Privacy Policy

1. Introduction

Rosa Wildlife Reserve ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Services.

This policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Children's Online Privacy Protection Act (COPPA).

2. Data We Collect

We collect the following types of information:

2.1 Discord Data

• Discord User ID (unique identifier)
• Discord Username and Display Name
• Discord Avatar URL
• Server membership status

2.2 Game Data

• Path of Titans character data (species, genetics, growth)
• In-game actions and interactions tracked by Rosa Bot
• Mutation rolls and breeding history
• Lineage and genealogy data

2.3 Technical Data

• IP addresses (for security and abuse prevention)
• Browser type and version (when using the web dashboard)
• Access timestamps

3. How We Use Your Data

We use your data to:

• Provide and maintain our Services
• Track dinosaur genetics and mutations
• Display your characters on the web dashboard
• Enforce server rules and detect abuse
• Improve our Services and user experience
• Communicate important updates about our Services

4. Data Storage and Security

Your data is stored securely using Supabase, a trusted database provider with industry-standard security measures including:

• Encryption in transit (TLS/SSL)
• Encryption at rest
• Regular security audits
• Access controls and authentication

Data may be stored in data centers located in the European Union and/or the United States, depending on Supabase's infrastructure.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide Services. If you request deletion of your data, we will remove it within 30 days, except where retention is required for legal or security purposes.

6. Your Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following rights under GDPR:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Request correction of inaccurate data
• Right to Erasure (Article 17): Request deletion of your personal data
• Right to Restriction (Article 18): Request limitation of data processing
• Right to Data Portability (Article 20): Receive your data in a structured format
• Right to Object (Article 21): Object to processing of your data
• Right to Withdraw Consent (Article 7): Withdraw consent at any time

To exercise these rights, contact us through our Discord server.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: Request disclosure of personal information collected about you
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

8. Children's Privacy (COPPA)

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected personal information from a child under 13, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. Third-Party Services

We use the following third-party services:

• Discord: For authentication and community communication. See Discord's Privacy Policy
• Supabase: For data storage and authentication. See Supabase's Privacy Policy
• Vercel: For web hosting. See Vercel's Privacy Policy

10. Cookies

Our web dashboard uses essential cookies for:

• Authentication session management
• Security tokens (CSRF protection)
• User preferences

We do not use advertising or tracking cookies. You can disable cookies in your browser, but this may affect functionality.

11. Data Sharing

We do not sell your personal data. We may share data only in the following circumstances:

• With service providers who help us operate our Services
• When required by law or legal process
• To protect our rights, privacy, safety, or property
• With your explicit consent

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be announced in our Discord server. Continued use of our Services after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, data requests, or concerns, please contact us through:

• Our Discord server (preferred method)
• Direct message to server administrators

We will respond to requests within 30 days as required by GDPR.