π Privacy Policy
Last Updated: December 2025
1. Introduction
WoW Emu Watchlist ("we", "us", "our") operates the watchlist.wowemu.forum website and Discord bot (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
WoW Emu Watchlist
Contact: [email protected]
3. Information We Collect
3.1 Website Account Data
| Data Type | Purpose | Retention |
|---|---|---|
| Email Address | Account authentication, password recovery, important notifications | Until account deletion |
| Username | Public display, attribution of reports/comments | Until account deletion |
| Password | Account security (stored as secure hash, never plaintext) | Until account deletion |
| IP Address | Security, anti-abuse, fraud prevention | 30 days |
3.2 Watchlist Entry Data
| Data Type | Purpose | Retention |
|---|---|---|
| Gaming Usernames/Aliases | Identification of reported individuals | Until entry removal or successful dispute |
| Discord User IDs | Matching users across platforms (when provided as evidence) | Until entry removal or successful dispute |
| Server/Community Names | Context for reports | Until entry removal or successful dispute |
| Evidence Links | Supporting documentation for reports | Until entry removal or successful dispute |
| Report Descriptions | Details of reported behavior | Until entry removal or successful dispute |
3.3 Discord Bot Data
| Data Type | Purpose | Retention |
|---|---|---|
| Discord User ID | Matching against watchlist database | Not stored permanently; processed in real-time |
| Discord Username | Matching against watchlist database | Not stored permanently; processed in real-time |
| Server (Guild) ID | Bot configuration and settings | Until bot is removed from server |
| Action Logs | Audit trail for moderation actions | 90 days |
Important: The Discord bot does NOT collect or store message content, voice data, or any private communications.
4. Legal Basis for Processing (GDPR Article 6)
We process personal data under the following legal bases:
- Consent (Article 6(1)(a)): When you create an account or submit a report, you consent to processing.
- Contract (Article 6(1)(b)): Processing necessary to provide our Service to you.
- Legitimate Interest (Article 6(1)(f)): Protecting gaming communities from fraud, scams, and harmful behavior. This interest is balanced against individual rights through our dispute system.
5. Your Rights Under GDPR
As a data subject, you have the following rights:
π Right to Access
Request a copy of all personal data we hold about you.
βοΈ Right to Rectification
Request correction of inaccurate or incomplete data.
ποΈ Right to Erasure
Request deletion of your personal data ("right to be forgotten").
βΈοΈ Right to Restrict Processing
Request limitation of how we process your data.
π¦ Right to Data Portability
Receive your data in a structured, machine-readable format.
π« Right to Object
Object to processing based on legitimate interests.
How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: [email protected]
- Subject line: "GDPR [Right Name] Request"
- Include: Your username or email associated with your account
We will respond within 30 days as required by GDPR.
6. Disputing Watchlist Entries
If you believe a watchlist entry about you is inaccurate, defamatory, or should be removed, you have the right to dispute it. This is both a feature of our Service and your right under GDPR.
How to Dispute
- Navigate to the entry in question
- Click the "Dispute This Entry" button
- Provide your contact information and explanation
- Submit any evidence supporting your dispute
- Our team will review within 14 days
Possible outcomes include: entry removal, entry modification, rejection with explanation, or request for additional information.
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Passwords are hashed using industry-standard algorithms (bcrypt)
- All connections use HTTPS/TLS encryption
- Database access is restricted and monitored
- Regular security audits and updates
- Access controls limit who can view sensitive data
8. Data Sharing and Third Parties
We do NOT sell your personal data to anyone.
We may share data only in these limited circumstances:
- Service Providers: Hosting providers and payment processors who help operate our Service (bound by data protection agreements)
- Legal Requirements: When required by law, court order, or to protect our legal rights
- Community Protection: Watchlist data is intentionally public to protect gaming communities
9. International Data Transfers
Our servers may be located outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
10. Cookies
We use only essential cookies necessary for the Service to function:
- Session Cookie: Keeps you logged in (expires when browser closes or after inactivity)
- CSRF Token: Security cookie to prevent cross-site request forgery
We do NOT use tracking cookies, analytics cookies, or advertising cookies.
11. Children's Privacy
Our Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on our website. The "Last Updated" date at the top indicates when the policy was last revised.
13. Complaints
If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact your local Data Protection Authority.
However, we encourage you to contact us first so we can try to resolve your concerns directly.
14. Contact Us
Data Protection Inquiries
Email: [email protected]
Please include "Privacy" or "GDPR" in your subject line for faster response.