Privacy Policy

1. Who is responsible

The Service is operated by AstroTriesModding ("we," "us"). We act as the controller for personal data processed through this site, except where a provider (such as Stripe or Discord) determines processing for its own purposes; see their policies linked below.

2. Information we collect

• Discord account (OAuth). When you choose "Sign in with Discord," Discord shares data according to the scopes we request: identify, email, and guilds. That typically includes your Discord user ID, username and display name, email address, avatar URL, and a list of Discord servers (guilds) you are in, along with metadata Discord returns for those guilds (such as server names, icons, and permission summaries).
• App profile. We store a linked profile in our database (for example Discord ID, display label, optional Discord handle fields, and avatar URL) so we can show your dashboard and tie invoices to you.
• Invoices and payments. We store commission titles, amounts in the smallest unit of the invoice currency (e.g. cents, pence), currency code, status (pending, paid, revoked), and Stripe Checkout session identifiers needed to reconcile payments. Payment card numbers are processed by Stripe. We do not store full card data on our servers.
• Deliverables. We store references to files (for example storage keys) associated with paid commissions. Files themselves are kept in our object storage; download access is enforced when you are signed in and authorized for that invoice.
• Authentication sessions. Sign-in uses cookies and tokens managed by our auth system so your browser stays logged in securely.
• Technical data. Like most sites, hosting and infrastructure providers may process IP addresses, timestamps, and similar technical data when you connect to the Service.

3. How we use information

• Provide accounts, dashboards, and sign-in.
• Create, display, and manage commission invoices assigned to you.
• Process payments through Stripe and update invoice status.
• Allow secure download of deliverables you have paid for.
• Sync and store your Discord guild list server-side when you use the Service so we can operate internal tools. Guild lists are not shown on your customer dashboard; they may be used in admin-only views (for example to review server names against risk keywords for compliance and fraud prevention).
• Secure the Service, debug issues, and meet legal obligations.

4. Legal bases (EEA, UK, and similar regions)

Where applicable law requires a legal basis, we rely on: performing our contract with you (running the commissions portal and delivering paid content); legitimate interests (security, abuse prevention, internal admin review of guild metadata as described above); and, where required, your consent (for example when you choose to connect Discord).

5. How we share information

We share data with service providers that make the Service work. They process data on our instructions or under their own terms as applicable:

• Discord: authentication and guild data from your Discord account.
• Stripe: payment processing.
• Convex: application database, server functions, and auth-related storage used by this project.
• Cloudflare R2 (or compatible S3-style storage) for hosting commission files. See Cloudflare's privacy policy.
• Our website host (for example Vercel or similar) for delivery of pages and API routes.

We may also disclose information if required by law, to protect rights and safety, or in connection with a business transfer after notice as required by law.

6. Cookies and similar technologies

We use cookies and related technologies needed for authentication and session management. We do not use third-party advertising cookies on this Service as part of its core design; if that ever changes, we will update this policy.

7. Retention

We keep information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Invoice and payment records may be retained longer where accounting or tax rules require. You can ask us about deletion where applicable (see below).

8. Security

We use industry-standard measures appropriate to the Service (HTTPS, access controls, and trusted infrastructure providers). No method of transmission or storage is completely secure.

9. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export personal data; to object to or restrict certain processing; and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.

You can disconnect the Service by signing out and, if you wish, revoking this application in your Discord authorized apps settings. That may limit your ability to use the dashboard or downloads.

To exercise privacy rights or ask questions, contact us through the channels listed on astrotriesmodding.dev. We will respond within the timeframes required by applicable law.

10. Children

The Service is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.

11. International transfers

We and our providers may process data in the United States and other countries. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

12. Changes

We may update this policy from time to time. We will post the new effective date on this page and, if changes are material, provide additional notice as appropriate.