Add privacy policy feature enumeration from server/evr_*.go analysis

[Copilot]

Analyzed 162 server/evr_*.go files (~46K LOC) to identify features with privacy policy implications for legal review.

Deliverable: PRIVACY_FEATURES_ANALYSIS.md

• 17 functional categories covering authentication, geolocation, device fingerprinting, Discord integration, matchmaking, behavioral analysis, VRML integration, telemetry, and data retention
• 60+ specific features enumerated with privacy relevance explanation for each
• 12 data categories summarized: identifiers, network data, device info, social graphs, performance metrics, behavioral data, external identities, communications, preferences, logs, commercial data, temporal data

Key findings include:

• Third-party data sharing with Discord, IPQS (fraud detection), VRML (competitive gaming)
• Persistent cross-device/cross-platform tracking via hardware fingerprinting, IP history, and system profiles
• Indefinite retention of login history, enforcement records, and match participation
• Alternate account detection using IP addresses, HMD serials, and hardware signatures
• Public leaderboard exposure of performance data with Discord IDs in metadata

Document structured for non-technical stakeholders; no code excerpts, technical jargon minimized, observable behavior described plainly.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Enumerate privacy policy impacting features by analyzing server/evr_*.go</issue_title>
<issue_description>Objective:

• Analyze all Go source files in the repository matching pattern
  server/evr_*.go.
• Identify and enumerate all features in these files that have any
  impact on, or relevance to, a privacy policy.
• Categorize each feature succinctly (functional area--e.g. login,
  matchmaking, statistics, external account linking, group management,
  storage, integrations).

Requirements:

• For each identified feature, briefly describe why or how
  the feature might affect a privacy policy (e.g., handling personal
  data, persistent identifiers, sharing with third parties).
• Output should be structured as an outline or enumerated list,
  suitable as a first step for legal/privacy review.
• Do NOT include language or recommendations from a privacy
  perspective--simply identify and categorize technical features and
  their observable privacy implications.
• Do NOT include specific code excerpts.
• Focus only on behavior observable in server/evr_*.go sources.

Output format:

• Provide a list with categories, feature name/brief, and a
  sentence on privacy policy relevance for each.
  </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Enumerate privacy policy impacting features by analyzing server/evr_*.go #150

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.