art. 7(3) GDPR) — Where processing is based on consent, you may withdraw it at any time.

9.8 How to Exercise Your Rights — To exercise any of these rights, contact us at [email protected] or at our postal address in Section 1. We may need to verify your identity. We will respond within one month as required by the GDPR.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. If you are in the European Economic Area, you may lodge a complaint with the supervisory authority in your country of residence or place of work. A list of EU data protection authorities is available at the European Data Protection Board website.

11. Children's Privacy

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. In certain jurisdictions, the age of digital consent may be 16 pursuant to Article 8 GDPR and national law.

If we become aware that we have inadvertently collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data as soon as possible. Parents or guardians who believe their child has provided personal data to us should contact us immediately.

12. Data Security

We implement appropriate technical and organizational measures pursuant to Article 32 GDPR to ensure a level of security appropriate to the risk, including:

  • HTTPS/TLS encryption for data transmitted between your browser and our servers.
  • Firebase Authentication with secure token management.
  • Stripe PCI-DSS compliant payment processing (we never handle raw payment card data).
  • Access controls and authentication for backend systems.

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

13. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR. Google AdSense and other ad partners may use automated profiling for ad targeting based on your consent.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Material changes will be indicated by updating the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

15. Contact Information

For privacy-related questions or to exercise your data protection rights, please contact:

Rushed Bytes LLC

5830 E 2nd St, Ste 7000 #30092
Casper, Wyoming 82609, United States

Phone: +1 (307) 555-0142
Email: [email protected]

Back to App