forked from Valour-Software/Valour
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPRIVACY
More file actions
299 lines (214 loc) · 11.8 KB
/
PRIVACY
File metadata and controls
299 lines (214 loc) · 11.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
Privacy Policy
==============
Last updated: February 20, 2026
This Privacy Policy explains what data Valour collects, why we collect it,
and how you can control it. We believe in minimal data collection — we only
store what is necessary to run the service.
Valour is operated by Valour Software LLC ("the Company", "we", "us", "our").
You can reach us at support@valour.gg.
What We Collect
===============
Account Information
-------------------
When you register, we collect:
* Email address: for account verification, password recovery, and policy updates
* Username and tag: your display identity on the platform
* Password: stored as a salted hash, never in plain text
* Date of birth: to verify you are at least 13 years old (COPPA compliance)
* Country/locality: to determine which data regulations apply to you
Optionally, you may provide:
* Invite code: tracks which invite brought you to Valour
* Referral source: how you heard about us (e.g. YouTube, Twitter)
Profile Information
-------------------
You may optionally fill in:
* Profile headline and bio
* Avatar and profile background images
* Theme colors and border style
All profile information is user-provided and publicly visible to other
Valour users.
Messages and Content
--------------------
Messages you send are stored on our servers to deliver them to other users.
This includes text content, attachments, embeds, replies, and emoji reactions.
Technical Data
--------------
* IP address: recorded on your authentication token for account security.
Also logged when you upload images or video, for compliance with NCMEC
and child safety law.
* Device type: a simple mobile/desktop flag, used to show your online status
* Push notification endpoints: to deliver notifications to your device
We do NOT collect:
* Your real name, phone number, or physical address
* Browser fingerprints, cookies, or tracking pixels
* Browsing behavior, page views, or session analytics
* Contact lists from other services
We do not use Google Analytics or any other third-party tracking software.
How We Use Your Data
====================
We use your data to:
* Operate the service: deliver messages, manage your account, authenticate you
* Verify your age: ensure compliance with COPPA (minimum age 13)
* Secure your account: detect unauthorized access via IP on auth tokens
* Send transactional emails: account verification, password recovery, and policy updates only
* Process payments: if you purchase a subscription (handled by third parties)
* Report errors: only if you opt in (see below)
We do NOT use your data to:
* Send marketing emails or newsletters
* Serve advertisements
* Build behavioral profiles
* Sell or rent to third parties
Legal Basis for Processing (GDPR)
----------------------------------
If you are in the EU/EEA, here is the legal basis we rely on for each type
of processing:
* Contract (Art. 6(1)(b)): account registration, message delivery,
payment processing, and all core service functionality. We need your
email, username, password, and messages to provide the service you
signed up for.
* Legal obligation (Art. 6(1)(c)): age verification (COPPA), IP logging
on media uploads (NCMEC/child safety law), and responding to lawful
government requests.
* Legitimate interest (Art. 6(1)(f)): IP address on auth tokens for
account security and fraud prevention. This is essential to protecting
all accounts on the platform and cannot be disabled on a per-user basis.
* Consent (Art. 6(1)(a)): opt-in error reporting via Sentry. You can
withdraw consent at any time in your preferences.
Third-Party Services
====================
These services receive limited data to provide specific functionality:
* SendGrid: delivers transactional emails (verification, password recovery, policy updates).
We have disabled click tracking.
Privacy policy: https://www.twilio.com/legal/privacy
* Sentry: receives error reports, but ONLY if you opt in via your
preferences. You can disable this at any time.
* Stripe: processes card payments, subscription billing, and checkout
sessions. We never see or store your full payment card details.
Privacy policy: https://stripe.com/privacy
* Apple App Store / Google Play: processes in-app purchases on mobile.
Privacy policies:
- Apple: https://www.apple.com/legal/privacy/en-ww/
- Google: https://www.google.com/policies/privacy/
* Firebase Cloud Messaging: delivers push notifications on Android.
* Tenor: powers GIF search. Your GIF favorites are stored on our servers,
not shared with Tenor.
We do not share your data with advertisers, data brokers, or any parties
not listed above.
International Data Transfers
-----------------------------
Our servers and several of our third-party service providers (SendGrid,
Sentry, Stripe, Firebase) are based in the United States. If you are
located outside the US, your data will be transferred to and processed in
the US. Our third-party providers each publish their own GDPR compliance
documentation and data processing terms, which you can review at the
links in the Third-Party Services section above. These transfers are
necessary to perform our contract with you (Art. 49(1)(b)) and are
further protected by our providers' data processing agreements.
