Privacy Policy

Effective date: 15 September 2025

1. Introduction & Scope

This Privacy Policy explains how Sylke Technologies, LLC, a Wisconsin limited liability company (“Sylke Technologies,” “we,” “our,” or “us”) collects, uses, shares, and safeguards information in connection with the ROK Battles website located at www.rokbattles.com, the ROK Battles desktop application (the “App”), our APIs, and related features and services (collectively, the “Services”).

This Privacy Policy applies exclusively to ROK Battles. It does not extend to other projects, products, or websites operated by Sylke Technologies.

We are committed to handling your information responsibly and transparently, in accordance with applicable privacy and data protection laws, including but not limited to:

• The General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR;
• The California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA);
• The Children’s Online Privacy Protection Act (COPPA);
• The Lei Geral de Proteção de Dados (LGPD) of Brazil;
• Other applicable local laws depending on your place of residence.

By using the Services, you acknowledge that your information will be processed as described in this Privacy Policy.

2. Information We Collect

We intentionally collect as little personal information as possible. Depending on how you interact with the Services, we may collect the following categories of information:

1. From the App. When the App sends requests to our APIs, it includes limited metadata in the User-Agent header:
   • App version;
   • Operating system;
   • CPU architecture;
   • Tauri framework version.
     This metadata is technical in nature and is not directly linked to an identified individual.
2. From the Website. When you access the website, we may automatically collect standard log data, including IP address, browser type, and device information. We may also use cookies or similar technologies for authentication, session management, and analytics.
3. From Accounts (Future Functionality). When account-based features are introduced, we will collect information provided by our authentication provider (currently Discord), such as username, account ID, and email address (if shared by Discord).
4. From Payments (Future Functionality). When you purchase premium features, your payment information will be collected and processed by Stripe. We do not collect or store your payment card details.
5. From User Content. When you upload battle reports or related data, we store that information for display, analysis, and community use.

We do not intentionally collect sensitive personal information (such as race, religion, or health data), and we ask that you do not include such information in your User Content or contributions.

3. How We Use Information

We use the information described above for the following purposes:

• To Provide the Services. Operating, maintaining, and improving the website, App, and APIs.
• To Authenticate Users. Using Discord OAuth (when accounts are introduced).
• To Process Transactions. Facilitating payments for premium features through Stripe.
• To Ensure Functionality and Security. Debugging, troubleshooting, and ensuring compatibility across systems and devices.
• To Prevent Misuse. Detecting and preventing fraud, abuse, or violations of our Terms of Service.
• To Communicate With You. Sending service-related updates, notices about changes to policies, or responses to support inquiries.

We do not use your information for targeted advertising, nor do we sell your personal information to third parties.

4. Legal Bases for Processing (GDPR/UK GDPR)

For users located in the European Economic Area (EEA) or the United Kingdom, we process personal data only where we have a lawful basis under the GDPR or UK GDPR. These bases include:

• Contractual Necessity. To provide you with the Services you request, such as authentication or premium features.
• Legitimate Interests. To improve our Services, ensure security, and analyze usage, provided such interests are not overridden by your rights and freedoms.
• Legal Obligations. To comply with applicable law, including recordkeeping and tax obligations related to payments.
• Consent. For certain processing activities (e.g., non-essential cookies or future marketing communications), we will rely on your explicit consent.

5. Data Sharing & Disclosure

We do not sell your personal information. We share information only as necessary to provide and support the Services, or as required by law:

• With Service Providers. We engage trusted third-party providers to support the operation of the Services. These include:
  • Discord – for authentication (when account functionality is available);
  • Stripe – for payment processing of premium features;
  • GitHub – for hosting and managing the open-source project repository;
  • Cloudflare – for performance optimization, content delivery, and security services (including DDoS protection);
  • OVHcloud – for hosting and infrastructure services.
• For Legal Compliance. We may disclose information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect rights, safety, or property.
• In Corporate Events. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction.

6. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve the Services. These may include:

• Strictly Necessary Cookies. Required for the website to function, such as session authentication cookies.
• Functional Cookies. Used to remember user preferences or enhance usability.
• Analytics Cookies. Used to understand how the Services are used and to improve performance.

Where required by law (e.g., in the EEA or UK), we will provide a cookie banner or consent management tool to give you control over non-essential cookies.

You can adjust your browser settings to refuse cookies or alert you when cookies are being sent. However, disabling cookies may limit your ability to use certain features.

Certain third-party providers, such as Cloudflare, may also place cookies that are strictly necessary for security and performance (for example, load balancing or DDoS protection). These cookies cannot be disabled.

7. Analytics & Log Data

We may use analytics tools to better understand how the Services are used and to improve functionality. To minimize privacy impact, we may use privacy-focused analytics solutions that do not rely on tracking across websites.

In addition, when you use the Services, our servers may automatically log certain technical information, such as:

• IP address;
• Browser type and settings;
• Device information;
• Date and time of access;
• Pages viewed.

This information is used to monitor the performance of the Services, detect abuse, and diagnose technical issues. Log data is generally retained for a limited period and is deleted or anonymized thereafter.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• App Metadata. User-Agent data (App version, operating system, CPU architecture, Tauri version) is retained only as long as necessary for debugging and compatibility purposes, typically in short-term server logs.
• Account Information. If you create an account through Discord (when available), we retain associated information for as long as your account remains active. If you delete your account, we will delete or anonymize your information within a reasonable period, subject to legal obligations.
• Payment Information. Stripe retains payment data in accordance with its own policies. We retain related transaction records as required by tax and financial reporting laws.
• User Content. Battle reports and other User Content are retained for as long as they remain published through the Services. You may request deletion of your User Content, subject to our ability to remove it without impairing the integrity of aggregated analytics.
• Aggregated Data. We may retain aggregated or anonymized information indefinitely, as it does not identify individual users.

