Live
Sign In

Privacy Policy

Last updated: April 23, 2025

1. Data Controller

The data controller is the individual publisher identified on the Legal Notices page. Contact: teo.lemesle.pro@gmail.com

2. Data We Collect

We collect the following personal data:

  • Account data: email address, display name, avatar URL (via Discord OAuth or direct registration).
  • Authentication data: hashed passwords (argon2id), Discord OAuth tokens.
  • Session data: encrypted session identifiers stored in PostgreSQL.
  • Subscription data: Stripe customer ID, subscription status, tier.
  • Usage data: anonymous page views via Umami Analytics (no cookies, no cross-site tracking, IP anonymised).

3. Legal Basis (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): account creation, session management, billing.
  • Legitimate interests (Art. 6(1)(f)): anonymous analytics to improve the Service.
  • Consent (Art. 6(1)(a)): Discord OAuth (granted at login).

4. Retention Periods

  • Account data: retained while your account is active; deleted within 30 days of an account deletion request.
  • Sessions: expire after 14 days of inactivity.
  • Billing records: retained 10 years as required by French accounting law.
  • Analytics: aggregated only — no personal data retained.

5. Data Sharing

We do not sell your data. We share it only with:

  • Stripe, Inc. — payment processing (governed by Stripe’s Privacy Policy).
  • Discord, Inc. — OAuth authentication if you use Discord login (governed by Discord’s Privacy Policy).
  • Our hosting provider — server infrastructure (bound by data processing agreements).

6. Your Rights (GDPR)

You have the right to access, rectify, erase, restrict, object to, and port your personal data.

You may also lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés) at www.cnil.fr.

To exercise your rights, contact: teo.lemesle.pro@gmail.com. We will respond within 30 days.

7. Cookies

SkyblockTracker does not use advertising or tracking cookies. A single functional session cookie is set after login. Analytics use Umami, which sets no cookies and collects no personal data.

8. Security

Passwords are hashed with argon2id. All data is transmitted over HTTPS. Database access is restricted to the application server.

9. International Transfers

Stripe and Discord may process data outside the EEA under Standard Contractual Clauses. Our primary server infrastructure is located in the EU.

10. Changes

We may update this Privacy Policy. The “Last updated” date above reflects the most recent revision.

Not affiliated with Hypixel Inc.