Legacy.mp Privacy Policy

Effective: 2025-10-19
Who we are: Legacy.mp is a volunteer-run online community (not a business) based in the EU.

1. What we collect

• Account & identity: Discord ID, username, avatar, and (if you allow) email.
  We use Discord login only and do not store Legacy.mp passwords.

• Usage & technical: IP address, device/browser info, timestamps, pages visited, error/crash/anti-cheat logs.

• Community content: Forum posts/PMs, tickets/reports/appeals and evidence, faction/marketplace posts.

• Payments (if enabled): Handled by processors (e.g., Stripe/PayPal). We don’t store full card numbers.

• Cookies: Essential (login, security), preferences (theme), and—if you consent—analytics/media.

2. Why we use it (legal bases)

• Run the service & login (Discord OAuth): Contract.

• Keep the community safe (moderation/anti-abuse/security): Legitimate interests; sometimes legal obligation.

• Communicate (transactional updates, policy changes): Contract/legal obligation.

• Improve features/measure traffic: Legitimate interests; analytics only with consent where required.

• Payments/accounting: Contract/legal obligation.

3. Sharing

We share data only as needed with service providers (hosting, DDoS, email, analytics, payments, error reporting, anti-cheat), moderation helpers under confidentiality, or when law requires. We do not sell your data.

4. International transfers

If data leaves the EEA/UK, we use safeguards like Standard Contractual Clauses (SCCs).

5. Retention

• We keep data only as long as needed for the purposes above.

• If a user is suspected of or found breaking rules, we may archive relevant data longer for moderation/safety, fraud prevention, or to establish/exercise/defend legal claims (GDPR-compliant storage limitation).

• Typical examples: logs 12–24 months; tickets/reports case lifetime + 24 months; payments 7–10 years (legal); aggregated analytics may be kept without identifying info.

6. Your rights (EU/EEA/UK)

Access, rectify, erase, restrict, object, portability, withdraw consent, and complain to your DPA.
Request: email *****@*****.tld from your account email; we may verify identity. We aim to respond within 30 days.

7. Cookies & controls

• Essential: required for login/security.

• Preferences: theme/language.

• Analytics/Media: only after consent (manage in Cookie Settings or your browser).
  We currently don’t respond to “Do Not Track”.

8. Security

TLS encryption, least-privilege access, audit logging, DDoS protection, rate limiting, anti-abuse, and backups. No system is perfectly secure; we continually improve.

9. Children

Community is for 18+. If under-18 data was submitted, contact *****@*****.tld to request deletion.

10. Third-party content

Embeds/links (e.g., YouTube, Discord) follow their own policies.

11. Changes

We’ll update this page as laws/services change and notify you of material changes. The effective date shows when updates apply.

12. Contact

All privacy/security/general inquiries: *****@*****.tld

Legal framework & jurisdiction

• EU/EEA: EU law applies (including GDPR and applicable intermediary protections).

• United States (where applicable): We follow DMCA §512 notice-and-takedown and rely on 47 U.S.C. §230 protections for user-generated content.

• This policy does not waive any non-waivable local rights.

This simplified policy summarizes our full Privacy Policy for quick reading.