Privacy Policy
Effective Date: January 6, 2025
Last Updated: January 6, 2025
This Privacy Policy describes how Urchin ("we," "us," or "our") collects, uses, and shares information about you when you use our services, including our website, API, Discord bot, and related services (collectively, the "Services").
1. Controller Information and Contact Details
Data Controller: Urchin
Contact: Discord Server: https://discord.gg/jgKEVUJj3H
Website: https://urchin.ws
For data protection inquiries, please contact us through our Discord server with the subject line "Privacy Request."
2. Legal Basis for Processing (GDPR Article 6)
We process personal data based on the following legal bases:
- Consent (Article 6(1)(a)): When you explicitly consent to processing for specific purposes
- Contract Performance (Article 6(1)(b)): To provide our blacklist services as requested
- Legitimate Interests (Article 6(1)(f)): For fraud prevention, security, service improvement, and community safety
- Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations
- Vital Interests (Article 6(1)(d)): To protect health and safety when necessary
3. Information We Collect
3.1 Personal Information You Provide
- Discord Account Data: Discord user ID, username, discriminator, avatar, server membership status
- Minecraft Account Data: Minecraft usernames, UUIDs, game statistics, skin data
- Communications: Messages, support requests, feedback submitted to us
- Tag Submissions: Player reports, evidence, timestamps, reasons for tagging
3.2 Information Automatically Collected
- Technical Data: IP addresses, browser type and version, operating system, device identifiers
- Usage Data: Pages visited, time spent, click patterns, API request patterns
- Log Data: Server logs, error logs, access logs, security event logs
- Cookies and Tracking: Session identifiers, preference settings, analytics data
3.3 Game Activity Tracking
⚠️ IMPORTANT: We collect detailed game activity data through our game detection system:
- Player Identification: Discord IDs, Discord usernames, Minecraft UUIDs, and Minecraft usernames of all players encountered
- Game Session Data: Complete player lists, game modes, session timing, and duration
- Activity Patterns: Game participation frequency, player interactions, and gaming behavior
- Request Sources: How players were detected (GAME, PARTY, ME, etc.)
- Real-time Tracking: Live monitoring of game sessions and player movements
Retention: This data is retained indefinitely in Discord webhook logs and is not anonymized.
3.4 Third-Party Information
- Discord API Data: Public profile information from Discord's API
- Hypixel API Data: Public game statistics and player information
- Minecraft Services: Username/UUID mappings from Mojang/Microsoft services
4. How We Use Your Information
4.1 Primary Purposes
- Operating and maintaining the blacklist system
- Processing tag submissions and managing player data
- Providing API access and responding to queries
- User authentication and access control
- Customer support and communication
- Game Activity Monitoring: Tracking player game sessions, detecting game modes, monitoring player interactions
4.2 Secondary Purposes (Legitimate Interest)
- Preventing fraud, abuse, and misuse of services
- Ensuring system security and data integrity
- Analyzing usage patterns and improving services
- Generating anonymized statistics and reports
- Enforcing terms of service and community guidelines
5. Legal Basis for Specific Processing Activities
| Processing Activity | Legal Basis | Retention Period |
|---|---|---|
| Account registration | Consent, Contract | Until account deletion |
| Tag submissions | Legitimate Interest | Indefinite (historical record) |
| API usage logging | Legitimate Interest | 12 months |
| Security monitoring | Legitimate Interest | 90 days |
| Customer support | Contract | 3 years after resolution |
| Game activity tracking | Legitimate Interest | Indefinite (Discord webhook logs) |
6. Information Sharing and Disclosure
6.1 Public Sharing
Blacklist Data: Player usernames, UUIDs, tags, and associated metadata are publicly shared as part of our core service functionality. This includes:
- API responses containing tagged player information
- Discord bot responses and public channels
- Website displays and search functionality
⚠️ Game Activity Data: Game session information is automatically shared to Discord servers via webhooks, including:
- Discord usernames and IDs of players using our service
- Complete lists of Minecraft players encountered in games
- Game modes, session timing, and player counts
- Real-time notifications posted to Discord channels
Note: This data sharing occurs automatically without individual consent for each game session.
