Hydra Labs ("Company", "we", "us", or "our") operates Guildbase (the "Service"), accessible at https://guildbase.gg. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

We collect information in several ways when you use our Service:

1.1 Information You Provide Directly

When you create an account, use our features, or contact us, you may provide:

• Account Information: Email address, username, password, and profile picture
• Guild Information: Guild names, descriptions, settings, branding assets (logos, banners), and configuration preferences
• Application Data: Information collected through application forms you create or submit, including custom form fields and responses
• Team Information: Email addresses of team members you invite, role assignments, and permissions
• Communication Data: Messages, feedback, support requests, and any other communications you send to us
• Payment Information: Billing address and payment details (processed securely by Stripe; we do not store full payment card numbers)

1.2 Information from Third-Party Services

When you link your account to third-party services, we may receive information from those services:

• Discord: User ID, username, discriminator, avatar, email address, and guild memberships (where permitted)
• Steam: Steam ID, profile name, avatar, and public profile information
• Google: Email address, name, and profile picture
• Other Platforms: Similar account identifiers and profile information as authorised by you

The information we receive depends on the permissions you grant and the privacy settings of those third-party services. We encourage you to review the privacy policies of any third-party services you connect to your account.

1.3 Information Collected Automatically

When you access or use the Service, we automatically collect certain information:

• Device Information: Device type, operating system, browser type and version, device identifiers, and screen resolution
• Log Data: IP address, access times, pages viewed, referring URL, and actions taken within the Service
• Usage Information: Features used, interactions with the Service, and performance data
• Location Data: Approximate location based on IP address (country/region level)
• Cookies and Similar Technologies: As described in Section 7 below

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving the Service

• Create and manage your account
• Provide, operate, and maintain the Service
• Process applications and manage guild workflows
• Enable team collaboration and member invitations
• Process payments and manage subscriptions
• Provide customer support and respond to inquiries
• Develop new features and improve existing functionality
• Analyse usage patterns to enhance user experience

2.2 Communications

• Send transactional emails (account verification, password resets, payment receipts)
• Notify you about changes to the Service or your account
• Send service-related announcements and updates
• Respond to your comments, questions, and support requests
• Send marketing communications (with your consent, where required)

2.3 Security and Compliance

• Detect, prevent, and address fraud, abuse, and security issues
• Monitor and enforce our Terms of Service
• Comply with legal obligations and respond to lawful requests
• Protect the rights, property, and safety of Guildbase, our users, and others

2.4 Analytics and Research

• Understand how users interact with the Service
• Measure the effectiveness of features and content
• Conduct research and analysis to improve our offerings
• Generate aggregated, anonymised statistics

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for collecting and using your personal information depends on the specific information and context:

• Contract Performance: Processing necessary to provide the Service and fulfil our contractual obligations to you
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights
• Consent: Where you have given explicit consent for specific processing activities, such as marketing communications
• Legal Obligations: Processing necessary to comply with applicable laws and regulations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors and service providers who perform services on our behalf, including:

• Stripe: Payment processing and subscription management
• Cloud Hosting Providers: Data storage and infrastructure
• Analytics Providers: Usage analysis and performance monitoring
• Email Service Providers: Transactional and marketing communications
• Customer Support Tools: Help desk and support ticket management

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

4.2 Guild Owners and Team Members

When you submit an application to a guild, the information you provide in that application is shared with the guild owner and authorised team members. Guild owners are responsible for their own handling of applicant data.

4.3 Third-Party Integrations

When you connect third-party services to your account or guild, information may be shared with those services as necessary to enable the integration. This sharing is subject to your authorisation and the third party's privacy policy.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, government requests)
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service
• Protect against legal liability
• Prevent or investigate possible wrongdoing

4.5 Business Transfers

If Hydra Labs is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

4.6 Aggregated or Anonymised Data

We may share aggregated or anonymised information that cannot reasonably be used to identify you for any purpose, including research, analytics, and marketing.

5. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

The criteria used to determine our retention periods include:

• The duration of your account and use of the Service
• Whether there is a legal obligation to retain the data
• Whether retention is advisable for our legal position (e.g., statutes of limitations, litigation, regulatory investigations)

When you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

Application data submitted to guilds is retained according to the guild owner's settings and may be subject to their own retention policies.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Employee training on data protection and security
• Secure development practices
• Incident response procedures

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard security practices.

7. Cookies and Tracking Technologies

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help us provide and improve the Service, remember your preferences, and understand how you use our platform.

7.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly (authentication, security, load balancing)
• Functional Cookies: Remember your preferences and settings (language, theme, display options)
• Analytics Cookies: Help us understand how visitors interact with the Service (page views, traffic sources, user journeys)
• Performance Cookies: Monitor Service performance and identify issues

7.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies, accept only certain cookies, or notify you when a cookie is set. Please note that disabling essential cookies may affect the functionality of the Service.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

7.4 Do Not Track

Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. The Service does not currently respond to Do Not Track signals, but you can manage your privacy preferences through browser settings and cookie controls.

8. International Data Transfers

Guildbase is operated from the United Kingdom. If you are accessing the Service from outside the UK, please be aware that your information may be transferred to, stored, and processed in the UK or other countries where our service providers are located.

When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission or UK ICO
• Adequacy decisions recognising equivalent data protection standards
• Other legally approved transfer mechanisms

By using the Service, you consent to the transfer of your information to the UK and other jurisdictions as described in this Privacy Policy.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honouring these rights regardless of where you are located, to the extent practicable.

9.1 Rights for All Users

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to certain exceptions
• Account Closure: Close your account at any time through your account settings
• Withdraw Consent: Withdraw consent for processing where consent is the legal basis
• Unlink Accounts: Disconnect third-party services from your account

9.2 Additional Rights for EEA/UK Residents (GDPR)

If you are in the European Economic Area or United Kingdom, you also have the right to:

• Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Object: Object to processing based on legitimate interests or for direct marketing
• Lodge a Complaint: File a complaint with your local data protection authority (the ICO in the UK: ico.org.uk)

9.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell
• Request deletion of your personal information
• Opt out of the sale or sharing of your personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights
• Correct inaccurate personal information
• Limit the use of sensitive personal information

To exercise your CCPA rights, contact us at [email protected]. We will verify your identity before processing your request.

9.4 Rights for Other Jurisdictions

Users in other jurisdictions (including Australia, Canada, Japan, South Korea, Brazil, and others) may have similar rights under local data protection laws. We will honour requests in accordance with applicable law.

9.5 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or sooner if required by law). We may need to verify your identity before processing certain requests.

10. Children's Privacy

The Service is not intended for children under the age of 16 (or the minimum age required in your jurisdiction for data processing consent). We do not knowingly collect personal information from children under this age.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information.

11. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service, including:

• Discord: discord.com/privacy
• Steam: store.steampowered.com/privacy_agreement
• Google: policies.google.com/privacy
• Stripe: stripe.com/privacy

12. Guild Owners as Data Controllers

When you create a guild on Guildbase, you become a data controller for certain personal information collected through your guild, including:

• Application submissions and responses
• Custom form data you collect from applicants
• Communications with applicants through the platform

As a guild owner, you are responsible for:

• Ensuring you have a lawful basis to collect and process applicant data
• Informing applicants about how their data will be used
• Responding to data subject requests from your applicants
• Complying with applicable data protection laws

Guildbase acts as a data processor when processing data on behalf of guild owners. We process such data only in accordance with the guild owner's instructions and applicable law.

13. Marketing Communications

With your consent (where required by law), we may send you marketing communications about our products, services, and promotions. You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us at [email protected]

Please note that even if you opt out of marketing communications, you will continue to receive transactional and service-related communications (such as payment confirmations and security alerts).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this Privacy Policy
• Notify you by email or through a notice on the Service
• Provide at least 30 days' notice for material changes before they take effect

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

15. Data Protection Officer

For questions or concerns about our data protection practices, you may contact our Data Protection Officer at:

• Email: [email protected]
• Subject Line: Data Protection Inquiry

16. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

• Email: [email protected]
• Website: https://guildbase.gg

We aim to respond to all inquiries within 30 days.