Privacy Policy

FiveManage is a hosted FiveM server management panel operated by FiveHost. For the purposes of UK GDPR, FiveHost is the data controller for personal information collected through the marketing site and the panel.

You can contact us at privacy@fivemanage.co.uk.

We collect the following categories of personal data:

Account data (from Discord OAuth). When you sign in, Discord shares your Discord user ID, username, avatar, email address, and the IDs of the Discord guilds and roles relevant to verifying your access. We do not receive your Discord password.

Subscription and billing data. If you subscribe, we store your plan, add-ons, billing cycle, currency, billing country, and a Stripe customer ID. Full payment card details are handled by Stripe and never touch our systems.

Panel usage data. Every staff action you take through the panel (bans, edits, role changes, configuration changes, and so on) is recorded in an audit log, along with your account ID, your IP address at the time of the action, and a timestamp.

Server configuration. The connection details you enter for your FiveM server (IP, port, database connection string, VPN configuration, API tokens) are stored in our managed Postgres database so that the panel can function. Database credentials are encrypted at rest.

Diagnostic and security logs. We log requests made to our API, authentication events, errors, and abuse-detection signals. These logs may contain IP addresses and user agents.

Game database content. FiveManage reads from and writes to your FiveM game database (typically MySQL) over a private VPN tunnel. We do not mirror, copy, or retain your game database content on our systems beyond what is necessary to display it to you in the panel during a session. Specific exceptions: short-lived caches and the audit log described above.

We use your personal data to:

• Authenticate you and grant access to features your subscription includes;
• Provide and operate the Service, including syncing roles between Discord and the panel;
• Bill you for your subscription and add-ons via Stripe;
• Maintain audit logs that you, as the account holder, can review for accountability and security;
• Detect, investigate, and prevent abuse, fraud, and security incidents;
• Communicate with you about your account, billing, security issues, and material changes to the Service;
• Comply with legal obligations.

The legal bases under UK GDPR are: contractual necessity (to provide the Service you have subscribed to), legitimate interests (to keep the Service secure and reliable), and legal obligation (where applicable).

We do not sell your personal data. We share data with the following categories of third party, only to the extent necessary for them to provide a service to us:

• Discord — for authentication and role syncing.
• Stripe — for processing payments and subscriptions.
• Our hosting and infrastructure providers — to run the servers, databases, and networks that power the Service.
• Email and communications providers — to send you account, billing, and security messages.
• Analytics tooling (limited and aggregated) — to understand how the marketing site and panel are used in aggregate. We do not sell or share this data with advertisers.

We may also disclose personal data if required by law, court order, or to protect the rights, property, or safety of FiveHost, our users, or others.

Some of our service providers (including Discord and Stripe) operate internationally and may process your personal data outside the UK and the European Economic Area. Where this happens, appropriate safeguards are in place — typically the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or equivalent legal mechanisms.

We retain personal data for as long as necessary to provide the Service and meet legal obligations:

• Account data: while your account is active, plus 30 days after cancellation, after which it is deleted.
• Audit logs: for the retention period included in your plan (30 days by default; 1 year with the Extended Log Retention add-on or Founding Lifetime).
• Billing records: 7 years, as required by UK accounting and tax law.
• Diagnostic and security logs: up to 90 days unless retained longer for investigation of a specific incident.

Under UK GDPR you have the right to:

• Access the personal data we hold about you;
• Request correction of inaccurate data;
• Request deletion of your data, subject to lawful exceptions;
• Object to processing or request restriction in certain circumstances;
• Request a copy of your data in a portable format;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email privacy@fivemanage.co.uk. We will respond within one calendar month.

The marketing site uses essential cookies to remember your currency and billing preferences and to keep you signed in. The panel uses session cookies for authentication. We do not currently use third-party tracking, marketing, or advertising cookies. If that changes, this policy will be updated and consent will be requested where required.

We take the security of your data seriously. Measures we use include encryption in transit (TLS), encryption of credentials at rest, role-based access control, audit logging, regular dependency updates, and access restrictions on production systems. No system is perfectly secure, however — if you become aware of a vulnerability, please email us at security@fivemanage.co.uk.

FiveManage is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be communicated through the panel or your account email. The "Last updated" date at the top of this page tells you when the latest version was published.