Privacy Policy

1. Introduction

This Privacy Policy explains how Oblivery.com ("we", "us", "our") collects, uses, and protects your personal information when you use our website and Discord bot (collectively, "the Service").

We are committed to protecting your privacy and being transparent about our data practices. This is a free community project with no commercial intent.

1.1 Data Controller

Oblivery.com is operated by Rawodo, based in the Netherlands. Rawodo is the Data Controller responsible for your personal information. For privacy inquiries, contact us at privacy@oblivery.com.

2. Information We Collect

2.1 Account Information

Accounts are created by administrators for authorized community members. When an account is created for you, we collect:

• Email address: Used for account authentication and recovery
• Password: Stored as a secure hash (never in plain text)
• Trading Paints User ID: Links your account to your Trading Paints profile
• Profile name: Your display name from Trading Paints
• Discord ID: If you choose to link your Discord account

2.2 Automatically Collected Information

When you use the Service, we automatically collect:

• IP address: Collected when downloading files for security and analytics
• User agent: Browser and device information for compatibility and analytics
• Session data: Temporary data to keep you logged in

2.3 Paint and Content Data

We fetch and display publicly available data from Trading Paints, including:

• Paint liveries, helmets, and suits
• Paint metadata (car make, upload date, favorites count)
• Public profile information

2.4 Uploaded Content

If you upload content (logos, decals), we store:

• The uploaded files
• File metadata (size, dimensions, format)
• Upload timestamps and user attribution

2.5 Discord Bot Data

Our Discord bot collects:

• Discord User IDs: To link Discord accounts with website accounts
• Server (Guild) IDs: To deliver notifications to configured channels
• Channel IDs: To send notifications to specific channels

We do not read or store the content of Discord messages. The bot only sends notifications about community activities.

3. How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Authenticate users and manage accounts
• Display paint galleries and statistics
• Send Discord notifications about new paints and community activities
• Analyze usage patterns to improve the Service
• Detect and prevent abuse or unauthorized access

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Performance of a Contract: To provide the core services, such as managing your account, displaying your profile, and linking your Trading Paints or Discord accounts.
• Legitimate Interest: For purposes like analyzing website usage to improve the Service, preventing abuse (e.g., logging IP addresses on downloads), and displaying publicly available information from Trading Paints. We balance these interests against your rights and freedoms.
• Consent: Where you have given explicit consent, for example, to link your Discord account or receive certain notifications. You can withdraw consent at any time.
• Legal Obligation: If we are required to process your data to comply with legal or regulatory obligations.

5. Data Sharing and Third Parties

5.1 Third-Party Services

We use the following third-party services:

• Google Analytics: We use Google Analytics 4 (GA4) to understand how visitors use our website. This service collects anonymous usage data including pages visited, time spent on site, and general interaction patterns. Google Analytics uses cookies to collect this information. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. For more information, see Google's Privacy Policy.
• Trading Paints: We fetch publicly available paint data from their API
• Amazon Web Services (AWS): File storage for uploaded logos and decals (EU region)
• Discord: Our bot operates on Discord's platform to send notifications

5.2 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties. This is a non-commercial community project.

5.3 Legal Requirements

We may disclose information if required by law or to protect our rights, safety, or the safety of others.

6. Data Storage and Security

We implement appropriate security measures to protect your data:

• Passwords are hashed using SHA-256 with unique salts
• Sessions use secure, HTTP-only cookies
• Database access is restricted and encrypted
• Files are stored securely on AWS S3

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

• Account data: Retained until you request deletion
• Session data: Expires after 30 days of inactivity
• Download logs (IP addresses): Retained for a maximum of 12 months for security and statistical analysis, then anonymized or deleted
• Uploaded content: Retained until you delete it or request removal

8. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA), including by our third-party service providers (such as AWS and Discord). We ensure such transfers are lawful by relying on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions where applicable.

9. Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and data ("right to be forgotten")
• Portability: Request your data in a portable, machine-readable format
• Objection: Object to certain data processing based on legitimate interest
• Restriction: Request restriction of processing in certain circumstances
• Withdraw Consent: Where processing is based on consent, withdraw it at any time
• Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The Dutch Data Protection Authority is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl)

To exercise these rights, contact us at privacy@oblivery.com.

10. Cookies

We use the following cookies:

• Session management: Essential cookies to keep you logged in
• Theme preference: Essential cookies to remember your light/dark mode choice
• Google Analytics: Analytics cookies to understand website usage (see Section 5.1 for opt-out options)

We do not use third-party advertising cookies.

11. Children's Privacy

The Service is not intended for children under 13 years of age (or 16 in some EU countries). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately at privacy@oblivery.com.

12. Discord Bot Privacy

Specific to our Discord bot:

• The bot only accesses data necessary for its notification functions
• Server administrators control bot permissions and configuration
• We do not store message history or monitor conversations
• Discord User IDs are only used to link accounts and mention users in notifications (if configured)
• You can unlink your Discord account at any time through your account settings

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or to exercise your data rights, please contact us:

• Email: privacy@oblivery.com
• Community Discord: Available through the website