Privacy Policy

This Privacy Policy describes how Aether Sync (“we”) collects, uses, and shares information when you use the Service.

1. Information We Collect

From Discord OAuth (with your consent):

• Discord user ID, username, display name, and avatar hash.
• Email address (only if you authorize the email scope).

From your use of the Service:

• Legions, characters, rosters, attendance records you create.
• Subscription tier and billing identifiers (managed by Paddle).
• Audit logs of admin actions (role changes, deletions, etc).
• Standard request metadata: IP address, user-agent, timestamps.

Payment card details are processed directly by Paddle (our merchant of record) and never touch our servers.

2. How We Use Information

• To operate, maintain, and improve the Service.
• To authenticate you and prevent abuse (rate limits, audit log).
• To process subscription payments and send billing-related emails.
• To respond to support inquiries.

3. Sharing

We do not sell your personal data. We share information only with:

• Paddle — payment processing and merchant of record (subject to Paddle's privacy policy).
• Discord — identity verification via OAuth (their privacy policy applies).
• Sentry — error monitoring (technical metadata, stack traces).
• Hosting providers — infrastructure required to run the Service.
• Law enforcement, when legally required.

4. Cookies

We use strictly-necessary cookies to keep you signed in (JWT refresh token). We do not use third-party advertising or analytics cookies.

5. Data Retention

Active account data is retained while your account exists. Soft-deleted legions remain recoverable for up to 90 days, after which they may be permanently purged. Audit logs are retained for 12 months. Paddle retains billing records per its own policies and applicable law.

6. Your Rights

Subject to applicable law (GDPR, CCPA, etc) you may request to access, correct, or delete your personal data, or to export it in a portable format. Contact us at the email below to make a request.

7. International Transfers

Your information may be processed in jurisdictions different from your country of residence. We rely on standard contractual clauses where required.

8. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. Changes

We may update this policy. Material changes will be announced via email or in-app notice. The “Last updated” date at the top reflects the current version.

10. Contact

Privacy questions or data-rights requests: [email protected].