Privacy Policy

Last updated: March 2026

Disclaimer: This document is provided for informational purposes and does not constitute legal advice. Guild Order recommends that users consult with their own qualified legal counsel.

Data Controller

For GDPR purposes, the data controller is Guild Order. Contact: privacy@guildorder.com

Information We Collect

Information You Provide

DataPurpose
Email, username, password (hashed)Account creation & auth
Display name, bio, avatar, timezone, languagePersonalization
Linked game accounts (Steam, Battle.net, etc.)Stats integration
Games played, roles, scheduleRecruitment matching
Forum posts, chat messages, event contentPlatform functionality
Donation records (amounts, notes, methods)Clan donation tracking
Support requests, feedbackCustomer support

Collected Automatically

DataPurpose
Browser type, OS, device typeCompatibility
IP address, access times, pages viewedSecurity & troubleshooting
Auth tokens (sessionStorage)Login session
CSRF tokens (cookies)Security

We do NOT collect: Payment card details, government IDs, biometric data, GPS location, or tracking/advertising cookies.

How We Use Your Information

  • Provide and maintain the Platform
  • Authenticate your identity and manage sessions
  • Personalize your experience (language, timezone)
  • Enable Clan features (rosters, forums, events, plugins)
  • Track donations within Clans (record-keeping only)
  • Integrate with game APIs when you link accounts
  • Generate AI content based on your prompts
  • Send notifications about activity
  • Analyze usage to improve the Platform
  • Prevent abuse and enforce policies
  • Comply with legal obligations

Data Sharing

Within the Platform, your profile information, posts, and donation records are visible to Clan members per your settings.

We may share limited data with:

  • Game API providers --- linked account IDs for stats
  • Infrastructure providers --- encrypted data for hosting
  • AI service providers --- prompts for content generation
  • Email providers --- email address for notifications

We do NOT sell your data, share it with advertisers, or provide it to data brokers.

Cookies and Storage

We use minimal cookies: CSRF token (session), session cookie (session), and language preference (1 year). Access tokens are stored in sessionStorage and cleared when you close the tab.

No advertising, tracking, or social media cookies. See our Cookie Policy for details.

Data Retention

Data TypeRetention
Account dataUntil deletion + 30 days
Clan contentUntil deleted by user/admin
Donation records7 years
Audit logs2 years
Server logs90 days
Deleted accountsAnonymized within 30 days

Your Rights

GDPR Rights (EEA, UK, Switzerland)

  • Access, rectification, and erasure of your data
  • Restrict or object to processing
  • Data portability in machine-readable format
  • Withdraw consent at any time
  • Lodge a complaint with your data protection authority

CCPA Rights (California)

  • Know what data is collected and how it is used
  • Request deletion of personal information
  • Opt out of data sales (we do not sell data)
  • We recognize browser-based opt-out signals such as Global Privacy Control (GPC)

Brazil (LGPD)

  • Access, correct, anonymize, block, or delete personal data
  • Information about third parties with whom data is shared

Russia (Federal Law 152-FZ)

  • Access, correction, and deletion of personal data
  • Withdrawal of consent to processing
  • Objection to cross-border transfer

DACH Region (Germany, Austria, Switzerland)

  • All GDPR rights plus strict data minimization (BDSG)
  • Enhanced protections for special categories of data

To exercise your rights, contact privacy@guildorder.com. We respond within 30 days.

Children's Privacy

Guild Order is not directed at children under 13. We do not knowingly collect data from children under 13 (or higher where required by law, up to 16 in some EU states). If we become aware of such collection, we will promptly delete the data. Parents may contact privacy@guildorder.com.

International Data Transfers

Data may be transferred internationally with safeguards including Standard Contractual Clauses, adequacy decisions, and encryption (TLS in transit, AES-256 at rest). For Russian users, we comply with data localization requirements where applicable.

Security Measures

  • TLS/HTTPS encryption for all communications
  • Encryption at rest for stored data
  • bcrypt password hashing
  • CSRF and rate-limiting protections
  • Role-based access control
  • Audit logging for admin actions
  • Regular security reviews

In the event of a data breach affecting your personal information, we will promptly notify affected users and relevant authorities as required by applicable law.

Related Policies

Terms of ServiceCookie PolicyDonation PolicyAcceptable UseDMCA Policy

Questions? Contact us at privacy@guildorder.com