Privacy Policy

We collect the following categories of information when you use the ROKPilots platform: Account Information: When you sign in via Discord OAuth, we receive your Discord username, display name, avatar, email address, and Discord user ID. We do not receive or store your Discord password. Profile Information: Information you voluntarily provide when setting up your pilot or buyer profile, including your timezone, languages spoken, Rise of Kingdoms statistics, and any bio or description text. Payment Information: When you make or receive payments, we process transactions through PayPal. We store your PayPal email address for payout purposes. We do not directly store credit card numbers, bank account details, or other sensitive financial information — PayPal handles this on their end. Booking and Transaction Data: Records of bookings, payments, disputes, reviews, and messages exchanged through the Platform. Usage Data: Basic analytics such as pages visited, features used, and session duration to help us improve the Platform.

We use the information we collect to: Provide and operate the Platform, including matching buyers with pilots, processing bookings, and facilitating payments. Communicate with you about your bookings, disputes, reviews, and account status via email notifications (powered by Resend) and Platform messages. Maintain Platform safety and integrity by detecting fraud, resolving disputes, and enforcing our Terms of Service. Improve the Platform by analyzing usage patterns and gathering feedback. Display public profiles, reviews, and leaderboard rankings as part of the marketplace experience. We do not use your personal information for advertising purposes and we do not sell your data to third parties.

Your data is stored in a Neon PostgreSQL database hosted on secure cloud infrastructure. We take the following measures to protect your information: Sensitive credentials (such as game account credentials shared during bookings) are encrypted using AES-256 encryption before storage and are only decrypted when needed for an active booking. All connections to the Platform are secured with HTTPS/TLS encryption in transit. Authentication is handled through Discord OAuth and NextAuth.js session management with secure, httpOnly cookies. Access to production databases and infrastructure is restricted to authorized personnel only. While we take reasonable measures to protect your data, no system is completely secure. We encourage you to use strong, unique passwords for your Discord account and to change your game credentials after each booking.

We share your data only in the following limited circumstances: PayPal: We share necessary transaction details with PayPal to process payments and payouts. PayPal's use of your data is governed by their own privacy policy. Other Users: Your public profile information (username, avatar, rating, level, reviews) is visible to other Platform users. Buyer and pilot contact information (Discord tag) is shared only after a paid booking is confirmed. Dispute Resolution: In the event of a dispute, relevant booking details and submitted evidence may be shared with the other party and with our admin team. Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal process. We do not sell, rent, or trade your personal information to third parties for marketing or any other purpose.

The Platform uses cookies strictly for functional purposes: Session Cookies: NextAuth.js uses secure, httpOnly cookies to maintain your authenticated session. These are essential for the Platform to function and cannot be disabled while using the service. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking.

You have the following rights regarding your personal data: Access: You can request a copy of the personal data we hold about you at any time. Correction: You can update your profile information directly through the Platform. For other data corrections, contact us. Deletion: You can request deletion of your account and associated personal data. We will process deletion requests within 30 days. Some data (such as anonymized transaction records and reviews) may be retained for legal and Platform integrity purposes. Data Portability: You can request an export of your data in a machine-readable format. Objection: You can object to specific processing activities. If you object to essential processing, you may need to stop using the Platform. To exercise any of these rights, contact us through the Platform messaging system or on Discord. We will respond to all requests within 30 days. If you are located in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.

We retain your personal data for as long as your account is active or as needed to provide you with services. Specifically: Account data is retained until you request deletion. Booking and transaction records are retained for 3 years after the transaction date for legal and accounting purposes. Dispute records and evidence are retained for 2 years after resolution. Reviews are retained indefinitely as part of the public marketplace record but may be anonymized upon account deletion. When data is no longer needed, it is securely deleted or anonymized.

The Platform is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If we discover that we have collected personal data from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Effective Date" at the top of this page. For significant changes, we will make reasonable efforts to notify you via email or a prominent notice on the Platform. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or how we handle your data, please reach out through our Platform messaging system or contact us on Discord. We take all privacy inquiries seriously and will respond within 30 days.