$ Privacy Policy

1. Who We Are

PurrNet ("we", "us", "our") is a networking framework for game developers. This privacy policy explains how we collect, use, store, and protect your personal data when you use our website and services at purrnet.dev.

For any privacy-related questions or data protection requests, reach out via our Contact page.

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Data (via Discord OAuth)

• Email address — required for account creation
• Discord user ID — used to link your Discord identity
• Username & display name — from your Discord profile
• Avatar URL — your Discord profile picture

2.2 Payment Data (via Stripe)

• Stripe customer ID — links your account to Stripe
• Donation amounts & currency
• Subscription tier & status
• Payment method type (e.g., card) — we do not store card numbers

2.3 Technical Data

• IP address — temporarily processed for rate limiting and to derive a 2-letter country code for analytics (not permanently stored)
• User agent string — temporarily processed for rate limiting and to derive a device / browser category for analytics
• Session tokens — for keeping you logged in

2.4 Game Services Data

• Player credentials — username and securely hashed passwords
• Player account metadata — display name, last seen timestamp
• API keys — stored as secure hashes

2.5 First-Party Analytics Data

To understand which parts of the site people use and where visitors come from, we log anonymous, first-party analytics data. We do not use Google Analytics, advertising networks, or any third-party tracking service.

• Anonymous visitor / session identifiers — random UUIDs stored in first-party cookies so the same browser is counted once
• Page path you visited (e.g. /docs/introduction)
• Country code (2-letter ISO) — derived in-process from your IP via a locally-bundled database. The IP itself is never stored
• Referrer host (e.g. google.com) and UTM campaign parameters from the URL
• Device category (desktop / mobile / tablet) and browser family (Chrome / Firefox / etc.) parsed from your user-agent string
• Conversion events — signups, subscription starts, donations, and package downloads, linked to your account where applicable

Requests from search-engine crawlers and common bots are filtered out and not logged.

3. How We Use Your Data

We process your personal data for the following purposes:

• Account management — creating and maintaining your account
• Authentication — verifying your identity when you log in
• Payment processing — handling subscriptions and donations via Stripe
• Service delivery — providing access to packages, game networking features, and project management
• Security — rate limiting, abuse prevention, and session management
• Discord integration — assigning roles based on your subscription tier
• Service improvement — understanding aggregate traffic patterns (popular pages, countries, traffic sources, conversion rates) to improve the site and docs

Legal basis (GDPR Art. 6): We process your data based on (a) contractual necessity (to provide the service you signed up for), (b) legitimate interests (security, abuse prevention, and first-party product analytics that don't involve cross-site tracking or advertising), and (c) your consent (for optional features like donations).

4. Third-Party Services

We share data with the following third-party processors:

4.1 Stripe

We use Stripe for payment processing. When you make a payment, Stripe receives your email, payment details, and a customer identifier. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.

4.2 Discord

We use Discord OAuth for authentication. When you log in, we receive your public Discord profile data (email, username, avatar). We also use the Discord API to assign subscription-related roles. See Discord's Privacy Policy.

4.3 Hosting & Infrastructure

Our website and database are hosted on cloud infrastructure. Data is transmitted over encrypted connections (TLS/SSL).

5. Cookies

We use only first-party cookies set by purrnet.dev. Strictly-necessary cookies keep the service functional; the analytics cookies identify a visitor anonymously so the same browser isn't counted as multiple people.

Cookie	Type	Purpose	Duration
auth_session	Strictly necessary	Keeps you logged in	Session lifespan
discord_oauth_state	Strictly necessary	CSRF protection during login	Per login attempt
redirect_after_login	Strictly necessary	Remembers where to send you after login	10 minutes
cookie_consent	Strictly necessary	Stores your cookie preference	1 year
docs_vid	First-party analytics	Anonymous visitor identifier (random UUID)	1 year
docs_sid	First-party analytics	Anonymous session identifier (random UUID)	30 minutes (sliding)

We do not use advertising cookies, third-party analytics scripts (such as Google Analytics), or cross-site tracking of any kind.

6. Data Retention

• Account data — retained until you delete your account
• Session data — automatically expires and is cleaned up
• Payment records — retained for 7 years after the transaction for legal and tax compliance obligations, even after account deletion. Payment records are maintained by Stripe as an independent data controller.
• Rate limiting data — temporary, held in memory only (minutes to hours)
• Analytics data — anonymous page views and conversion events are retained indefinitely in aggregated form. If you delete your account, any rows linked to your user ID are anonymized (the user ID is cleared) while the aggregate counts remain
• Consent records — retained for as long as needed to demonstrate compliance with GDPR and other applicable regulations

7. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights:

• Right of access — request a copy of your personal data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion of your account and data
• Right to data portability — receive your data in a machine-readable format
• Right to restrict processing — limit how we use your data
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent

You can exercise your rights to data export and account deletion directly from your Profile page. For all other requests, reach out via our Contact page. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

• All connections use TLS/SSL encryption
• Passwords are hashed using scrypt with unique salts
• API keys are stored as secure hashes
• Session tokens are cryptographically random
• Admin access requires Discord role verification

9. International Transfers

Your data may be processed in countries outside the EU/EEA by our third-party providers (Stripe, Discord). These transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) where applicable.

10. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

11. Your Rights (California Residents — CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know — request what personal information we collect, use, and disclose
• Right to delete — request deletion of your personal information
• Right to opt-out of sale — we do not sell your personal information to third parties
• Right to non-discrimination — we will not discriminate against you for exercising your rights

We do not sell, share, or use personal information for targeted advertising. To exercise any of these rights, reach out via our Contact page or use the data export and deletion tools on your Profile page.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes via the website. The "last updated" date at the top of this page indicates when this policy was last revised.