Valour Software LLC is the data controller. Our third-party service
providers act as data processors under data processing agreements.
Error Reporting (Opt-In)
========================
Valour uses Sentry for error reporting. This is fully opt-in. By default,
no error data is sent. You can control this in your user preferences:
* Off (default): no error data is sent
* On: error logs, stack traces, and basic device info are sent to Sentry
You can change this setting at any time.
Data Retention and Deletion
===========================
We retain your data for as long as your account exists. We do not maintain
long-term backups of user data — deleted data is not recoverable from
backup systems. Data may be retained beyond account deletion only if
required by law (e.g. a valid legal hold or regulatory obligation).
You can permanently delete your account at any time through the app. When
you delete your account, we delete:
* All your messages and attachments
* Your profile and private information
* Your credentials and authentication tokens
* Your friend relationships and memberships
* Your notification history and channel states
* Your referral records
This deletion is permanent and cannot be undone.
Data Security
=============
Passwords are hashed and salted before storage. Authentication uses
token-based sessions stored in your browser's local storage — we do not
use HTTP cookies for authentication or tracking. Push notification
endpoints (Firebase) use device-level tokens managed by your operating
system, not browser cookies. You can view and revoke individual sessions
from your account settings.
No method of electronic storage is 100% secure. While we use reasonable
measures to protect your data, we cannot guarantee absolute security.
If you are a security professional and discover a vulnerability,
please report it to us at support@valour.gg and consider contributing
to our open-source codebase to help us improve security.
Your Rights
===========
Regardless of where you live, you can:
* Access your data: view your profile, messages, and active sessions
through the app
* Correct your data: update your profile, email, and username at any time
* Delete your data: permanently delete your account and all associated data
* Revoke sessions: individually revoke any active login session
* Control error reporting: opt in or out of error reporting at any time
For EU/EEA Residents (GDPR)
----------------------------
You additionally have the right to:
* Request a copy of your personal data
* Object to processing of your data
* Request restriction of processing
* Data portability: receive your data in a machine-readable format
* Withdraw consent at any time
* Lodge a complaint with your local data protection authority
For California Residents (CCPA/CPRA)
-------------------------------------
We do not sell or "share" (as defined by the CPRA) your personal
information for cross-context behavioral advertising.
The table below fulfills our disclosure obligations under Cal. Civ. Code
§ 1798.110 and § 1798.115:
Category | What we collect | Source | Purpose | Shared with
----------------------|---------------------------|------------|--------------------------|-------------------
Identifiers | Email, username, IP | You / auto | Account operation, | SendGrid (email),
| address | | security | Sentry (opt-in)
----------------------|---------------------------|------------|--------------------------|-------------------
Customer records | Email, hashed password | You | Authentication | None
(Cal. Civ. 1798.80e) | | | |
----------------------|---------------------------|------------|--------------------------|-------------------
Internet activity | Device type (mobile/ | Automatic | Online status, | None
| desktop flag) | | service delivery |
----------------------|---------------------------|------------|--------------------------|-------------------
Sensory data | User-uploaded images, | You | Message delivery, | None
| video, audio | | content sharing |
----------------------|---------------------------|------------|--------------------------|-------------------
Commercial info | Subscription status | You / | Payment processing | Stripe, Apple,
| | Stripe | | Google
----------------------|---------------------------|------------|--------------------------|-------------------
Age / DOB | Date of birth | You | COPPA age verification | None
We do not collect: protected classifications, biometrics, geolocation,
professional/employment info, education records, or inferences.
Your CCPA/CPRA rights:
* Right to know: what data we collect and how we use it (see above)
* Right to delete: request deletion of your data at any time
* Right to opt-out of sale: we do not sell your data, so there is
nothing to opt out of
* Right to non-discrimination: we will not treat you differently for
exercising your rights
To exercise any of these rights, contact us at support@valour.gg.
Children's Privacy
==================
Valour requires users to be at least 13 years old. We collect date of birth
at registration to verify this. If you believe a child under 13 has created
an account, please contact us at support@valour.gg and we will delete it.
Disclosure for Legal Reasons
============================
We may disclose your data if required by law, court order, or government
request. We also reserve the right to reject unlawful requests to protect
our users' privacy and safety.
Changes to This Policy
======================
We will notify you of significant changes by posting the updated policy and
updating the date above. Continued use of Valour after changes constitutes
acceptance of the revised policy.
Contact
=======
If you have questions about this Privacy Policy:
* Email: support@valour.gg