Privacy Policy

Last updated: March 28, 2026

MC-Lore("we", "our", "the Service") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it.

Data Controller: For any data protection inquiries, contact us at [email protected].

1. Data We Collect

Account Data

  • Name, email address (provided during registration or via OAuth)
  • Password (hashed with bcrypt, we never store or see your plain text password)
  • When you sign in with Discord, we receive your username, email address, and avatar via Discord's OAuth service.

Project Data

  • Projects, pins, ciphers, alphabets, solve paths, and activity logs you create
  • Share links and team membership data

Team & Invite Data

  • Email addresses of users you invite to collaborate on projects. These emails are used solely to send the invitation and are deleted if the invitation expires (7 days) or is cancelled.

Technical Data

  • IP address and browser user-agent (from standard server logs)
  • Session cookies for authentication

2. How We Use Your Data

  • Account data: to authenticate you and provide the Service
  • Project data: to store and display your content within the Service
  • Technical data: for security, abuse prevention, and debugging

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, our legal bases for processing your data are:

  • Contract performance (Article 6(1)(b)): processing account data, project data, and session cookies is necessary to provide the Service you have signed up for.
  • Legitimate interests (Article 6(1)(f)): processing technical data (IP addresses, server logs) for security, abuse prevention, and debugging. Our legitimate interest is maintaining a secure and functional service.
  • Consent (Article 6(1)(a)): when you choose to sign in with Discord, you consent to us receiving your OAuth profile data. You may withdraw consent by unlinking your OAuth account or contacting us.

4. Third-Party Services

We use the following third-party services to operate MC-Lore:

These services process your data only as necessary to provide their functionality. We do not share your project content with any third party.

5. Cookies

We use only essential cookies required for authentication (session cookies). We do not use analytics cookies, tracking cookies, or advertising cookies.

6. Data Storage & Security

  • All data is transmitted over HTTPS
  • Passwords are hashed with bcrypt before storage
  • Database access is restricted to the application
  • We follow security best practices including input validation, parameterized queries, and HTTP security headers

7. Your Rights

You have the right to:

  • Access your data: export all your projects, pins, ciphers, and alphabets as JSON or CSV at any time
  • Correct your data: edit your profile and project content
  • Erasure ("right to be forgotten"): request deletion of your personal data by contacting us
  • Data portability: export your data in standard formats (JSON, CSV)
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time by unlinking your OAuth account or contacting us
  • Object to processing: you may object to processing based on legitimate interests
  • Restrict processing: you may request that we limit how we use your data

We do not make any automated decisions that produce legal effects concerning you.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If we cannot comply with your request, we will explain why. You have the right to lodge a complaint with your local data protection authority.

8. Data Retention

Your data is retained as long as your account is active. If you request account deletion, all associated data is permanently deleted within 30 days. Server logs containing IP addresses are retained for up to 90 days for security purposes.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. If the breach is likely to result in a high risk to you, we will also notify you directly via the email address associated with your account.

10. Children's Privacy

The Service is not directed at children under 13 in the United States or under 16 in the European Union. We do not knowingly collect data from children under these ages. If we learn that we have collected personal data from a child under the applicable minimum age, we will delete that data within 30 days. If you believe a child has created an account, please contact us.

11. International Data Transfers

Your data may be processed in the United States or other countries where our infrastructure providers operate. For transfers of personal data from the European Economic Area to countries not recognized by the European Commission as providing adequate data protection, we rely on the following safeguards:

  • Our sub-processors (Vercel, Turso, Discord) maintain Standard Contractual Clauses (SCCs) approved by the European Commission, or are certified under applicable data transfer frameworks.
  • We ensure that any sub-processor handling EEA personal data provides appropriate safeguards as required by GDPR Chapter V.

You may contact us for more information about the specific safeguards in place.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top will reflect the most recent revision. Material changes will be communicated via email or in-app notification.

13. Minecraft Disclaimer

MC-Lore is not an official Minecraft product. It is not approved by or associated with Mojang Studios or Microsoft Corporation.

14. Contact

For privacy-related questions or to exercise your rights, contact us at [email protected].