Privacy Policy

Last updated: 15 April 2025

1. Who we are

Link-Craft ("we", "us", "our") provides a white-label Minecraft × Discord account-linking platform accessible at link-craft.com. This policy explains how we collect, use, and protect your personal data.

2. Data we collect

• Account identifiers: Discord user ID, Microsoft (Xbox) username, and the Minecraft UUID/username you choose to link.
• OAuth tokens: Short-lived access tokens from Discord and Microsoft — used only to verify identity, never stored permanently.
• Session data: A secure, server-side session cookie to keep you logged in.
• Billing information: Handled entirely by Stripe. We receive only a Stripe Customer ID — we never see card numbers or bank details.
• Usage data: Aggregate statistics (link counts, error rates) used to operate and improve the platform.

3. How we use your data

• To link your Minecraft and Discord accounts as requested.
• To authenticate you when you return to the portal.
• To process subscription payments via Stripe.
• To send transactional emails (e.g. billing receipts) — no marketing emails without explicit consent.

4. Data sharing

We share data only with:

• Stripe — payment processing.
• Discord / Microsoft — solely to verify your identity during OAuth.
• Firebase (Google Cloud) — our configuration database, hosted in the EU (europe-west3) where possible.

We never sell your data.

5. Data retention

Your account link data is kept for as long as your account exists on a server that uses Link-Craft. You can request deletion at any time (see section 7). Session data expires after 7 days of inactivity.

6. Cookies

We use a single, strictly-necessary session cookie (lf.sid). No tracking or advertising cookies are set.

7. Your rights

Under GDPR (and equivalent laws) you have the right to access, rectify, erase, restrict, or port your data. To exercise any right, email us at privacy@link-craft.com. We will respond within 30 days.

8. Security

All data in transit is encrypted via TLS. Sensitive configuration values (database passwords) are encrypted at rest using AES-256. We follow OWASP best practices throughout the codebase.

9. Changes to this policy

We will post any material changes here and update the "Last updated" date. Continued use after changes constitutes acceptance.

10. Contact

Questions about this policy? Email privacy@link-craft.com or visit our contact page.