Privacy Policy

1. Introduction

Luminary ("we," "our," or "us") provides community-driven gaming utilities through Discord bots, our website, and Chrome browser extensions that help users manage Steam friends and view public ban/status information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use any Luminary service (collectively, the "Services").

This Policy applies to: (a) Discord bots published under the Luminary name; (b) the Luminary website and related web services; (c) official Luminary Chrome extensions; and (d) support channels (email, Discord server, forum). If a term differs between Services, we clarify it in extension‑specific sections below.

Important: Luminary is independent and NOT affiliated with Valve, Steam, Discord, Google, or any game developer. All referenced trademarks remain the property of their respective owners.

2. Information We Collect

We follow a data minimization principle: we collect only data strictly necessary to provide requested functionality.

• Discord Bot Data: Discord User IDs & Server IDs to correlate commands and deliver features. We do not store passwords, tokens, emails, avatars, or full profiles.
• Steam / Game Platform Data: SteamIDs and publicly available stats (e.g., XP, level, ban flags, playtime) obtained via official APIs or public endpoints. We don't store private inventory, friends’ private data, or authentication credentials.
• Chrome Extension Data (Client-Side): The extension reads publicly visible Steam profile information and friend list entries to annotate ban status. Processing happens locally in the browser; by default we do not transmit friend list contents to our servers unless a user explicitly invokes a feature requiring remote lookup (e.g., bulk enrichment). Where remote enrichment occurs, only SteamIDs and required public status flags are sent.
• Bot Usage / Operational Logs: Command names, timestamps, feature execution results, error traces (anonymized where feasible) used for debugging, performance, abuse prevention.
• Support & Contact Data: Email contents or Discord support tickets you send voluntarily (may include user IDs or SteamIDs you provide) retained for resolving requests.
• Security & Abuse Signals: Rate limits, anomalous patterns, and hashed identifiers for anti-fraud and platform integrity. No profiling for advertising.
• Cookies / Analytics: Currently we do not deploy third‑party analytics or tracking cookies. If implemented later, this Policy will be updated and a consent banner provided where required.

Data We Do NOT Collect: Passwords, OAuth tokens beyond session scope, payment data, private friend metadata, voice/chat contents, or precise geolocation.

3. How We Use Your Information

• Provide Discord bot functionality (command execution, stats retrieval).
• Display Steam friend ban indicators and management utilities in the Chrome extension.
• Cache strictly necessary public data to improve response speed.
• Improve, maintain, and troubleshoot Services (error diagnostics, latency optimization).
• Ensure compliance with platform terms (Discord, Steam, Chrome Web Store policies).
• Prevent abuse, spam, and automated exploitation.

No data is used for advertising, profiling, or sale to data brokers.

4. Legal Basis (GDPR)

• Legitimate Interest (Art. 6(1)(f) GDPR): Provide bot features and ensure platform safety.
• Legal Obligation (Art. 6(1)(c) GDPR): Compliance with applicable laws when required.

5. Data Security

• HTTPS enforced for all server communications.
• Principle of least privilege for service accounts and database access.
• Routine dependency & security patch management.
• Hashing / pseudonymization where full identifiers not needed.
• Client-side extension: runs only bundled code; no remote code injection.

If we materially change security practices, we will update this Policy and (where required) notify users.

6. Data Retention & Deletion

Discord User IDs, SteamIDs, and public stats are retained only as long as needed for bot functionality or until deletion is requested.

• Once deleted, accounts cannot use Luminary features again.
• No future data will be collected or stored for that account.
• Deletion requests are permanent unless a new request is made to support.

Chrome Extension: The extension does not create a persistent local database or store preferences; it performs in-memory annotation only. We do not retain friend list archives server-side.

7. Your Rights

• Access: Request a copy of your Discord/Steam data.
• Correction: Correct inaccurate data.
• Deletion: Request deletion of your Discord/Steam ID.
• Data Portability: Receive your data in machine-readable format.

8. International Transfers

Your information may be processed outside your country with safeguards.

• Steam API (US): Public data only.
• Discord (US): Data for bot execution and features.
• Third-party APIs: All transfers protected by safeguards.

Where feasible we use EU-based infrastructure for core storage. Transfers rely on appropriate safeguards (e.g., Art. 46 GDPR) or rely solely on public data already globally accessible.

9. Data Sharing & Disclosure

• Discord: Used solely for bot execution and server feature logic.
• Steam / FACEIT / Leetify / Other Game APIs: Queried for public stats on demand; we do not resell or redistribute bulk datasets.
• Chrome Extension: Processes public data locally; no third-party analytics SDKs.

We may disclose limited data if required by law, to protect rights, investigate abuse, or comply with valid legal process. We do not sell personal data.

10. Children's Privacy

Luminary is not intended for children under 13. We do not knowingly collect their data.

11. Data Breach Notification

• Notify authorities within 72h per GDPR Article 33.
• Notify affected users if high risk to rights and freedoms.
• Include breach details and measures taken.
• Maintain incident response and monitoring procedures.

12. Chrome Extension Permissions

The extension may request host permissions for steamcommunity.com and api.steampowered.com strictly to read public profile and ban status information. It does not escalate to sensitive Chrome APIs (e.g., history, bookmarks) and avoids unnecessary broad host patterns.

• No hidden network requests beyond declared permissions.
• No remote configuration that injects executable code.
• No collection of non-public Steam data.

13. Cookies, Tracking & Analytics

We currently do not employ third-party analytics or tracking pixels in the extension or on critical bot endpoints. If this changes, we will implement consent / opt-out mechanisms compliant with GDPR and update this Policy.

14. Automated Decision-Making

We do not perform automated decision-making producing legal or similarly significant effects (Art. 22 GDPR). Ban indicators are derived from public game platform status flags only.

15. Your Choices & Opt-Out

• Discord / Steam Data Deletion: Request removal via email or support server; ID placed on denylist preventing future collection.
• Extension Uninstall: Removing the extension stops all processing; no local preferences or cached datasets need deletion because none are stored.
• Future Analytics Opt-Out: If analytics added, a settings toggle and consent banner will be provided.

16. Children’s Privacy

Luminary Services are not intended for children under 13. We do not knowingly collect their data. If we learn a child under 13 has provided data, we will delete it promptly.

17. International Users & Additional Rights

EU/EEA users benefit from rights listed in Section 7. Where applicable, users in other jurisdictions (e.g., California) may request disclosure or deletion of any personal information retained beyond public identifiers; given our minimization approach, such requests typically yield only SteamIDs / Discord IDs and related public status flags.

18. Updates to This Policy

We may update this Policy for operational, legal, or regulatory reasons. Material changes (e.g., analytics introduction) will be signaled via website notice or extension release notes. Continued use after changes constitutes acceptance.

19. Data Protection Contact

20. Contact

• Email: [email protected]
• Discord Support Server: https://discord.gg/Kvh8R5Uswr

12. Updates to This Policy

Policy may be updated. Continued use indicates acceptance.