Privacy Policy

We collect information necessary to provide our services, process purchases, and ensure account security.

Account Information

When you sign in via Discord OAuth, we receive and store:

• Discord user ID, username, and avatar
• Email address associated with your Discord account
• Discord server membership and connection data (used solely for role assignment and verification)

Device Information

When you activate a license key on your device, the following is collected to bind the key:

• Device UDID (Unique Device Identifier)
• Device name and model
• Operating system version

Payment Information

Payments are processed through PayPal. When you complete a purchase, we receive:

• PayPal transaction ID and payer email
• Payment amount and currency
• Payer name and PayPal account ID

We do not store your credit card numbers, bank account details, or PayPal password. All payment processing is handled securely by PayPal.

Automatically Collected Data

When you interact with our website and services, we may automatically collect:

• IP address
• Browser user agent string
• Pages visited and interaction timestamps

We use the collected information for the following purposes:

• Authentication — To verify your identity and manage your account access using Discord OAuth
• License Management — To bind license keys to your device, verify key validity, and manage key lifecycle (activation, expiration, renewal)
• Payment Processing — To process purchases, generate receipts, and maintain transaction records
• Security & Integrity — To detect and prevent unauthorized access, fraud, and abuse of our services
• Communication — To send email verifications, purchase receipts, and important service notifications via Mailjet
• Service Improvement — To monitor and improve service reliability and user experience

We use cookies strictly for functionality purposes:

• Session Cookie — A secure, HttpOnly cookie is used to maintain your login session. This cookie expires after 7 days and is automatically renewed when you visit the site.
• Authentication State — Temporary tokens are used during the Discord OAuth login flow to prevent cross-site request forgery.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

We use the following third-party services to operate our platform:

Each of these services has its own privacy policy governing how they handle your data. We recommend reviewing their respective policies. We only share the minimum data necessary for each service to function.

We take the security of your data seriously and implement multiple layers of protection:

• Encrypted Sessions — All sessions use secure, HttpOnly cookies with JWT tokens
• HTTPS Only — All communication between your browser and our servers is encrypted via TLS
• Rate Limiting — API endpoints are protected against brute-force and abuse attempts
• Security Headers — We implement HSTS, Content Security Policy, X-Frame-Options, and other protective headers
• Password Hashing — All passwords are hashed using bcrypt before storage
• Client Integrity — Our mobile clients include integrity verification to prevent tampering

We maintain logs of key events related to your account for security and support purposes:

• License Key Events — Key creation, activation, expiration, and status changes
• Purchase Records — Transaction details for order fulfillment and customer support
• Authentication Events — Login attempts and session activity for security monitoring

These logs help us resolve support tickets, investigate suspicious activity, and maintain service integrity.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate personal data
• Deletion — Request deletion of your personal data, subject to our legal obligations
• Portability — Request a portable copy of your data in a structured format
• Objection — Object to certain types of data processing

To exercise any of these rights, please contact us through our Discord support ticket system. We will respond to your request within a reasonable timeframe.

Please note that deleting your account data will result in the revocation of all active license keys and loss of access to purchased products.

We retain your data for as long as your account is active and as needed to provide our services. Specifically:

• Account Data — Retained while your account is active. Upon account deletion, data is soft-deleted and may be retained for a reasonable period for dispute resolution
• Transaction Records — Retained for the duration required by applicable financial regulations
• License Key Data — Retained for the lifecycle of the key plus a reasonable period for audit and support purposes
• Security Logs — Retained for a limited period necessary for security investigations

If you have any questions or concerns about this Privacy Policy or how your data is handled, please reach out:

• Discord — Open a support ticket in our server
• Website — goodfeelings.cc