LEGAL

Privacy Policy

Last updated: March 16, 2026

1) What this website stores

  • Account data: email, username, profile settings, role, Discord ID/avatar (when using Discord login).
  • Security data: 2FA status, TOTP secret, backup codes, failed login counters, lockout timestamps.
  • Session/security metadata: IP address and user-agent for sessions and audit events (e.g. login/logout/security actions).
  • Community data you create: shared server entries, reviews, favorites, tickets, reports, notifications.

2) Cookies and local storage

  • casa_token: authentication cookie for signed-in sessions.
  • casa_2fa_pending: short-lived cookie used only during 2FA login verification.
  • casa_analytics_consent (local storage): stores your analytics consent choice.

3) Analytics and ads

  • Google Analytics (GA4) is loaded with Consent Mode default set to denied.
  • Analytics tracking is enabled only after you grant consent in the cookie banner.
  • Google AdSense script is present on the site.

4) Discord OAuth and third parties

  • If you sign in with Discord, we use Discord OAuth to authenticate your account.
  • For some features, the system may sync roles/join actions with the Casa Cloner Discord server.

5) Shared server template data

If you use the tool to share a server template to the website, data can include guild ID, name, icon, description, counts, and structured server content such as channels (text/voice/stage/forum), emojis, stickers, and soundboard metadata.

The website keeps one active shared server entry per user and updates that entry on later uploads.

6) Security controls in place

  • Discord OAuth-based sign-in and session-bound authentication cookies.
  • JWT-based auth with expiration and session records.
  • Rate limiting on sensitive API routes.
  • Audit logging for key account/security actions.

7) Retention and deletion

You can delete your account from the app settings. The account deletion flow removes the user record and related data (including sessions, tokens, servers, clones, reviews, favorites, notifications, and audit logs) according to the current database relations.

8) Your choices

  • You can accept or decline analytics cookies in the banner.
  • You can change your consent later by clearing site storage and setting consent again.

9) Contact for privacy requests

For data/privacy requests, use the in-app support flow via your dashboard support area and include your account username plus the request details (for example: access request, correction, or deletion request).