$ Privacy Policy

# Last updated: March 23, 2026

1. Who We Are

PurrNet ("we", "us", "our") is a networking framework for game developers. This privacy policy explains how we collect, use, store, and protect your personal data when you use our website and services at purrnet.dev.

For any privacy-related questions or data protection requests, reach out via our Contact page.

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Data (via Discord OAuth)

  • Email address — required for account creation
  • Discord user ID — used to link your Discord identity
  • Username & display name — from your Discord profile
  • Avatar URL — your Discord profile picture

2.2 Payment Data (via Stripe)

  • Stripe customer ID — links your account to Stripe
  • Donation amounts & currency
  • Subscription tier & status
  • Payment method type (e.g., card) — we do not store card numbers

2.3 Technical Data

  • IP address — temporarily processed for rate limiting (not permanently stored)
  • User agent string — temporarily processed for rate limiting
  • Session tokens — for keeping you logged in

2.4 Game Services Data

  • Player credentials — username and securely hashed passwords
  • Player account metadata — display name, last seen timestamp
  • API keys — stored as secure hashes

3. How We Use Your Data

We process your personal data for the following purposes:

  • Account management — creating and maintaining your account
  • Authentication — verifying your identity when you log in
  • Payment processing — handling subscriptions and donations via Stripe
  • Service delivery — providing access to packages, game networking features, and project management
  • Security — rate limiting, abuse prevention, and session management
  • Discord integration — assigning roles based on your subscription tier

Legal basis (GDPR Art. 6): We process your data based on (a) contractual necessity (to provide the service you signed up for), (b) legitimate interests (security and abuse prevention), and (c) your consent (for optional features like donations).

4. Third-Party Services

We share data with the following third-party processors:

4.1 Stripe

We use Stripe for payment processing. When you make a payment, Stripe receives your email, payment details, and a customer identifier. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.

4.2 Discord

We use Discord OAuth for authentication. When you log in, we receive your public Discord profile data (email, username, avatar). We also use the Discord API to assign subscription-related roles. See Discord's Privacy Policy.

4.3 Hosting & Infrastructure

Our website and database are hosted on cloud infrastructure. Data is transmitted over encrypted connections (TLS/SSL).

5. Cookies

We use the following cookies, all of which are strictly necessary for the service to function:

CookiePurposeDuration
auth_sessionKeeps you logged inSession lifespan
discord_oauth_stateCSRF protection during loginPer login attempt
redirect_after_loginRemembers where to send you after login10 minutes
cookie_consentStores your cookie preference1 year

We do not use any analytics cookies, advertising cookies, or third-party tracking scripts.

6. Data Retention

  • Account data — retained until you delete your account
  • Session data — automatically expires and is cleaned up
  • Payment records — retained for 7 years after the transaction for legal and tax compliance obligations, even after account deletion. Payment records are maintained by Stripe as an independent data controller.
  • Rate limiting data — temporary, held in memory only (minutes to hours)
  • Consent records — retained for as long as needed to demonstrate compliance with GDPR and other applicable regulations

7. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your account and data
  • Right to data portability — receive your data in a machine-readable format
  • Right to restrict processing — limit how we use your data
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent

You can exercise your rights to data export and account deletion directly from your Profile page. For all other requests, reach out via our Contact page. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

  • All connections use TLS/SSL encryption
  • Passwords are hashed using scrypt with unique salts
  • API keys are stored as secure hashes
  • Session tokens are cryptographically random
  • Admin access requires Discord role verification

9. International Transfers

Your data may be processed in countries outside the EU/EEA by our third-party providers (Stripe, Discord). These transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) where applicable.

10. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

11. Your Rights (California Residents — CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know — request what personal information we collect, use, and disclose
  • Right to delete — request deletion of your personal information
  • Right to opt-out of sale — we do not sell your personal information to third parties
  • Right to non-discrimination — we will not discriminate against you for exercising your rights

We do not sell, share, or use personal information for targeted advertising. To exercise any of these rights, reach out via our Contact page or use the data export and deletion tools on your Profile page.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes via the website. The "last updated" date at the top of this page indicates when this policy was last revised.