Privacy Policy

Last updated: May 2026

1. Data Controller

Debuskia, SASU (simplified joint-stock company), share capital €50, RCS Paris 988 455 572. Registered office: 60 rue François 1er, 75008 Paris, France. Contact: [email protected]

2. Data Collected

Via Discord OAuth:

Discord ID, username, email, avatar, guild membership.

Provided by you:

Bio, links, logo, banner, reviews, comments, votes, preferences.

Technical:

IP address, browser, pages visited (security and fraud prevention).

Payment:

Stripe customer ID. TopV does not store any credit card data.

3. Legal Bases

  • Consent (Art. 6.1.a GDPR) : account creation via Discord OAuth.
  • Contract (Art. 6.1.b) : Service operation (profile, votes, subscriptions).
  • Legitimate interest (Art. 6.1.f) : public professional and commercial activity listings created from public data, for indexing and information. Requests reviewed case by case.
  • Legal obligation (Art. 6.1.c) : billing data retention.

4. Phantom Profiles

TopV may create listings from public data (Tebex, YouTube, public Discord) concerning professional and commercial activities. These listings are marked as unclaimed and contain no direct identifying data (no civil name, no email). You may claim them to manage them or have their information corrected at [email protected]. Any request regarding your rights is reviewed case by case; for public professional activities, TopV may maintain the listing on the basis of legitimate interest and freedom of information.

5. Cookies

TopV uses only essential cookies: authentication session (NextAuth.js), language preference. No advertising cookies. Exempt from consent (ePrivacy Directive).

6. Third-Party Processors

  • Stripe : payments. stripe.com/privacy
  • Discord : OAuth auth and bot.
  • Tebex : purchase verification.
  • YouTube / Twitch : public video feeds.
  • OVH : hosting in France (Roubaix).

7. Data Retention

  • Active account: while account exists.
  • Deletion: 30 days after request.
  • Billing: 10 years (French law).
  • Public activity listings: retained on the basis of legitimate interest; request reviewed case by case.
  • Logs: 12 months max.

8. Your Rights (GDPR)

  • Access : copy of your data.
  • Rectification : correct errors.
  • Erasure : right to be forgotten, subject to legal exceptions (overriding legitimate interest, freedom of information).
  • Restriction : restrict processing.
  • Portability : machine-readable format.
  • Objection : including unclaimed listings; request reviewed case by case.
  • Automated decisions : no automated decisions with legal effects. Scores are community-based.

Contact: [email protected]. Response within 30 days.

9. CNIL Complaint

File a complaint with CNIL: www.cnil.fr. Outside France: local authority.

10. Data Breach

Notification without undue delay (Art. 34 GDPR). CNIL notified within 72h (Art. 33).

11. Children

Minimum age 13. Parental consent required for ages 13-15 in the EU (Art. 8 GDPR).

12. International Transfers

Data hosted in France (OVH). Non-EEA processors governed by Standard Contractual Clauses or EU-US Data Privacy Framework.

13. Security

HTTPS, injection protection, access controls, regular backups.

14. Changes

Changes posted here with updated date.

15. Contact

Email : [email protected]

Discord : discord.gg/topv