ModBase
ModBase

Privacy Policy for ModBase

Last updated: June 2025

ModBase ("we", "our", "us") operates the backend moderation infrastructure for Roblox communities, including the ModBase dashboard and API ("Services"). We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. By using ModBase, you consent to the practices described herein.

1. Data Controller

ModBase
Decentralized entity operating under German jurisdiction
Contact Email: support@modbase.dev

2. Information We Collect

We collect and process the following categories of information:

  • OAuth2 Provider Data: Information you provide via third-party OAuth2 services (e.g., Discord), including username, user ID, and profile details.
  • Session Data: Technical data necessary to secure your account and authenticate your session, including IP address, operating system, browser type, and session tokens.
  • User-Generated Data: Moderation logs and related metadata created through the ModBase API and addons, which may contain sensitive information related to moderation actions.
  • Cookies: Minimal use of cookies to facilitate authentication and maintain session state.

We do not collect sensitive personal data such as health, biometric, or political information beyond what you provide via OAuth2 and moderation logs.

3. How We Collect Data

  • Direct Input: Via OAuth2 login and user interaction on the dashboard and API.
  • Automatic Collection: Use of session cookies strictly for authentication; no tracking or third-party analytics are implemented.

4. Purpose of Data Processing

Data collected is used solely to:

  • Provide and maintain the ModBase Services.
  • Secure and authenticate your account.
  • Enable real-time moderation infrastructure functionality.
  • Comply with legal and security obligations.

We do not use your data for marketing, profiling, or share it with third parties beyond necessary service providers.

5. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to outside parties.

Third-party service providers (e.g., cloud hosting providers in Stockholm and Frankfurt) may have access to your data solely for operational purposes under strict confidentiality agreements.

6. User Rights

  • Access and Correction: You can change your username, server icon, and banner via the user settings.
  • Deletion: You may request complete deletion of your personal data via the dashboards data deletion request feature.
  • Data Portability: Upon request, we will provide your stored data in a machine-readable format.
  • Objection & Restriction: You may object to data processing where applicable under GDPR.

7. Cookies and Tracking

We use minimal cookies strictly for authentication purposes. No third-party tracking or behavioral analytics are employed.

8. Data Retention and Storage

  • Data is stored on secure EU servers located in Stockholm and Frankfurt.
  • Personal data is retained until account deletion.
  • Session data is deleted after 30 days of inactivity, requiring re-authentication.
  • All sensitive information, including OAuth tokens and access tokens, are encrypted at rest.
  • User IDs and non-sensitive data are stored in hashed or pseudonymized formats where feasible.

9. Security Measures

We implement appropriate technical and organizational security measures to safeguard your data, including:

  • Encryption of sensitive data at rest.
  • Access control policies limiting data access.
  • Secure authentication protocols.
  • Regular security audits.

10. Children's Privacy

Our Services are intended only for users aged 13 years or older, in line with Discord's minimum age requirement and international standards such as COPPA (Children's Online Privacy Protection Act). We do not knowingly collect or process personal information from children under 13.

If we become aware that data has been collected from a user under the age of 13 without verifiable parental consent, we will take immediate steps to delete such information from our systems. Parents or guardians who believe that their child has provided us with personal data should contact us atsupport@modbase.dev.

11. Legal Basis for Processing (GDPR)

Our processing of your data is based on:

  • Consent: When you authenticate via OAuth2 or input data.
  • Legitimate Interest: Providing, securing, and maintaining our Services.

12. International Data Transfers

Data is primarily processed and stored within the European Union (EU). If transfers outside of the EU or European Economic Area (EEA) become necessary, such transfers will only occur where adequate safeguards are in place to protect your data.

  • Use of countries recognized by the European Commission as providing adequate protection.
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Other legally recognized mechanisms ensuring data protection at a level consistent with GDPR.

By using our Services, you acknowledge that your data may be transferred internationally under these safeguards.

13. Changes to this Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Changes may be made to reflect updates in our Services, changes in legal or regulatory requirements, or improvements to our data protection practices.

Users will be notified of material changes through the ModBase dashboard, email (where applicable), or other suitable communication methods. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

For questions or concerns about this Privacy Policy or your data, please contact:support@modbase.dev

End of Policy