Privacy Policy

1. Who we are

Jerboa Connect is operated by Jerboa Labs, LLC, a Washington state limited liability company. When this policy refers to "we," "us," or "our," it means Jerboa Labs, LLC.

If you have questions about this policy, contact us at privacy@jerboa.gg.

2. What information we collect

When you purchase a key:

• Your email address, collected through Stripe during checkout and used to deliver your purchased key and process payment.
• Payment information collected and processed exclusively by Stripe. We do not receive or store full credit card details.

When you use the Discord bot:

• Your Discord user ID, used to associate servers and keys with your account.
• Your Discord server (guild) ID, used to scope server registrations to the correct Discord community.
• Additional information included in Discord interaction payloads, which may include your username, display name, server nickname, and role information. This information is received transiently and is not persistently stored, except where necessary for security, abuse prevention, or system operation.
• Game server connection details you provide: host address, port, and RCON password. The RCON password is encrypted before storage using industry-standard encryption practices.
• A log of commands executed through the bot (command name, server, timestamp), retained for security and audit purposes.

3. How we use your information

• To deliver your purchased key via email.
• To authenticate and process Discord slash commands on your behalf.
• To store your game server registrations so commands work reliably.
• To maintain an audit log of commands for security and abuse prevention.
• To respond to support requests.

We do not sell your personal information. We do not use your information for advertising.

4. Legal bases for processing (EU/UK users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Performance of a contract — processing your email address to deliver your purchased key; storing your Discord user ID, server registration details, and RCON credentials to provide the bot service you registered for.
• Legitimate interests — maintaining command audit logs and retaining certain interaction data for security, abuse prevention, and service integrity. Our legitimate interest does not override your rights; you may object to this processing (see Section 10).
• Legal obligation — retaining billing and transaction records as required by applicable accounting and tax law.

5. How we store and protect your information

Your data is stored in the United States. All data we collect is processed and stored on servers located in the United States unless otherwise stated. Our primary database is hosted in a private, non-publicly accessible environment.

RCON passwords are encrypted before being stored. The encryption key is stored separately from the encrypted data. We use industry-standard security practices including encrypted connections, private networking, and access controls to protect your data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

International transfers. If you are located in the EEA or UK, your personal data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer mechanism for data sent to our US-based processors. Each of our key processors (AWS, Stripe, and Resend) maintains a Data Processing Agreement and SCCs that cover these transfers — see their respective privacy policies linked in Section 7.

6. How we share your information

We do not sell personal information. We may share information with service providers that help us operate the Service, including payment processors, cloud providers, and email delivery providers. We may also disclose information when required by law or to protect our rights and the security of the Service.

7. Third-party services

We use the following third-party services to operate Jerboa Connect:

• Stripe — payment processing. Stripe collects and stores your payment and billing information. See Stripe's Privacy Policy.
• Discord — the platform through which the bot operates. Your use of Discord is governed by Discord's Privacy Policy.
• Amazon Web Services (AWS) — cloud infrastructure for hosting, storage, and compute. Data is stored in the United States. See AWS's Privacy Policy.
• Resend — transactional email delivery of your purchased key. See Resend's Privacy Policy.

8. Business transfers

In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred as part of that transaction. We will notify you via email or a notice on our website if such a transfer occurs and your information becomes subject to a different privacy policy.

9. Data retention

We retain server registration data until you request deletion or until we determine it is no longer necessary to provide the Service. Audit logs are retained for 90 days.

To request deletion of your data, contact us at privacy@jerboa.gg. To help us locate your account, please use the subject line "Data Deletion Request" and include your Discord username or user ID. We may request additional information to verify your identity. Upon a verified deletion request, we will delete or anonymize personal information associated with your account within 30 days, except where retention is required for legal, security, fraud prevention, or accounting purposes.

10. Your rights

You may exercise any of the rights below at any time by contacting us at privacy@jerboa.gg. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

All users:

• Access — request a copy of the personal data we hold about you.
• Correction — request that inaccurate or incomplete data be corrected.
• Deletion — request that we delete your personal data, subject to legal retention obligations.

EEA and UK users (GDPR / UK GDPR):

In addition to the rights above, if you are located in the EEA or UK you have the following rights under the GDPR and UK GDPR:

• Restriction of processing — request that we limit how we use your data while a dispute is resolved.
• Data portability — receive your personal data in a structured, machine-readable format and, where technically feasible, have it transmitted to another controller.
• Object to processing — object at any time to processing based on our legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.
• Withdraw consent — where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Lodge a complaint — you have the right to lodge a complaint with your national data protection supervisory authority. In the EU, you can find your authority at edpb.europa.eu. In the UK, the supervisory authority is the Information Commissioner's Office (ICO).

We do not intentionally collect sensitive personal information such as health data or government identifiers.

11. Children's privacy

Jerboa Connect is not directed at children. We do not knowingly collect personal information from anyone under the age of 16. Users in the United States must be at least 13 years old (consistent with COPPA); users in the EEA and UK must be at least 16 years old (consistent with GDPR Article 8). If you believe we have inadvertently collected information from a child below the applicable age threshold, contact us at privacy@jerboa.gg and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of Jerboa Connect after changes are posted constitutes your acceptance of the updated policy.

13. Contact

For privacy-related questions or requests, contact us at privacy@jerboa.gg.