Privacy Policy - [PRODUCT_NAME]

Last updated: August 9, 2025

This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your information when you use the [PRODUCT_NAME] service operated by Noah from Sofia, Bulgaria, and tells you about your privacy rights and how the law protects you.

We use your personal data to provide and improve the service. By using the service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Introduction

[PRODUCT_NAME] is a service that uses Discord OAuth to authenticate users who are members of the Lion Madness (LM) Discord server and provides them with a unique ID for voting in events. This policy outlines how we collect, use, store, and protect your information.

2. Information We Collect

Discord Authentication Data

When you authenticate with Discord, we collect:

  • Your Discord User ID
  • Your Discord username and display name
  • Your Discord avatar image
  • Your Discord server memberships (specifically to verify Lion Madness server membership)
  • Your Discord server join date (when you joined the Lion Madness server)
  • Your Discord roles within the Lion Madness server (for badge assignment and voting permissions)

Note: We do NOT collect or store email addresses from Discord.

User Profile Data

We store the following information in our Firebase Realtime Database:

  • Discord User ID (as your unique identifier)
  • Discord username, display name, and avatar
  • Account creation timestamp
  • Last login timestamp
  • Admin status (boolean flag)
  • Badge assignments (CDU, FF, LNP, MP, SDA badges)
  • Generated unique ID when created
  • Voting history and timestamps
  • Discord server join date (for voting eligibility in certain events)
  • Server membership status (whether you're currently in the Lion Madness server)

Usage Data

We automatically collect certain information when you use our service, including browser type, IP address, and pages visited. This data helps us improve the service and ensure security.

3. Legal Basis for Processing (GDPR)

We rely on the following lawful bases under Article 6 GDPR:

  • Article 6(1)(b) Contract: Provision of the service (ID generation, access control, event participation).
  • Article 6(1)(f) Legitimate Interests: Fraud prevention, service integrity, security monitoring, vote integrity.
  • Article 6(1)(c) Legal Obligation: Responding to lawful requests from authorities.
  • Article 6(1)(a) Consent (if ever requested): Only for optional features announced explicitly (none presently require additional consent).

4. How We Use Your Information

We use your information for:

  • Authentication: Verifying your identity through Discord OAuth2
  • Access Control: Confirming Lion Madness Discord server membership
  • Service Delivery: Generating and managing your unique IDs
  • Voting System: Enabling participation in events and tracking votes
  • Voting Eligibility: Determining voting eligibility based on server join date for certain events
  • Badge Assignment: Automatically assigning badges based on your Discord roles
  • Administration: Managing user accounts, events, and badge assignments
  • Security: Preventing unauthorized access and duplicate accounts

5. Admin Functions

Our admin panel includes four main sections:

  • Users Tab: View user information (ID, creation date, last visit, voting history, Discord ID, server join date), delete accounts, or remove user IDs
  • Events Tab: Create and edit voting events (including server join cutoff dates for voting eligibility)
  • Vote Logs Tab: View timestamps and complete voting records for all events
  • Badges Tab: Assign badges (CDU, FF, LNP, MP, SDA) to users

Only authorized administrators (currently Noah) have access to these functions.

6. Data Storage and Security

Firebase Realtime Database

Your data is stored securely in Google Firebase Realtime Database with strict security rules and access controls.

Local Storage

We temporarily store your Discord authentication data in your browser's local storage for session management.

Security Measures

  • HTTPS encryption for all data transmission
  • OAuth scope minimization (only essential Discord permissions: identify, guilds, guilds.members.read)
  • Secure hosting on Vercel platform
  • Regular security reviews and updates
  • Access limited to authorized personnel only

7. Data Sharing

We do not sell, trade, or rent your personal information to third parties. Data may only be shared with:

  • Service Providers: Firebase (database) and Vercel (hosting) as required to provide the service
  • Legal Authorities: Only if required by Bulgarian law or necessary to protect against abuse
  • Discord Integration: We use Discord's OAuth2 API for authentication only

8. Your Rights (GDPR Compliance)

In addition to the rights listed below, you may also:

  • Withdraw Consent: Where processing relies on consent, you may withdraw it at any time (currently no optional consent processing is active).
  • Lodge a Complaint: With your local supervisory authority. In Bulgaria this is the Commission for Personal Data Protection (CPDP) – cpdp.bg.

As a Bulgaria-based service subject to GDPR, you have the right to:

  • Access: Request information about what data we have about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your account and associated data
  • Data Portability: Request a copy of your data in a structured format
  • Object: Object to certain types of data processing
  • Restrict Processing: Request limitation of how we process your data

9. Data Retention

Local/session storage items (auth/session tokens) are cleared when you log out or clear browser data. Security audit logs (if generated) may persist up to 180 days.

We retain your information as follows:

  • Account data: As long as your account is active
  • Voting records: Retained indefinitely for service continuity and historical records
  • Server logs: Up to 90 days unless required longer by law
  • Deleted accounts: Personal data removed within 30 days of deletion request

10. Cookies and Tracking

We do not deploy analytics, advertising pixels, or cross‑site tracking technologies. Only strictly necessary runtime storage (local storage) is used for session continuity.

[PRODUCT_NAME] uses only essential session storage. No tracking cookies, advertisements, or third-party analytics are included.

11. Children's Privacy

Where applicable national laws impose higher age thresholds (e.g. 14–16), users below the required age should not use the service.

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

12. International Data Transfers

For transfers to the United States (Firebase / Vercel), we rely on Google's and Vercel's published GDPR compliance frameworks and Standard Contractual Clauses (SCCs) where applicable.

Your data may be processed and stored on servers located outside Bulgaria, including in the United States where Firebase and Vercel services are hosted. We ensure appropriate GDPR-compliant safeguards are in place for such transfers.

13. Automated Decision-Making

We do not perform automated decision-making or profiling producing legal or similarly significant effects.

14. Data Controller

Data Controller: Noah (Sofia, Bulgaria). Contact: contact@noahwaseaten.com / Discord: @noahwaseaten.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Major changes will be announced via the Lion Madness Discord server or the [PRODUCT_NAME] website. We will update the "Last updated" date at the top of this policy.

16. Contact Us

For questions, data requests, or privacy concerns, contact us at:

  • Email: contact@noahwaseaten.com
  • Discord: @noahwaseaten
  • Location: Sofia, Bulgaria
← Back to Home