Privacy Policy

This privacy policy explains how vcodmods.com ("we", "our", "us") collects, uses, and protects your data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other global privacy standards.

In short: We only collect the data necessary to operate the platform, ensure security, and provide community features. We do not sell your data, use advertising trackers, or engage in profiling. This is a non-commercial hobby project, and your privacy is respected at all times.

1. Contact

Website: vcodmods.com
Email: admin@vcodmods.com

2. What Data We Collect

• Registration & Activity: We collect your username, email address, and IP address when you register, log in, upload, download, or perform a password reset. We also store basic account status information, including email confirmation and approval status.
• Security Logging: Failed login attempts and password reset attempts are stored with username, IP address, and timestamp to protect against brute-force attacks. We also record active login sessions, including user agent details and IP addresses, to detect suspicious activity and maintain security.
• Session Tracking: For logged-in and anonymous users, we record the IP address and user agent to detect abuse, enforce limits, and protect the platform.
• API Usage: For API requests, we record the IP address, user agent, accessed endpoint, and associated username (if available) to enforce rate limits and prevent abuse.
• Platform Usage: We store data related to downloads, uploads, comments, likes, ratings, private messages (including message content and recipient), and optional profile details such as avatars, location, website links, and social media information (e.g., GitHub, Steam, YouTube, Twitch).
• Email Notifications: If enabled, we store your notification preferences and send transactional emails such as email confirmations, activation notices, new private message alerts, and activity notifications. You can modify your preferences at any time.

3. Analytics & CAPTCHA

We use Umami Analytics and Altcha CAPTCHA, both self-hosted, cookie-free, and fully GDPR-compliant. No personal data is shared with third parties.

4. Purpose of Data Use

• To provide access to modding features and site content.
• To verify email ownership and perform a brief manual account review before granting full access.
• To prevent abuse and maintain platform security (e.g., logging failed login attempts).
• To enable community features such as uploads, comments, likes, ratings, and private messages.
• To send optional email notifications based on your preferences.

5. Data Retention

Data is retained as long as your account remains active. Private messages remain until you delete them or your account is removed. You may request full deletion at any time. Backups are created every 24 hours and stored for 3 days, with the oldest backup overwritten each cycle. Backups are fully encrypted and accessible only to administrators. Deleted data may remain temporarily in encrypted backups until overwritten. Accounts without email confirmation may be removed after approximately 3 days to maintain a clean platform.

6. Your Rights

• Access: You may request a copy of all personal data we store about you by emailing admin@vcodmods.com.
• Erasure: You may request deletion of your account and all associated data via the same email address.
• Correction: You may update your profile information (such as location, website, avatar, and optional fields) at any time through your account settings. Username and email address cannot be changed directly.

7. Data Sharing

We do not sell, rent, or share your personal data with third parties.

8. Security Measures

We protect your data with HTTPS encryption, IP logging, brute-force protection, CSRF tokens, and strict access controls.

9. Use of bunny.net Services

We use bunny.net to deliver static content efficiently, improve performance, and enhance security. All traffic is routed through bunny.net servers. IP addresses are fully anonymized (e.g., replaced with 0.0.0.0), and no personal data is stored.

Service provider: BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia. More information: bunny.net/gdpr

10. Use of UserCheck.com

To maintain platform integrity and reduce spam, we use UserCheck.com during registration to detect disposable or temporary email addresses.

Only the email address entered during registration is submitted. No IP addresses, browser details, or other personal data are transmitted. Verification is handled securely on our backend.

UserCheck.com is GDPR-compliant and operates entirely within the EU. According to their policy, the service:

• Processes only the submitted email address or domain
• Does not permanently store personal data
• Stores anonymized security logs for up to 30 days
• Processes all data exclusively within the EU
• Uses encryption and strict access controls

More information: usercheck.com — Data Protection Officer: privacy@usercheck.com

11. Use of Proxycheck.io for VPN and Proxy Detection

We use the Proxycheck.io API to determine whether an IP address used during login or registration is associated with a VPN, proxy, or anonymizing service.

Proxycheck.io is GDPR-compliant and treats IP addresses as personal data. All processing is temporary and handled confidentially.

• ProxyCheck, not us, stores IP addresses identified as VPN/proxy for up to 1 year in their detection logs.
• Clean IP addresses are processed only briefly (up to 5 minutes) and are not logged, as we do not send categorization tags.
• All processing is performed within GDPR-compliant environments with strict security controls.

More information: Proxycheck.io GDPR

12. Data Location

All personal data is stored and processed within the European Union. Static content may be cached globally through bunny.net’s CDN, but this does not involve any personal data.

13. Discord Integration (Partner Pages)

We use the official Discord API to retrieve public information about partner communities (e.g., member count). No personal user data is accessed or stored. All data is fetched from public Discord invite endpoints and stored locally for display only.

14. Server Log Files

We use NGINX to operate our infrastructure. Server logs may include IP addresses, user agents, timestamps, and requested pages. These logs are not linked to user accounts and are used solely for operational and security purposes.

15. California & U.S. State Privacy Rights

If you reside in California or a U.S. state with consumer privacy laws, you may:

• Request access to your personal data
• Request deletion of your personal data
• Learn whether your data is sold or shared (we do not sell data)
• Contact us at admin@vcodmods.com

16. Cookies & Tracking

We do not use advertising or tracking cookies. The cookies we set are strictly necessary for site functionality and security:

• PHPSESSID: Required for login functionality.
• bunny_shield: Confirms a successful JavaScript Proof-of-Work challenge.
• bunny_shield_chk: Validates the integrity of the bunny_shield cookie.
• bunnyshield_id: Long-term anonymous browser identifier (approx. 1 year) used for bot detection.
• bunnyshield_bd: Non-invasive browser fingerprint used to detect automated or spoofed clients.

These cookies are essential, anonymous, and never used for profiling or advertising.

17. Automated Decision-Making

We do not use automated decision-making or profiling that significantly affects users as defined under GDPR Article 22.

18. EU Opt-Out Notice

EU users may contact us to exercise opt-out rights. We do not perform personalized tracking or advertising that requires consent.

19. Changes

This policy may be updated periodically. Please check this page for the latest version.

Last updated: November 30, 2025