Privacy Policy
Personal Data Protection - GDPR Compliant
At Lorcana Judge, we take the protection of your personal data very seriously.
Fundamental commitment: Your data is never sold and is not used for commercial purposes.
Data Controller
The data controller is:
Data Collected
User-Provided Data
| Category | Data | Required |
|---|---|---|
| Identification | Email address, username | Yes (registration) |
| Authentication | Password (stored hashed) | Yes (except OAuth) |
| Profile | First name, last name, bio, city, avatar | No |
| Social Media | Discord, Twitch, Instagram, etc. | No |
| Location | GPS coordinates (member map) | No |
Automatically Collected Data
| Category | Data | Purpose |
|---|---|---|
| Technical | IP Address | Security, anti-abuse |
| Session | Session identifier | Session maintenance |
| Usage | Quiz history, scores | Service operation |
OAuth Data (Discord/Google)
If you sign in via Discord or Google, we receive: ID, email, name, and avatar. We do not store your third-party passwords.
Processing Purposes
Your data is used for:
- Service operation (account, quizzes, authentication)
- Personalization (profile, history, progression)
- Community (directory, member map)
- Communication (transactional emails)
- Security (abuse prevention)
- Sell your data to third parties
- Use your data for advertising
- Share your data for commercial purposes
- Create marketing profiles
Legal Basis (GDPR)
- Contract (Art. 6.1.b): service operation
- Consent (Art. 6.1.a): optional data, analytics cookies
- Legitimate interest (Art. 6.1.f): security, abuse prevention
Data Retention
| Data | Duration |
|---|---|
| Active account | Account lifetime |
| Inactive account | 2 years after last activity |
| After deletion | Immediate and irreversible deletion |
| Security logs | 12 months maximum |
Data Recipients
Only platform administrators have access to personal data, strictly within the scope of service management.
Technical subcontractors (GDPR compliant):
- Hosting: Hostinger (Paris, France)
- Authentication: Discord, Google (USA, contractual clauses)
- Analytics: Google Analytics (with consent)
We NEVER sell your data.
Transfers Outside EU
Your data is stored in France (EU). Transfers to the USA (Discord, Google) are governed by the Data Privacy Framework and standard contractual clauses.
Cookies
See our Cookie Policy for details on cookies used.
Security
Security measures:
- HTTPS/TLS encryption
- Secure password hashing (bcrypt)
- CSRF protection
- Prepared statements (SQL injection prevention)
- Regular backups
In case of data breach, you will be notified and the CNIL informed within 72 hours.
Your Rights
Under GDPR, you have the following rights:
| Droit | Description |
|---|---|
| Right of access | Obtain a copy of your data |
| Right of rectification | Correct inaccurate data |
| Right of erasure | Delete your data |
| Right of portability | Receive your data in a readable format |
| Right of objection | Object to certain processing |
Exercise your rights via your profile or by email to staffing@lorcanajudge.fr
You can also contact the CNIL: www.cnil.fr
Minors
Minors under 15 must obtain parental authorization. Parents are responsible for their children's use.
Changes
This policy may be modified. You will be notified of significant changes.
Contact
For any questions about your data: