UNDETECTED.GG

Working draft — not yet in force. These documents are scaffolding for review by qualified legal counsel and do not constitute legal advice. Items shown like [[ … ]] must be completed before launch.

Legal

Privacy Policy

Last updated June 6, 2026 · Working draft, pending legal review

This Privacy Policy explains how we collect, use, and protect your personal data when you use undetected.gg, and your rights under the EU General Data Protection Regulation (GDPR).

1. Controller

The data controller is [[ operator legal name & address ]]. For privacy questions or to exercise your rights, contact [[ privacy email ]]. [[ Data Protection Officer, if one is appointed. ]]

Because we offer services to people in the EU from outside it, our EU representative under Article 27 GDPR is [[ EU representative — name & address (required unless the narrow Art. 27(2) exemption applies; confirm with counsel) ]].

2. What we collect

  • Account data you provide — username, email address, and profile details.
  • Content you post — posts, messages, files, and listings.
  • Technical data collected automatically — IP address, browser/device information, and server logs, used for security and operation.
  • Cookies / local storage — see the Cookies section.
  • Payment data — handled by [[ our payment provider (e.g. BTCPay) ]]; we do not store full payment instrument details.

3. How we use it & legal bases

  • To provide the Service and your account — performance of a contract (Art. 6(1)(b) GDPR).
  • To keep the Service secure, prevent spam/abuse, and operate it — legitimate interests (Art. 6(1)(f)).
  • To comply with legal obligations — Art. 6(1)(c).
  • For optional analytics or communications — your consent (Art. 6(1)(a)), which you can withdraw at any time.

4. Cookies

We use essential cookies for sign-in and security. [[ List any analytics/optional cookies here, or state “no non-essential cookies are used.” ]]

5. Who we share data with

We share data with service providers (processors) only as needed to run the Service:

  • Hosting — [[ Hetzner (EU data centers) ]].
  • Transactional email — [[ email provider (e.g. Resend) ]].
  • Forum software — self-hosted, on our infrastructure.
  • Payments — [[ payment provider ]].
  • Backups / object storage — [[ e.g. Cloudflare R2 / Backblaze ]].

We do not sell your personal data.

6. International transfers

Data is primarily hosted in the EU. [[ Note: the operator may access data from outside the EEA (e.g. the US); where data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses. Confirm the transfer mechanism with counsel. ]]

7. Retention

We keep your data for as long as your account is active and as needed to provide the Service, then delete or anonymize it [[ after a defined period ]], subject to legal retention requirements. Backups rotate on a regular schedule.

8. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased (“right to be forgotten”);
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent at any time; and
  • lodge a complaint with a supervisory authority ([[ e.g. your local Datenschutzbehörde ]]).

To exercise any of these, contact [[ privacy email ]].

9. Children

The Service is not directed to children under [[ 16 ]], and we do not knowingly collect their data.

10. Security

We use reasonable technical and organizational measures to protect your data. No method of transmission or storage is completely secure.

11. Changes

We may update this policy and will note the “last updated” date. Material changes will be communicated where appropriate.

12. Contact

Privacy questions: [[ privacy email ]]. See also our Imprint.