Privacy Policy

Last updated: March 13, 2026

1. Data Controller

The data controller for RokRecruit is:

Jay / Shinkofa

Sole trader, Spain

Email: jay@shinkofa.com

2. Data We Collect

Discord account data

When you sign in with Discord, we receive the following via OAuth2:

  • Your Discord user ID
  • Your Discord username and avatar
  • The list of Discord servers you are a member of (used only to identify servers where the bot is installed)

Application data

When a player submits a recruitment application through the bot, we store:

  • Their answers to recruitment questions (text responses)
  • Screenshots they upload as part of the application (game stats, power, kills, etc.)
  • The outcome of the review (approved, rejected, or pending)
  • Reviewer identity and timestamp

Technical data

  • IP address (retained in server logs for security purposes)
  • A session cookie (rok_session) stored as an httpOnly cookie — used only for authentication, not for tracking

3. Why We Collect It (Legal Basis)

We collect and process data on the following legal bases under GDPR:

  • Contract performance (Article 6(1)(b)) — processing your Discord account data and application data is necessary to provide the service you requested.
  • Legitimate interest (Article 6(1)(f)) — server logs and IP addresses are retained for security, abuse prevention, and service stability. This interest does not override your rights.

We do not process data based on consent (we do not collect marketing opt-ins), and we do not process any special category data.

4. How We Store It

All data is stored in a PostgreSQL database hosted on a VPS provided by OVH, located in France (EU). The server is managed by Jay / Shinkofa directly.

Data is encrypted at rest. Access to the database is restricted to the application and the sole administrator (Jay). We do not use shared hosting or third-party managed databases.

5. Data Retention

  • Account data (Discord ID, username, avatar) is kept while your account is active.
  • Application data is kept as long as the server owner maintains their account.
  • Server logs (IP addresses) are retained for up to 30 days.
  • Session cookies expire automatically when the session ends or after 7 days of inactivity.

You may request deletion of your data at any time — see Section 8 (Your Rights).

6. Third Parties

We share data with the following third parties only as necessary to provide the service:

Discord

OAuth2 authentication provider. We receive your profile data when you sign in. Discord's Privacy Policy governs their own data handling.

Stripe

Payment processor for premium subscriptions. We do not store your payment card details — Stripe handles all payment data directly. Only applicable if you purchase a premium plan.

OVH SAS

Hosting provider. Our VPS is located in France (EU). OVH does not have access to application-level data.

We do not use analytics services, advertising networks, or any other third-party data processors. We do not sell, rent, or share your data with any party not listed above.

7. Cookies

RokRecruit uses a single cookie:

rok_session

A JWT session token stored as an httpOnly, Secure cookie. Used solely for authentication. Not accessible to JavaScript. Expires after 7 days of inactivity.

We do not use tracking cookies, analytics cookies, or advertising cookies of any kind. No cookie consent banner is needed because we only set a strictly necessary functional cookie.

8. Your Rights (GDPR)

As a person whose data we process, you have the following rights under the GDPR (Articles 13–22):

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate data.
  • Right to erasure (“right to be forgotten”) — you can request deletion of your personal data. We will comply within 30 days.
  • Right to data portability — you can request your data in a structured, machine-readable format.
  • Right to object — you can object to processing based on legitimate interest.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time (this does not affect processing that occurred before withdrawal).
  • Right to lodge a complaint — you may lodge a complaint with the Spanish data protection authority, the AEPD (aepd.es).

To exercise any of these rights, contact us at jay@shinkofa.com. We will respond within 30 days.

9. Children

RokRecruit is not intended for users under the age of 13, which is Discord's minimum age requirement. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

10. International Transfers

All data is stored and processed within the European Union (OVH, France). We do not transfer personal data to countries outside the EU/EEA.

Discord and Stripe are US-based companies. Data exchanged with them during OAuth2 authentication and payment processing is governed by their respective privacy policies and Standard Contractual Clauses where applicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “last updated” date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions, data requests, or complaints, contact us at: jay@shinkofa.com

HomeTerms of ServiceContact