-
Notifications
You must be signed in to change notification settings - Fork 0
Privacy
NeroLink is built to know as little about players as possible. This page summarises how
the bridge mod handles data; the repository's PRIVACY.md is the
authoritative document (written to satisfy POPIA in South Africa and the GDPR in the EU).
Per player, keyed to the Minecraft account UUID:
-
Device tokens — hashed only (SHA-256). The plaintext token is shown once at pairing
and never stored or logged; it lives on the player's own device. Tokens expire after
tokenExpiryDaysof inactivity. - Notification preferences — per-category booleans, opt-in (default off).
- Pending pairing codes — transient, in-memory, single-use, 5-minute expiry.
Per server (no player data): the relay registration from /nerolink setup — Server ID,
relay key, relay URL — in the world's saved data. The relay key is a secret and is never
logged or shown in chat.
That is the complete list. Game data shown in companion clients (energy, drones, quests, stock) is read live from the owning mods and is never copied into NeroLink's storage.
Every API response is scoped to the authenticated player: a paired device can see and act on its own player's data only. There is no surface for browsing other players, and actions are re-validated server-side against the same permission, progression and ownership rules as in-game play.
NeroLink registers with Neroland Core's shared data-erasure hook
(data.PlayerDataErasure): one erasure request purges a player's tokens, preferences and
pending codes together with every other Neroland mod's data, and sends a tombstone that
drops any relay-held push tokens. Players can trigger this — and a JSON export of their
bridge-held data — from a companion client via the privacy endpoints (see API):
POST /api/v1/privacy/eraseGET /api/v1/privacy/exportGET /api/v1/privacy/notice-
DELETE /api/v1/session(revoke this device's token)
If the server uses a relay, it forwards traffic between phones and the server; it stores only the server registration (display name + hashed key) and, when push ships, device push tokens. REST bodies, WebSocket frames and bearer tokens are forwarded verbatim, never persisted, never logged. See Relay.
Tokens, pairing codes, relay keys and player identifiers are never logged at INFO, so they never reach a log line — and therefore never reach crash reporting.
The bridge includes optional, anonymous crash reporting via Sentry (EU servers,
de.sentry.io), matching Neroland Core's convention:
-
Opt-out, on by default. Disable it any time with
telemetryEnabled = falseinconfig/nerolink.properties. The setting is client-local — never synced. -
NeroLink errors only. An event is sent only if its stack trace touches NeroLink code
(
za.co.neroland.nerolink); anything else is dropped before sending. - No personal data. No IP, hostname, username or UUID; OS-account names are scrubbed from file paths. The payload is the stack trace plus the mod, Minecraft, loader, OS and Java versions — never tokens, pairing codes, relay keys, notification preferences or world data.
- Bounded volume. Per-session de-duplication and a hard cap of 10 events per session.
Full detail and contact address are in the root PRIVACY.md.