6.2 Service Providers
We may share data with trusted service providers under data processing agreements:
- Cloud hosting and infrastructure providers
- Database and backup service providers
- Analytics and monitoring services (anonymized data only)
6.3 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal process, court orders, or government requests
- Enforce our terms of service or protect our rights
- Prevent fraud, security breaches, or illegal activities
- Protect the safety of users or the public
7. International Data Transfers
Your data may be transferred to and processed in countries outside your jurisdiction. For EU users, transfers outside the EEA are protected by:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs)
- Other appropriate safeguards under GDPR Article 46
8. Data Security Measures
We implement technical and organizational security measures including:
- Encryption: Data encryption in transit (TLS/HTTPS) and at rest
- Access Controls: Multi-factor authentication, role-based permissions
- Network Security: Firewalls, intrusion detection, DDoS protection
- Monitoring: Continuous security monitoring and incident response
- Backups: Regular encrypted backups with tested recovery procedures
- Staff Training: Regular security awareness training for personnel
9. Your Rights Under Data Protection Laws
9.1 GDPR Rights (EU Users)
Under the General Data Protection Regulation, you have the right to:
- Access (Article 15): Request copies of your personal data
- Rectification (Article 16): Correct inaccurate personal data
- Erasure (Article 17): Request deletion of your personal data
- Restrict Processing (Article 18): Limit how we use your data
- Data Portability (Article 20): Receive your data in a structured format
- Object to Processing (Article 21): Object to legitimate interest processing
- Automated Decision-Making (Article 22): Rights regarding automated profiling
9.2 CCPA Rights (California Users)
Under the California Consumer Privacy Act, you have the right to:
- Know what personal information is collected
- Know whether personal information is sold or disclosed
- Say no to the sale of personal information
- Access your personal information
- Request deletion of personal information
- Equal service and price, even if you exercise your privacy rights
9.3 Game Tracking Specific Rights
⚠️ Important Limitations: For game activity tracking, your rights are limited by the following technical constraints:
- Erasure: We cannot delete game activity data already posted to Discord webhooks
- Rectification: Correction of game data in Discord logs is not technically possible
- Portability: Game tracking data cannot be exported in structured format from Discord logs
- Opt-out: Game tracking occurs automatically during API usage - complete opt-out requires discontinuing service use
9.4 Exercising Your Rights
To exercise these rights:
- Contact us through our Discord server with "Privacy Request" in your message
- Provide sufficient information to verify your identity
- Specify which rights you wish to exercise
- We will respond within 30 days (GDPR) or 45 days (CCPA)
9.5 Right to Complain
You have the right to lodge a complaint with your local data protection authority if you believe we have violated data protection laws.
10. Data Retention
We retain personal data for the following periods:
- Account Data: Until account deletion + 30 days for backup purposes
- Tag Submissions: Indefinitely for historical blacklist integrity
- API Logs: 12 months from creation
- Security Logs: 90 days from creation
- Support Communications: 3 years after case resolution
- Anonymous Analytics: 2 years from collection
- ⚠️ Game Activity Data: Indefinitely in Discord webhook logs (not under our control once posted)
Important Note: Game tracking data posted to Discord servers via webhooks cannot be deleted by us once posted, as Discord retains message history according to their own retention policies.
11. Children's Privacy
Our services are not intended for individuals under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately. Parents or guardians who believe we may have collected information from their child should contact us.
12. Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Essential Cookies: Required for service functionality
- Performance Cookies: Anonymous usage analytics
- Functional Cookies: User preferences and settings
You can manage cookie preferences through your browser settings.
13. Marketing and Communications
We may send you:
- Service Communications: Essential service updates (no opt-out)
- Marketing Communications: Optional promotional content (opt-out available)
You can opt out of marketing communications through Discord settings or by contacting us.
14. Changes to This Privacy Policy
We may update this policy periodically. Material changes will be communicated through:
- Notice on our website homepage
- Discord server announcements
- Direct notification for significant changes affecting your rights
Continued use of our services after changes constitutes acceptance of the updated policy.
15. Jurisdiction-Specific Provisions
15.1 European Union (GDPR)
For EU users, this policy complies with the General Data Protection Regulation. Our lawful basis for processing is detailed in Section 2. You have specific rights under GDPR as outlined in Section 9.1.
15.2 California (CCPA/CPRA)
We do not sell personal information as defined by CCPA. California residents have specific rights as outlined in Section 9.2.
15.3 Other Jurisdictions
We comply with applicable data protection laws in all jurisdictions where we operate. Contact us for jurisdiction-specific questions.
16. Data Breach Notification
In the event of a data breach affecting your personal information, we will:
- Notify relevant authorities within 72 hours (where required)
- Notify affected users without undue delay
- Provide clear information about the breach and remedial actions
17. Contact Information and Data Protection Officer
General Contact:
Discord Server: https://discord.gg/jgKEVUJj3H
Website: https://urchin.ws
Privacy-Specific Inquiries:
Use "Privacy Request" as the subject when contacting us about data protection matters.
Response Times:
- General inquiries: 5 business days
- Data subject requests: 30 days (GDPR) / 45 days (CCPA)
- Data breach notifications: Within 72 hours to authorities, without undue delay to users