9. Data Subject Rights (GDPR, UK GDPR, LGPD, and Global Equivalents)

If you are located in the European Economic Area, the United Kingdom, Brazil, or other jurisdictions that grant similar rights, you may exercise the following rights with respect to your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request that we correct or update inaccurate or incomplete data.
• Deletion. Request that we delete your personal data, subject to legal or contractual obligations.
• Portability. Request a structured, commonly used, and machine-readable copy of your data.
• Restriction. Request that we limit the processing of your personal data in certain circumstances.
• Objection. Object to processing based on our legitimate interests.
• Consent Withdrawal. Withdraw consent where processing is based on consent (e.g., cookies, marketing).

To exercise your rights, please contact us as set out in Section 20. We may require verification of your identity before responding.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (as amended by the CPRA):

• Right to Know. You may request disclosure of the categories of personal information we collect, the purposes for which we use it, and the categories of third parties with whom we share it.
• Right to Delete. You may request deletion of personal information we collect about you, subject to certain exceptions.
• Right to Correct. You may request correction of inaccurate information.
• Right to Opt-Out. You may opt out of the “sale” or “sharing” of personal information. We do not “sell” personal information as defined under the CCPA.
• Right to Limit. You may request limits on the use of sensitive personal information. We do not intentionally collect sensitive personal information.

We will not discriminate against you for exercising your rights under the CCPA/CPRA.

11. Children’s Privacy (COPPA and Global Equivalents)

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

• COPPA Compliance. If we discover that we have inadvertently collected personal information from a child under 13, we will take reasonable steps to delete it promptly.
• Parental Consent. In jurisdictions where children between 13 and 16 require parental consent for online services, we will comply with those requirements.
• Community Content. Parents and guardians who permit their children to use the Services remain responsible for monitoring their activity and any information submitted.

12. Security Measures

We implement appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These may include encryption in transit, access controls, secure hosting environments, and periodic security assessments.

However, no system or transmission method is completely secure. You understand and acknowledge that we cannot guarantee absolute security of your information. You are encouraged to take precautions to protect your own devices, accounts, and networks.

We also rely on the security measures implemented by our infrastructure providers, including OVHcloud and Cloudflare, which maintain their own industry-standard certifications and protocols.

13. International Data Transfers

Because Sylke Technologies is based in the United States, information we collect will be processed and stored in the United States. If you access the Services from outside the United States, you acknowledge that your data will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

For users in the European Economic Area, the United Kingdom, and other regions where cross-border data transfer mechanisms are required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms approved under applicable law.

14. Third-Party Links & Integrations

The Services may contain links to, or integrate with, third-party platforms and service providers that help us operate ROK Battles. These include:

• Discord – used for account authentication (when available).
• Stripe – used for payment processing of premium features.
• GitHub – used to host and manage the open-source project repository.
• Cloudflare – provides performance optimization, content delivery, and security services (including DDoS protection).
• OVHcloud – provides hosting and infrastructure services.

Each of these third parties has its own terms of service and privacy policies, which apply when you use their services. We do not control these third parties, and we are not responsible for their availability, performance, or data practices.

If you choose to interact with third-party services through the platform, you do so at your own risk, and any information you provide will be governed by their terms and policies.

15. Automated Decision-Making

We do not use your personal information for automated decision-making that produces legal effects concerning you or significantly affects you in a similar way. This includes profiling in the sense contemplated by the GDPR.

If in the future we introduce features that involve automated processing with significant effects, we will provide clear notice, describe the logic involved, and inform you of your rights in connection with such processing before it takes place.

16. Open-Source & Public Contributions

ROK Battles is maintained as an open-source project hosted on GitHub. Contributions made to the project repository (such as code submissions, issue reports, or pull requests) are publicly visible and subject to the terms of the repository’s open-source licenses (MIT and Apache 2.0).

Because contributions are public, you should avoid including any personal information in your submissions. Any personal information you voluntarily disclose in open-source contributions will be publicly available and outside our control.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services themselves.

• Notification of Changes. If we make material changes, we will post the updated Privacy Policy on www.rokbattles.com with a revised “last updated” date. In some cases, we may provide additional notice (such as via a banner on the site or an email to registered users).
• Your Continued Use. By continuing to use the Services after the updated Privacy Policy takes effect, you acknowledge and agree to the revised terms.

We encourage you to review this Privacy Policy periodically to stay informed about how we handle your information.

18. Exercising Your Rights & Contacting Us

If you wish to exercise your privacy rights under applicable law—including rights of access, correction, deletion, portability, objection, or consent withdrawal—you may contact us using the information provided in Section 20.

• Verification. To protect your privacy, we may request proof of identity before responding to a rights request.
• Timing. We will respond to requests within the timeframes required by applicable law (e.g., one month under GDPR, 45 days under CCPA).
• Limitations. Certain rights may be limited by applicable law, such as when fulfilling a request would compromise the rights of others or prevent us from complying with legal obligations.

19. Supervisory Authorities (EU/UK Users)

If you are located in the European Economic Area or the United Kingdom and believe that we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

• For users in the EEA: You can find contact details for national supervisory authorities at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
• For users in the UK: You may contact the Information Commissioner’s Office (ICO) at https://ico.org.uk.

We encourage you to contact us first so that we may attempt to resolve your concerns directly.

20. Contact Information

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, you may contact us at:

Sylke Technologies, LLC
Email: [email protected]

For privacy-related requests, please include “Privacy Request” in the subject line of your email.