Privacy Policy

1. Introduction

Welcome to dc.gg, a platform owned and operated by Cilooth, based in Geneva, Switzerland. This privacy policy explains what personal data we collect, why we collect it, how we store and protect it, and what rights you have. By using dc.gg, you acknowledge that you have read and understood this policy. This policy forms part of our Terms of Service.

2. Data We Collect

When you log in via Discord or use dc.gg, we collect the following categories of data:

• Discord Account Data: Your Discord user ID, username, avatar, and email address, as provided through Discord's OAuth2 flow.
• Server Data: Information about the Discord servers you manage through dc.gg, including server name, icon, member count, and any vanity URL configurations you create.
• Analytics & Click Data: Aggregated and per-link click statistics, including referrer URLs, browser type, country (derived from IP), and timestamps.
• IP Addresses (hashed): Your IP address is irreversibly hashed on arrival and cannot be recovered. The hash is used for security, rate limiting, and abuse prevention. Approximate geographic location (country) is derived at the time of the request for anonymous analytics and is not linked to your account.
• Technical Data: Browser user agent, device type, and session identifiers necessary for the service to function.

dc.gg is not directed at individuals under the age of 16. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected data from a minor, we will delete it promptly.

3. Legal Basis for Processing

We process your personal data under the Swiss Federal Act on Data Protection (FADP) and, where applicable to users in the European Economic Area, the EU General Data Protection Regulation (GDPR). The legal bases for processing are:

• Contract Performance: Processing necessary to provide you with the dc.gg service (e.g., account creation, vanity URL management, analytics).
• Legitimate Interest: Security monitoring, fraud prevention, abuse detection, and service improvement, where our interests do not override your fundamental rights.
• Legal Obligation: Where we are required to retain data to comply with applicable laws.

4. How We Use Your Data

Your data is used to:

• Authenticate your identity and manage your account.
• Provide vanity URL redirection, click tracking, and analytics dashboards.
• Detect and prevent abuse, fraud, and unauthorized access.
• Improve and maintain the reliability and performance of the service.
• Communicate with you about your account or service changes (e.g., policy updates).
• Process payments and manage subscriptions, if applicable.

We do not sell your personal data to any third party.

5. Third-Party Services & Data Sharing

We share data only to the extent necessary to operate the service. The following third-party processors are involved:

• Discord - Authentication (OAuth2) and full API integration. We use Discord to log you in and retrieve server data. Your use of Discord is subject to Discord's Privacy Policy.
• Hetzner Online GmbH - Hosting provider. All data is stored on Hetzner servers located in Nuremberg (Germany), Falkenstein (Germany), or Helsinki (Finland). Hetzner acts as a data processor under our instructions. See Hetzner's Privacy Policy.
• Cloudflare, Inc. - DNS and network security. Cloudflare routes traffic to our servers and provides DDoS protection. Some request metadata (e.g., IP addresses) may be transiently processed by Cloudflare. See Cloudflare's Privacy Policy.
• Stripe, Inc. - Payment processing. If you subscribe to a paid plan, billing information is handled directly by Stripe. We do not store your full credit card number or banking details. Stripe's handling of your data is subject to Stripe's Privacy Policy.

We may also disclose data if required by law, court order, or to protect our rights, safety, or property.

6. Data Storage & Security

Your data is stored on private servers located in Europe. We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of sensitive data at rest and in transit (TLS).
• IP addresses are irreversibly hashed on arrival - we never store raw IPs.
• Access to production systems is restricted and monitored.

While we take reasonable precautions, no system is completely secure. We cannot guarantee the absolute security of your data.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:

• Account data: Retained until you request deletion or your account is terminated.
• Click analytics: Fully anonymous and not linked to any individual user. Because this data cannot identify you, it is retained indefinitely.
• IP addresses: Hashed irreversibly on arrival. We do not store raw IP addresses; only the non-reversible hash is retained for security and abuse prevention purposes.
• Payment records: Retained as required by applicable tax and accounting laws.

8. Cookies & Tracking

dc.gg uses cookies strictly for essential functionality:

• Session Cookies: Used to maintain your login state. These are first-party, strictly necessary cookies that expire when your session ends or after a set period.

We do not use third-party tracking cookies, advertising cookies, or any non-essential cookies. Because our cookies are strictly necessary for the service to function, they do not require separate consent under applicable EU regulations.

9. Your Rights

Under the Swiss FADP, the GDPR, and applicable data protection laws, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request that we limit the processing of your data in certain circumstances.
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Complaint: Lodge a complaint with a supervisory authority. Our primary authority is the Swiss Federal Data Protection and Information Commissioner (FDPIC: www.edoeb.admin.ch). If you are located in the EU/EEA, you may also contact your local data protection authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. International Data Transfers

Your data is stored and processed on servers located in Germany and Finland (within the EEA). The data controller (Cilooth) is based in Switzerland, which benefits from an EU adequacy decision, meaning data flows freely between the EEA and Switzerland without additional safeguards. If any data is transferred to other countries outside the EEA or Switzerland, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision.

11. Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay and inform the relevant supervisory authority (the FDPIC and, where applicable, the relevant EU/EEA authority) as soon as possible, in accordance with the FADP and GDPR.

12. Changes to This Policy

We may update this privacy policy from time to time. For material changes, we will notify users via email or in-app notification at least 30 days before the changes take effect. All updates will be posted on this page with a revised date. Continued use of dc.gg after the effective date constitutes acceptance of the updated policy.

13. Governing Law

This privacy policy is governed by the laws of Switzerland, including the Swiss Federal Act on Data Protection (FADP). Where applicable, the EU General Data Protection Regulation (GDPR) also applies. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of Geneva, Switzerland.