Política de privacidade

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use the Playlith website and related services (“Service”). We process personal data in accordance with the EU General Data Protection Regulation (“GDPR”) where it applies, and with other applicable data protection laws.

The controller responsible for processing personal data in connection with the Service is:

Account and profile data. When you sign in with Discord, we receive and store identifiers and profile elements provided by Discord or derived during authentication, such as your Discord user ID, display name, global name where available, avatar URL, and an e-mail address or a service-specific placeholder if Discord does not share an e-mail. We may store an internal Discord channel identifier used to deliver service-related messages.

Party and community data. We process information you provide when creating or joining parties (for example game selection, party title and description, language preferences, capacity, age limits you set, and timestamps), as well as relationships between users and parties (including join requests and membership).

Preferences. We may store onboarding state, favourite games, language selections, and similar preferences you configure in the product.

Technical and usage data. Our servers automatically process connection metadata such as IP address, date and time of requests, user agent, and HTTP referrer where transmitted by your browser. We may use limited local storage in your browser to remember UI settings (such as language).

Website analytics (Google Analytics). We use Google Analytics 4 (provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) to understand how visitors use our website—for example which pages are opened, how long sessions last, approximate regional origin derived from truncated IP addresses, and technical information such as device category, browser, and screen size. Data is typically aggregated for reporting. Depending on configuration, Google may set or read cookies or similar identifiers on your device. Further information is available in Google’s Privacy Policy.

Sessions and security. If we use cookie-based sessions, session identifiers and related security data may be stored server-side together with IP address and user agent for session integrity.

Purchases (Stripe). If you purchase optional paid features, payments are processed by Stripe (Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, and, where applicable, Stripe, Inc. and affiliates in other regions). Card and wallet data are collected and processed directly by Stripe. We typically receive limited billing metadata (for example customer reference, transaction ID, amount, currency, subscription or purchase status) and do not store your full card number on our systems. Stripe’s processing is described in Stripe’s Privacy Policy.

• Providing the Service (Art. 6(1)(b) GDPR): authentication, operating party features, delivering notifications you expect as part of the Service, and support.
• Security and abuse prevention (Art. 6(1)(f) GDPR, balancing test): protecting users, investigating misuse, enforcing terms, and ensuring system integrity.
• Website analytics (Google Analytics): where required by applicable law (including the German Telecommunications Telemedia Data Protection Act, “TTDSG”), we rely on your consent (Art. 6(1)(a) GDPR) before activating non-essential analytics cookies or similar storage on your device. Where consent is not required for a specific processing activity, we may rely on legitimate interests (Art. 6(1)(f) GDPR) in measuring aggregate website usage and improving the Service, balanced against your rights. You can withdraw consent at any time with effect for the future (for example via our cookie settings, where offered).
• Payments (Art. 6(1)(b) GDPR): processing necessary to perform our contract with you when you purchase paid features, including fraud prevention and accounting as permitted by law.
• Compliance and legal claims (Art. 6(1)(c) and (f) GDPR): meeting legal obligations and establishing, exercising, or defending legal claims.
• Marketing (Art. 6(1)(a) GDPR, if applicable): only with your prior consent where required by law (separate from analytics consent where we distinguish them).

Hosting (Hetzner). Our production infrastructure is operated on servers at Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner hosts application and database systems and processes personal data contained in requests, backups, and logs on our behalf as a processor under a data processing agreement. Data is primarily stored in Hetzner’s facilities in Germany or other locations we configure within the EEA, unless otherwise noted for specific services.

Analytics (Google). Google processes analytics data on our instructions in accordance with the Google Ads / Google Analytics data protection terms applicable to business customers, where relevant. You can learn more about how Google uses data from sites that use its services in Google’s policies linked above.

Payments (Stripe). Stripe processes payment transactions under its own privacy policy and applicable card-network rules. We configure Stripe (for example Checkout or Billing) so that payment credentials are collected and stored by Stripe; we receive the limited metadata described above to fulfil your purchase.

Discord and other integrations. Where the Service integrates with Discord or other platforms, limited personal data may be transmitted to those providers as strictly necessary for the integration you activate. Discord’s processing is described in Discord’s own privacy notice.

Hosting for core Service data is intended to remain within the EEA (Germany via Hetzner). Stripe and Google may additionally process personal data in the United States or other countries outside the EEA. Where such transfers occur, we rely on GDPR-recognised safeguards—such as Standard Contractual Clauses, the EU–US Data Privacy Framework where the recipient is certified, or other approved mechanisms—together with supplementary measures where required by law or regulatory guidance.

We retain personal data only as long as necessary for the purposes described, unless a longer period is required by law. Account data is generally kept for the lifetime of your account and a short grace period thereafter, then deleted or anonymised unless we must retain limited records for legal, tax, or accounting reasons. Server logs are rotated on a regular schedule consistent with security needs.

Subject to conditions in applicable law, you may have the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

To exercise your rights, contact us using the details in the Controller section above. We may need to verify your identity before responding.

We use cookies or similar technologies where technically necessary to maintain sessions and secure logins.

Google Analytics may use cookies or local storage (for example to distinguish visitors) in line with your choices. In the European Economic Area and where national law requires it (including Germany under the TTDSG), we only load Google Analytics and set non-essential analytics cookies after you have given consent in the cookie banner (shown when Google Analytics is configured for the site). You can change or withdraw consent anytime via the same banner (use “Cookie settings” on this Privacy Policy page or the small “Cookie settings” control on the screen), or through your browser by deleting cookies (which may reset some choices).

You can also install the browser add-on to disable Google Analytics offered by Google, in addition to any site-specific controls we provide.

The Service is not directed at children under the age where parental consent is required for data processing in your jurisdiction. If you believe we have collected personal data from a child without appropriate authority, please contact us and we will take reasonable steps to delete it.

We may update this Privacy Policy from time to time. The “Last updated” date reflects the latest revision. Material changes will be communicated as required by law.