Skip to main content

Privacy & Security

At DemonZ Development, we believe your server's data is exactly that—yours. This document outlines exactly what data CraftyAI collects, how it is used, and how it is secured.

Data Collection Overview

CraftyAI acts as a bridge between your Minecraft server and our AI engine. To function, it must send certain data to our servers.

What IS Collected

When a player triggers the AI in chat, the following data is sent to our Gateway:

  • The player's username (for contextual responses)
  • The chat message/prompt itself
  • In-game context required to answer the question (biome, health, coordinates, inventory snapshot)
  • A server Session ID (to track rate limits and tiers)

What is NOT Collected

  • Player IP addresses
  • World save data or terrain generation
  • Passwords or authentication tokens
  • Contents of chests or private server data not immediately related to the player asking the question

Data Retention

  1. Real-time Processing: Standard chat messages are processed in real-time by the AI engine and are not permanently stored after the response is generated.
  2. Memory System: Information explicitly taught to the AI via the /crafty learn command is stored permanently in our secure vector database, isolated by your Session ID. This data is only accessible to your server.

Telemetry

To provide statistics on the admin dashboard and Discord bot, the plugin/mod sends a lightweight "heartbeat" ping every 3 minutes. This ping contains:

  • Server version
  • Plugin/Mod version
  • Player count

How to disable: If you do not want to appear as "Online" in the Discord bot or dashboard, you can disable this telemetry in your config:

  • Plugin: enable_metrics: false
  • Mod: telemetry_enabled: false

Bring Your Own Key (BYOK)

If you use the BYOK feature, your privacy is entirely in your own hands. When BYOK is enabled, your chat prompts and game context are sent directly to Google's API endpoints. The data completely bypasses the CraftyAI central engine. You are subject to Google's API Privacy Policy.

Security Measures

  • Encryption: All communication between your server and the CraftyAI Gateway is encrypted via HTTPS/TLS.
  • Authentication: All requests require a valid Bearer Token (your API key).
  • Abuse Prevention: Our Gateway employs strict rate limiting and pattern matching to block abusive requests and spoofed clients before they ever reach the AI engine.

Contact & Data Deletion

If you wish to have all data associated with your Session ID (including learned memories and analytics) permanently deleted from our servers, please open a ticket in our Discord Server.