Privacy Policy

Effective Date: November 9, 2025

At ammo.lol ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using ammo.lol, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, password (encrypted), display name, and profile handle
  • Profile Content: Bio, avatar, background images, custom URLs, links, badges, and other customizations
  • Payment Information: Billing details processed through Stripe (we do not store full credit card numbers)
  • Communications: Messages you send to our support team

1.2 Automatically Collected Information

  • Analytics Data: Profile views, visitor statistics, and engagement metrics
  • Technical Data: IP address (hashed for privacy), browser type, device information, and user agent
  • Usage Data: Pages visited, features used, clicks, and interaction patterns
  • Cookies: Session tokens and authentication cookies (see Section 8)

1.3 Third-Party Information

If you connect third-party accounts (Discord, Instagram, Twitter, etc.), we may receive basic profile information according to those platforms' permissions and policies.

2. How We Use Your Information

We process your personal data for the following purposes:

2.1 Service Delivery (Legal Basis: Contract Performance)

  • Create and maintain your account
  • Display your public profile and links
  • Process payments and manage subscriptions
  • Provide customer support
  • Enable profile customization features

2.2 Analytics and Improvements (Legal Basis: Legitimate Interest)

  • Track profile views and visitor statistics
  • Analyze usage patterns to improve features
  • Monitor system performance and security
  • Detect and prevent fraud or abuse

2.3 Communication (Legal Basis: Contract Performance / Legitimate Interest)

  • Send essential service notifications (password resets, security alerts)
  • Respond to your inquiries and support requests
  • Send product updates and feature announcements (you can opt out)

2.4 Legal Compliance (Legal Basis: Legal Obligation)

  • Comply with legal requirements and court orders
  • Enforce our Terms of Service
  • Protect rights, safety, and security of users

3. Data Storage and Security

3.1 Where We Store Your Data

Your data is stored on secure servers provided by Supabase (PostgreSQL database) and Vercel (hosting platform), with data centers located in the United States and Europe.

3.2 Security Measures

  • Industry-standard encryption (TLS/SSL) for data in transit
  • Encrypted password storage using bcrypt hashing
  • Row-level security (RLS) policies on database tables
  • Regular security audits and monitoring
  • Two-factor authentication (2FA) available for accounts
  • Automatic session expiration and token rotation

Note: No system is completely secure. While we implement strong safeguards, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials.

3.3 Data Retention

We retain your personal data:

  • Active Accounts: As long as your account remains active
  • Deleted Accounts: Permanently deleted within 72 hours (see Section 5)
  • Legal Requirements: Certain data may be retained longer if required by law
  • Analytics: Aggregated, anonymized data may be retained indefinitely
  • Backups: Temporary backups are purged within 30 days of account deletion

4. Data Sharing and Disclosure

We do not sell your personal data. We only share information in the following limited circumstances:

4.1 Service Providers

We share data with trusted third parties who help us operate our service:

  • Supabase: Database hosting and authentication (GDPR-compliant)
  • Vercel: Website hosting and CDN services
  • Stripe: Payment processing (PCI DSS Level 1 compliant)

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.2 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes (subpoenas, court orders)
  • Enforce our Terms of Service
  • Protect rights, safety, or security of users or the public
  • Prevent fraud, abuse, or illegal activity

4.3 Business Transfers

If ammo.lol is acquired or merged with another company, your data may be transferred to the new entity. We will notify you of any such change and your rights regarding your data.

4.4 Public Information

Content you choose to publish on your profile (name, bio, links, images) is publicly accessible by default. You control what information is displayed via your privacy settings.

5. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have the following data protection rights:

5.1 Right to Access (Article 15)

You can request a copy of all personal data we hold about you. Contact us at privacy@ammo.lol to request your data export.

5.2 Right to Rectification (Article 16)

You can update incorrect or incomplete information through your account settings at any time.

5.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can permanently delete your account and all associated data at any time:

  1. Navigate to Dashboard → Account
  2. Scroll to the "Danger Zone" section
  3. Follow the account deletion process

What gets deleted: Profile, links, analytics, badges, guilds, payment history, and authentication credentials. Deletion is permanent and cannot be undone. Data is removed within 72 hours.

5.4 Right to Restriction of Processing (Article 18)

You can request that we limit how we process your data in certain circumstances. Contact us to exercise this right.

5.5 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format (JSON/CSV) for transfer to another service. Contact us for data export.

5.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. Unsubscribe links are provided in all marketing emails.

5.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time through your account settings or by contacting us.

5.8 Right to Lodge a Complaint

You have the right to file a complaint with your local data protection authority if you believe we have violated your data protection rights.

To exercise any of these rights, contact us at privacy@ammo.lol. We will respond within 30 days.

6. Children's Privacy

ammo.lol is not intended for users under 13 years of age. We do not knowingly collect personal data from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

Parents or guardians who believe their child has provided information to us should contact us at privacy@ammo.lol.

7. International Data Transfers

Our servers are located in the United States and Europe. If you access ammo.lol from outside these regions, your data may be transferred to and stored in these locations.

We ensure adequate safeguards for international transfers through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service providers with GDPR-compliant data processing agreements
  • Encryption and security measures meeting international standards

8. Cookies and Tracking Technologies

8.1 Essential Cookies

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences
  • Ensure security and prevent fraud

These cookies are necessary for the service to function and cannot be disabled.

8.2 Analytics

We collect anonymized usage data to understand how users interact with our service. This includes:

  • Page views and navigation patterns
  • Feature usage statistics
  • Error reports and performance metrics

IP addresses are hashed before storage to protect privacy. We do not track you across other websites.

8.3 Visitor Tracking on Public Profiles

When someone visits your public profile, we collect:

  • Hashed visitor identifier (not personally identifiable)
  • Timestamp of visit
  • Referrer source (if available)
  • Basic device information

This data is used solely to provide you with analytics about your profile's performance. Bot traffic is filtered out automatically.

8.4 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in or using certain features.

9. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

  • Notify affected users within 72 hours of discovering the breach
  • Report the breach to relevant data protection authorities as required by law
  • Provide information about the breach, affected data, and remedial actions
  • Take immediate steps to secure the system and prevent further unauthorized access

10. Third-Party Services and Links

Your profile may contain links to third-party websites and services. This Privacy Policy does not apply to those external sites. We are not responsible for the privacy practices or content of third parties.

When you connect third-party accounts (social media integrations), those platforms' privacy policies govern their data collection and use.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: What personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@ammo.lol.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Effective Date"
  • Sending an email notification to registered users (for significant changes)
  • Displaying a prominent notice on the service

Continued use of ammo.lol after changes take effect constitutes acceptance of the updated policy. We encourage you to review this page periodically.

13. Data Controller and Contact Information

Data Controller: ammo.lol
Email: privacy@ammo.lol
Support: support@ammo.lol
Legal: legal@ammo.lol

For data protection inquiries, requests to exercise your rights, or questions about this policy, please contact us at the email addresses above. We will respond within 30 days as required by law.

14. Summary of Key Points

Quick Reference:

  • We collect only data necessary to provide our service
  • Your data is encrypted and stored securely
  • We never sell your personal information
  • You can delete your account and all data at any time
  • You have full control over your public profile content
  • We comply with GDPR, CCPA, and international privacy laws
  • Analytics data is hashed and anonymized
  • Cookies are used only for essential functions and analytics
  • You can exercise your data rights by contacting privacy@ammo.lol
  • We respond to all privacy requests within 30 days

Last Updated: November 9, 2025
Version: 1.0