Privacy Policy

How mychar.gg collects, uses, and protects your personal information

Effective Date: February 8, 2026

Last Updated: February 23, 2026

This Privacy Policy explains how mychar.gg ("mychar", "we", "us", or "our"), operated by mychar, a sole proprietorship (eenmanszaak) registered in the Netherlands (KVK: 93940254, VAT: NL005053176B36), located in Breda, The Netherlands, collects, uses, discloses, and protects your personal information when you use the mychar.gg website, platform, and services (collectively, the "Service").

For the purposes of the General Data Protection Regulation (GDPR), mychar is the data controller responsible for your personal data. You can reach us at legal@mychar.gg for any data protection inquiries.

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account Information When you create an account, we collect:

  • Email address
  • Password (stored securely in hashed form)
  • Username

Profile Information When you set up your character profile, you may provide:

  • Display name (available on Pro and Elite plans)
  • Biography
  • Avatar images
  • Background images and effects configuration
  • Custom cursors
  • Custom fonts (TTF, OTF, WOFF, WOFF2 files)
  • Audio files and playlists
  • Video clips
  • Location
  • Gaming platform usernames (e.g., Steam, Xbox, PlayStation, Discord, Twitch)
  • Social media links
  • Game library information
  • Skins (theme presets with color and style configurations)
  • Any other content you choose to add to your profile

Payment Information If you subscribe to a paid tier or make a one-time payment (such as a donation to unlock an achievement), our payment processor Stripe collects:

  • Payment card details
  • Billing address
  • Transaction history

We do not store your full payment card information on our servers. Payment data is handled directly by Stripe in accordance with Stripe's Privacy Policy.

Reports and Appeals When you submit a report about another user or appeal a moderation action, we collect:

  • The content of your report or appeal (category, description)
  • Your identity as the reporter or appellant
  • Any evidence or context you provide

Communications When you contact us via email, we collect:

  • Your email address
  • The content of your message
  • Any attachments you send

1.2 Information Collected Automatically

Usage Data When you use the Service, we automatically collect:

  • Pages visited and features used
  • Profile view counts and link click tracking
  • Session identifiers (anonymous session IDs)
  • Browser type and name
  • Device type classification (mobile, tablet, desktop)
  • Operating system
  • IP address
  • Country and approximate geolocation (derived from hosting provider headers)
  • Referring URLs and source attribution
  • Date and time of access

Real-Time Presence When visitors view a character profile, we use real-time presence channels to track the number of currently active visitors. This data is ephemeral (not stored permanently) and is used to display live visitor counts to profile owners with eligible subscription plans.

Cookies and Similar Technologies We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences (such as color mode)
  • Ensure the Service functions properly

See Section 6 for more details about our cookie practices.

1.3 Information from Third-Party Services

Discord Authentication When you sign in using Discord, we receive certain information from Discord, which includes:

  • Discord user ID
  • Username and display name
  • Avatar
  • Public flags (badge data such as HypeSquad, Early Supporter, Active Developer, etc.)

Discord Integration When you connect your Discord account, we additionally store:

  • Discord OAuth tokens (access token and refresh token) for ongoing API access
  • Token expiration timestamps

These tokens are used to: verify Discord guild membership for achievement validation, sync your subscription tier as a Discord role, and (with your consent) add you to the mychar.gg Discord server using the guilds.join OAuth scope. Discord tokens are stored server-side and are automatically refreshed as needed.

The information we receive depends on your settings with Discord and their Privacy Policy.

2. How We Use Your Information

We use the information we collect for the following purposes, along with the legal basis under the GDPR for each:

PurposeLegal Basis (GDPR Art. 6)
Provide the Service. Create and maintain your account, display your profile, and deliver the features you usePerformance of contract
Process payments. Handle subscription billing, one-time donations, and payment-related communicationsPerformance of contract
Send essential communications. Email confirmations, password resets, account notifications, and moderation noticesPerformance of contract
Send promotional messages. Marketing emails about new features or offersConsent (opt-in, withdrawable at any time)
Improve the Service. Analyze usage patterns, diagnose technical issues, and develop new featuresLegitimate interest
Ensure security. Detect and prevent fraud, abuse, and unauthorized accessLegitimate interest
Provide statistics. Show you profile view statistics and engagement dataPerformance of contract
Enforce our Terms. Investigate and address violations of our Terms of Service and Acceptable Use Policy, including processing reports and appealsLegitimate interest
Comply with legal obligations. Respond to legal requests and prevent harmLegal obligation

Where we rely on legitimate interest, we have assessed that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time by contacting us.

3. How We Share Your Information

3.1 Public Information

Your character profile (including username, display name, bio, avatar, gaming links, video clips, audio tracks, achievements, game handles, skins, and any other content you add to your profile) is publicly visible by design. Anyone with your profile URL can view this information.

3.2 Service Providers

We share information with third-party service providers who help us operate the Service:

ProviderPurposeData Shared
SupabaseAuthentication, database hosting, file storage, real-time presenceAccount data, profile data, uploaded media, session presence
StripePayment processing (subscriptions and one-time payments)Payment and billing information
ResendTransactional email deliveryEmail address, email content
VercelHosting, server infrastructure, IP geolocationAll data processed by the Service, IP address for country detection
DiscordOAuth authentication, guild management, role syncing, achievement verificationDiscord user ID, profile data, OAuth tokens, guild membership status

These providers are contractually obligated to use your data only to provide services to us and in accordance with applicable data protection laws.

3.3 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to:

  • Comply with a legal obligation, court order, or legal process
  • Protect and defend our rights or property
  • Prevent fraud or address security issues
  • Protect the safety of users or the public

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

3.6 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and profile data. Retained until you delete your account
  • Uploaded media files (avatars, backgrounds, clips, audio, cursors, fonts). Stored in cloud storage, deleted when you remove them or when your account is deleted
  • Payment records. Retained as required for accounting and legal compliance (typically 7 years)
  • Usage statistics. Retained in aggregated, anonymized form indefinitely
  • Reports and appeals. Retained for as long as necessary for moderation purposes, typically until the matter is resolved and any appeal period has passed
  • Downgrade excess content. When you downgrade plans, content exceeding the new plan's limits is locked for a 7-day grace period, then automatically deleted if you do not upgrade
  • Support communications. Retained for up to 2 years after the last interaction
  • Server logs. Retained for up to 90 days

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

5.1 All Users

  • Access your data. View your profile information and account settings at any time
  • Update your data. Edit your profile, settings, and account information through the dashboard
  • Delete your account. Permanently delete your account and associated data through account settings
  • Opt out of marketing. Unsubscribe from promotional emails at any time using the link in the email

5.2 European Economic Area (EEA) Residents

Under the General Data Protection Regulation (GDPR), you additionally have the right to:

  • Data portability. Request a copy of your data in a structured, machine-readable format
  • Restriction of processing. Request that we limit how we use your data
  • Object to processing. Object to our processing of your data based on legitimate interest
  • Withdraw consent. Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
  • Lodge a complaint. File a complaint with your local data protection authority

5.3 California Residents

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@mychar.gg. We will respond to your request within 30 days.

6. Cookies

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and improve your experience.

6.2 Cookies We Use

TypeCookiePurposeDuration
EssentialSupabase auth sessionAuthentication and session managementSession / persistent
Essentialdiscord_oauth_stateCSRF protection during Discord OAuth flowSession (cleared after callback)
Functionalcolor-modeTheme preference (dark/light mode)Persistent (1 year)

We do not use third-party analytics or advertising cookies. Profile view and engagement statistics are tracked server-side through our API, not through browser cookies.

6.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Row-level security policies on our database
  • Regular security reviews
  • Access controls limiting employee access to personal data

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

8. International Data Transfers

Your information may be processed and stored in countries outside your country of residence, including the United States, where our service providers (Supabase, Stripe, Vercel, and Discord) operate. These countries may not provide the same level of data protection as your home country.

For transfers of personal data from the EEA to countries outside the EEA, we rely on:

  • The EU-U.S. Data Privacy Framework where our service providers are certified participants
  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
  • Other appropriate safeguards in accordance with applicable data protection laws

You can request more information about the safeguards in place by contacting us at legal@mychar.gg.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@mychar.gg, and we will delete that information promptly.

10. Third-Party Links

Your profile may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you by email or through a notice on the Service

Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

For EEA residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl).