NebulaClient Privacy Policy
Last Updated: 24/04/2025
Summary
NebulaClient collects only the personal data necessary to operate and secure the Service—including Discord OAuth data, Cloudflare security logs, a hashed hardware ID, IP addresses, login metadata, two strictly-necessary cookies (authentication and cart), and your email address. We do not deploy any analytics or tracking cookies. This Policy explains what we collect, why, on what legal basis under GDPR, how long we retain it, and your rights.
1. Data We Collect
1.1 Discord OAuth Data
- Profile Information: We receive your Discord user ID, username, and avatar URL solely to display your profile picture in the client and assign roles on our Discord server.
1.2 Cloudflare Security Data
- Access Logs & Threat Intelligence: Cloudflare processes your IP address and request metadata to mitigate DDoS attacks, block malicious traffic, and ensure uptime.
1.3 Device Identifier
- MD5-Hashed Hardware ID: We hash your device’s hardware identifier with MD5 to detect multiple accounts and prevent abuse. No unhashed identifier is retained.
1.4 IP Address
- Account Protection: We log your IP address to identify unusual login patterns and guard against unauthorized access, based on our legitimate interests under GDPR.
1.5 Login & Usage Metadata
- Timestamps: We record dates and times of each login to troubleshoot issues and analyze performance.
1.6 Cookies
We only set two strictly necessary cookies; no analytics or tracking cookies are used:
-
Authentication Cookie (session-based):
- Facilitates secure login and session management.
- Exempt from consent as “strictly necessary” under the ePrivacy Directive.
-
Cart Cookie (persistent):
- Remembers in-game cart or purchase items between sessions.
- Considered strictly necessary for providing the Service and falls under legitimate interests.
No Analytics Cookies: We do not deploy Google Analytics or any other analytics cookies; all usage monitoring is done via server-side logs only.
1.7 Email Address
- Communications & Accounts: While we do not operate a formal support-ticket system, we store your email address when you contact us or register, solely to authenticate premium purchases, send transactional messages, or respond to inquiries.
2. How We Use Your Data
- Service Delivery: Authenticate users, display Discord avatars, and assign roles.
- Security: Monitor and block malicious activity.
- Account Management: Enable persistent carts and login history.
- Communications: Send purchase confirmations and important updates.
- Legal Compliance: Fulfill GDPR requirements and respond to lawful requests.
3. Legal Basis for Processing
- Contractual Necessity: To provide the Service and premium features.
- Legitimate Interests: For security, abuse prevention, and Service improvements, balanced against your rights.
- Consent: Only if you explicitly opt into optional features (none currently require consent).
4. Data Sharing
- Cloudflare & Discord: Only the minimal data needed to operate these services.
- Legal Requests: Disclosure to comply with courts or authorities.
5. Retention
We retain your data only as long as necessary for operation or to satisfy legal obligations. Inactive accounts (no login for 24+ months) may have logs anonymized.
6. Security
We employ encryption, access controls, and regular audits to protect data in transit and at rest.
7. Your Rights
Under GDPR you may: access, rectify, erase, restrict processing, object, or port your data. To exercise these rights, email [email protected].
8. International Transfers
Your data may be processed outside the EU/EEA with Standard Contractual Clauses in place.
9. Updates
We’ll post any material changes here with a new “Last Updated” date and notify you via email if required.
If you have questions or wish to exercise your rights, please contact us at [email protected] or via our official Discord.