← Back to Home

Privacy Policy

Last updated: February 15, 2026

1. Introduction

Safe Gaming Cloud ("SGC", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website, scanner application, API, and related services (the "Service"), in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Safe Gaming Cloud is the data controller for the personal data processed through the Service. For data protection inquiries, contact us at:

3. Data We Collect

3.1 Account Data

When you sign in via Discord or Google OAuth, we receive and store:

  • Discord: user ID, username, discriminator/tag, avatar URL, email address
  • Google: user ID, email address, display name, profile picture URL

3.2 Scan Data

When you run the SGC Scanner, the following data is collected and transmitted:

  • System information (OS version, hardware identifiers)
  • Installed software and running processes relevant to the scan
  • File hashes and signatures of items flagged by detection rules
  • Browser extension lists and DNS configuration
  • Registry entries, scheduled tasks, and system integrity indicators

Important: The scanner does NOT collect personal files, passwords, browsing history, or any data unrelated to gaming integrity checks. All data collection is limited to what is necessary for the declared purpose.

3.3 Usage Data

  • IP address (anonymized after 30 days)
  • Pages visited and features used
  • API request logs (retained for 90 days)

3.4 Payment Data

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status, but never your full credit card number.

4. Legal Basis for Processing (GDPR Art. 6)

Purpose Legal Basis
Account creation & authentication Contract performance (Art. 6(1)(b))
System scanning Consent (Art. 6(1)(a)) — you explicitly run the scanner
Payment processing Contract performance (Art. 6(1)(b))
Platform security & fraud prevention Legitimate interest (Art. 6(1)(f))
Analytics & service improvement Legitimate interest (Art. 6(1)(f))
Cookie usage Consent (see Cookie Policy)

5. Data Sharing

We share your data only with:

  • Stripe: Payment processing (PCI DSS compliant)
  • Discord: OAuth authentication
  • Google: OAuth authentication
  • Event organizers: Scan results for participants in their events (guild administrators)

We do NOT sell your personal data. We do not share data with advertising networks or data brokers.

6. Data Retention

  • Account data: retained while your account is active + 30 days after deletion
  • Scan reports: retained for 12 months, then anonymized
  • Audit logs: retained for 24 months
  • Payment records: retained as required by applicable tax law (typically 7 years)
  • IP addresses: anonymized after 30 days

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate personal data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — restrict processing in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior processing

To exercise these rights, email privacy@safegamingcloud.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption in transit (TLS 1.2+) and at rest
  • JWT-based authentication with expiring tokens
  • Rate limiting and DDoS protection
  • Regular security audits
  • Access controls and audit logging

9. International Transfers

Your data may be processed in the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards (Standard Contractual Clauses or adequacy decisions) are in place.

10. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, contact us for immediate deletion.

11. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully.

12. Changes to This Policy

We will notify you of material changes via email or platform notification at least 30 days before they take effect. The "Last updated" date at the top reflects the latest revision.

13. Contact

For privacy-related questions: