Privacy Policy

1. Introduction

Welcome to VNPocket ("we," "our," "us," or the "Platform"). We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, and community features (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please do not use the Service.

This policy should be read together with our Terms of Service.

2. Information We Collect

2.1. Information You Provide

• Account Registration: Email address and username. We do not require your real name or physical address.
• Profile Information: Display name, bio, avatar, and locale preference (all optional).
• User Content: Forum posts, comments, reviews, game save files, and other content you voluntarily submit.
• Communications: Messages you send to us (e.g., support requests, DMCA notices).
• Payment Information: When you purchase a Membership, payment is processed by our third-party payment providers (see Section 6). We do not directly store your credit card numbers or cryptocurrency wallet addresses.

2.2. Information Collected Automatically

• Usage Data: Pages visited, games viewed, play history, bookmark activity, search queries, and interaction timestamps.
• Device & Browser Data: Browser type, operating system, screen resolution, and language preference.
• IP Address: Your IP address is collected for security purposes (rate limiting, abuse prevention) and may be used for approximate geolocation (country/city level) to improve the Service.
• Cookies & Local Storage: See Section 5 for details.

2.3. Information from Third-Party Sources

If you choose to link a third-party account (see Section 3), we receive limited profile information from that provider as described below.

3. Social Login & Third-Party Authentication

VNPocket offers the option to register or log in using the following third-party services:

3.1. Discord

When you connect your Discord account, we receive your Discord user ID, username, email address, and avatar. We request the identify and email scopes.

3.2. X (Twitter)

When you connect your X account, we receive your X user ID, username, display name, and profile image.

3.3. Telegram

When you connect your Telegram account, we receive your Telegram user ID, username, first name, and profile photo URL.

3.4. How We Handle Social Login Data

• We store your external provider ID and basic profile information to enable login and display your linked accounts.
• Access tokens and refresh tokens from these providers are stored in encrypted form and used solely to maintain your authentication session.
• We do not post to your social media accounts, access your contacts, or read your private messages.
• You may unlink any social account at any time from your profile settings.

4. How We Use Your Information

We use the information we collect for the following purposes:

We do not use your data for automated decision-making or profiling that produces legal effects concerning you.

5. Cookies & Similar Technologies

We use cookies and local storage to operate the Service. Below is a summary of the cookies we set:

All session-related cookies are set with HttpOnly and Secure flags. We do not use third-party tracking cookies or advertising cookies.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using core features of the Service.

6. Payment Information

VNPocket uses third-party payment processors to handle Membership purchases and donations:

• BTCPay Server: Processes cryptocurrency payments. BTCPay is a self-hosted, open-source payment processor. Payment details (invoice ID, payment status) are stored on our server to manage your subscription. We do not have access to or store your cryptocurrency wallet private keys.
• Ko-fi: Processes donations via their platform. When you make a donation through Ko-fi, your payment information is handled entirely by Ko-fi's systems.

We store only the information necessary to manage your subscription status (membership tier, expiration date, payment history identifiers). We encourage you to review the privacy policies of our payment processors for details on how they handle your payment data.

7. Data Sharing & Third-Party Services

We do not sell, trade, or rent your personal information to third parties.

We share data with the following categories of service providers strictly as necessary to operate the Service:

We may also disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

8. Your Privacy Controls

VNPocket provides granular privacy controls accessible from your Profile Settings. You can configure the visibility of:

• Profile visibility: Choose between public, members-only, or private.
• Game history: Show or hide your play history from other users.
• Comment history: Control whether your comment activity is visible to others.
• Bookmarked games: Choose whether your game bookmarks are public.
• Reward collection: Show or hide your earned rewards and points balance.
• Achievements: Control the visibility of your achievement badges.

These settings give you direct control over how much of your activity is visible to other logged-in users. Administrators may still access this data for moderation and abuse prevention purposes.

9. Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

• Account data: Retained for the lifetime of your account. Deleted or anonymized upon account deletion (see Section 10).
• Usage logs and analytics: Retained for up to 12 months, then aggregated or deleted.
• Payment records: Retained for up to 7 years to comply with financial record-keeping obligations.
• Security logs (login events, IP records): Retained for up to 6 months for abuse prevention.
• Social authentication tokens: Retained while your social account is linked. Deleted immediately upon unlinking or account deletion.
• Email communications: Transactional email logs retained for up to 90 days.

When data is no longer needed, it is either deleted, anonymized, or aggregated so that it can no longer identify you.

10. Account Deletion

You may delete your account at any time through your Profile Settings. Upon deletion, the following actions are taken:

10.1. Permanently Deleted

• Your login credentials and social account connections
• Login history and session data
• Game play history and bookmarks
• Points balance, income, and redemption history
• Uploaded save files associated with your account
• Notification history
• Achievement records

10.2. Anonymized (Author Attribution Removed)

• Forum posts and comments (preserved for community continuity, but your username is removed)
• Community-shared save files
• Membership and payment history (retained for financial records with user identity removed)

10.3. Additional Actions

• All active sessions are immediately revoked.
• Session-related cookies are cleared.
• A confirmation email is sent to your registered email address.

Account deletion is permanent and irreversible. Please download any data you wish to keep before initiating deletion.

11. International Data Transfers

VNPocket operates globally, and your data may be processed and stored in locations outside your country of residence. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your own.

Where required by applicable law, we ensure that appropriate safeguards are in place for cross-border data transfers, such as standard contractual clauses or reliance on adequacy decisions.

12. Your Rights

12.1. Rights Under the GDPR (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (see Section 10).
• Restriction: Request that we limit the processing of your data.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

12.2. Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary.

12.3. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. As there is no current industry standard for recognizing or honoring DNT signals, the Service does not currently respond to them. We do not engage in cross-site tracking.

13. Children's Privacy

VNPocket is an adults-only platform (18+). We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected data from a minor, we will take immediate steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

14. Data Security

We implement industry-standard security measures to protect your personal data, including:

• Passwords are hashed using modern algorithms and never stored in plain text.
• Social authentication tokens are encrypted at rest.
• Session cookies are set with HttpOnly, Secure, and SameSite flags.
• CSRF protection is applied to all state-changing requests.
• Rate limiting and bot protection (Cloudflare Turnstile) are in place to prevent abuse.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

14.1. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify affected users via email within 72 hours of becoming aware of the breach, where feasible.
• Post a notice on the Service if the breach affects a large number of users.
• Notify the relevant supervisory authority as required by applicable law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Make reasonable efforts to notify you via email and/or a prominent notice on the Service.

Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes. We encourage you to review this page periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

[email protected]

We aim to respond to all privacy-related inquiries within 30 days.