Privacy Policy

This privacy policy explains how vcodmods.com ("we", "our", "us") collects, uses, and protects your data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and global privacy standards.

1. Contact

Website: vcodmods.com
Email: admin@vcodmods.com
Discord: Join our Discord server

2. What Data We Collect

• Registration & Activity: Username, email address, and IP address (recorded during registration, login, uploads, downloads, and password resets).
• Security Logging: Failed login and password reset attempts are logged with username, IP address, and timestamp to protect against brute-force attacks. Automatic rate limiting is applied when abuse is detected. We also monitor login sessions, including user agent strings and IP addresses, to detect suspicious behavior and protect account integrity.
• Session Tracking: For both logged-in and anonymous users, we track session activity by storing the IP address and user agent to detect abuse, enforce access limits, and maintain platform security.
• API Usage: For API requests, we log the IP address, user agent, accessed endpoint, and associated username (if available) to enforce rate limits and detect abuse.
• Platform Usage: Downloads, uploads, comments, likes, ratings, and optional profile details such as avatar, location, website, and manually added social media information (e.g., GitHub, Steam, YouTube, Twitch).

3. Analytics & CAPTCHA

We use Umami Analytics and Altcha CAPTCHA — both self-hosted, cookie-free, and GDPR-compliant. No personal data is shared with third parties.

4. Purpose of Data Use

• To provide access to modding features and content.
• To prevent abuse and protect the platform (e.g., logging failed login attempts).
• To enable community features such as uploads, comments, likes, and more.

5. Data Retention

Data is stored as long as your account remains active. You may request full deletion at any time. Backups are created every 24 hours and retained for 3 days. The oldest backup is overwritten in each cycle. Deleted data may persist in encrypted backups until overwritten.

6. Your Rights

• Access: You may request a copy of all personal data stored about you by emailing admin@vcodmods.com.
• Erasure: You may request deletion of your account and all associated data by contacting the same email address.
• Correction: You may edit your profile data (such as location, website, avatar, and optional fields) at any time via your account settings. Username and email address cannot be changed directly.

7. Data Sharing

We do not sell, rent, or share your personal data with any third parties.

8. Security Measures

We implement HTTPS encryption, IP logging, brute-force protection, and access controls. All requests include CSRF tokens, even for non-logged-in users.

9. Use of bunny.net Services

We use bunny.net to accelerate the delivery of static content, improve website performance, and enhance platform security. All traffic is routed through bunny.net servers. IP addresses are fully anonymized (e.g., 0.0.0.0), and no personal data is stored.

Service provider: BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia. For more information, see bunny.net/gdpr.

10. Use of UserCheck.com

To protect platform integrity and maintain a reliable user base, we use UserCheck.com during registration to detect and block temporary or disposable email addresses.

Only the email address entered during registration is submitted for verification. No additional personal information — such as IP address, browser data, or account details — is transmitted to or shared with UserCheck. The verification is performed securely by our backend system.

UserCheck.com is operated by a company based in Estonia and is GDPR-compliant. According to their privacy policy, the service:

• Processes only the submitted email address or domain to determine if it is disposable
• Does not store personal data permanently
• Logs API requests for security and compliance purposes, anonymized after 30 days
• Stores and processes all data exclusively within the European Union
• Implements end-to-end encryption and strict access controls

For more information, visit usercheck.com or contact their Data Protection Officer at privacy@usercheck.com.

11. Use of Proxycheck.io for VPN and Proxy Detection

We use the Proxycheck.io API to verify whether an IP address used during login or registration is associated with a VPN, proxy, or other anonymizing service. This helps us enhance platform security and prevent abuse.

Proxycheck.io complies with the General Data Protection Regulation (GDPR) and treats IP addresses as personal data. They process this data only temporarily and with strict confidentiality.

• IP addresses identified as proxies or VPNs are logged in our account’s detection log and may be stored for up to 1 year.
• Clean (non-proxy) IP addresses are only stored temporarily (up to 5 minutes) for real-time analysis and are not logged, since we do not send categorization tags with our queries.
• All data processing takes place within GDPR-compliant environments using encryption and strict access controls.

Proxycheck.io does not share your personal data with third parties. All customers’ data is protected equally, regardless of their location.

For more information, please visit Proxycheck.io GDPR.

12. Data Location

All personal user data is stored and processed exclusively within the European Union. Static content is cached globally via bunny.net's CDN, but this does not involve any personal data.

13. Discord Integration (Partner Pages)

We use the official Discord API to retrieve public information about partner communities (e.g., member count). No personal user data is accessed or stored. The data is fetched from Discord's public invite endpoints and stored locally for display purposes only.

14. Server Log Files

Our infrastructure uses Apache (proxied via NGINX). Logs may include IP addresses, user agents, timestamps, and requested pages. These are not linked to specific user accounts and are used solely for security and operational purposes.

15. California & U.S. State Privacy Rights

If you are a resident of California or a U.S. state with consumer privacy laws, you may:

• Request access to your personal information
• Request deletion of your personal data
• Know whether your data is sold or shared (we do not sell data)
• Contact us at admin@vcodmods.com

16. Cookies & Tracking

We do not use any tracking or advertising cookies. The only cookies set are essential for platform functionality and security:

• PHPSESSID: Session cookie required for login functionality.
• bunny_shield: A temporary, first-party cookie that confirms a successful JavaScript Proof-of-Work (PoW) challenge. It helps recognize legitimate browser sessions without repeating the challenge unnecessarily.
• bunny_shield_chk: A checksum used to validate the integrity of the bunny_shield cookie, preventing forgery or manipulation.
• B_ID: A persistent, first-party identifier cookie with a lifespan of approximately one year. It is used by Bunny Shield’s bot detection system to assign a unique ID to each browser session, allowing the system to reliably distinguish between legitimate users and potentially malicious actors. By maintaining this long-term session-level identity, Bunny Shield enhances behavioral analysis and improves the accuracy of long-term bot mitigation strategies without collecting personally identifiable information.
• B_BD: Used to capture a detailed, non-invasive fingerprint of the user’s browser environment. This includes characteristics such as rendering behavior, device attributes, and feature support. The fingerprinting process supports Bunny Shield’s efforts to identify automation patterns and detect spoofed or emulated clients, all while preserving user anonymity. As a functional security measure, B_BD reinforces session integrity and contributes to a more robust defense against sophisticated threats.

These cookies are short-lived or persistent, strictly necessary, and contain no personally identifiable information. They are never used for tracking, advertising, or profiling purposes.

17. Automated Decision-Making

We do not use any automated decision-making or profiling that significantly affects users as defined in Article 22 of the GDPR.

18. EU Opt-Out Notice

EU users may contact us to exercise opt-out rights. However, we do not engage in personalized tracking or advertising that requires consent.

19. Changes

This policy may be updated periodically. Please review this page for the latest version.

Last updated: June 3, 2025