Privacy Policy
Effective Date: May 25, 2026
1. Overview
Creamá provides staff tools for Roblox-community operations, account connection, verification, moderation workflows, Discord bot commands, administrative dashboards, telemetry, and audit records. This policy explains what data is processed, why it is used, how long it is kept, and when it may be removed.
2. Service Scope
This policy applies to the Creamá website, Discord bot interactions, dashboard pages, API endpoints, verification flows, account linking features, moderation records, ranking telemetry, blacklist tools, and operational logs controlled by Creamá.
3. Responsible Operation
Creamá is operated for approved community-management purposes. Data is handled by authorized personnel and service systems that need access to operate, secure, maintain, debug, or enforce the service.
4. Data We Process
Depending on how you interact with the service, Creamá may process the following categories of data:
- Discord identifiers, usernames, display names, avatars, guild identifiers, channel identifiers, message identifiers, role context, and command usage context.
- Roblox identifiers, usernames, display names, avatar images, profile metadata available through Roblox services, rank information, group status, and verification state.
- Account-connection records that link a Discord account to a Roblox account.
- Administrative records such as dashboard sessions, staff actions, verification attempts, moderation case status, safety review records, deletion events, and audit logs.
- Operational data such as request timestamps, rate-limit counters, error traces, diagnostics, and security telemetry needed to keep the service reliable and safe.
5. Discord Account Data
Discord data is used to identify the user or staff member interacting with commands, confirm server context, enforce command permissions, show account profiles, record administrative actions, and protect against unauthorized access.
6. Roblox Account Data
Roblox data is used to verify account ownership, display relevant identity information, check group rank, confirm staff eligibility, process ranking workflows, evaluate blacklist status, and support moderation or safety review.
7. Account Connection Records
Account-connection records store the relationship between a Discord account and a Roblox account. These records help staff identify verified users, prevent impersonation, support profile lookups, and maintain continuity across commands and dashboard workflows.
8. Verification Data
Verification workflows may process temporary challenge words, Roblox identifiers, Discord identifiers, timestamps, and completion status. Temporary verification data is kept only as long as needed to complete or expire the verification process.
9. Dashboard Session Data
Dashboard sessions use secure session tokens, hashed token records, user identifiers, username snapshots, rank snapshots, creation timestamps, and expiration controls. These records are used to keep authenticated pages limited to authorized users.
10. Ranking Telemetry
Ranking telemetry records the result of rank requests, including status type, role name, HTTP status code, target identifier, target username, and timestamp. Telemetry helps staff monitor reliability, detect misuse, and review operational outcomes.
11. Moderation and Safety Records
Creamá may process blacklist records, reasons, target identifiers, issuing staff identifiers, timestamps, durations, expiration dates, archive state, exploit-review records, and related safety status needed for moderation workflows.
12. Audit Logs
Audit logs record staff and system actions such as login, logout, dashboard views, ranking changes, blacklist changes, record deletion, and administrative cleanup. Audit logs help preserve accountability and service integrity.
13. Command and Interaction Data
Discord bot commands may process user-provided usernames, user mentions, selected options, command context, confirmation responses, and command timestamps. This data is used only to execute the requested workflow and record required outcomes.
14. API Request Data
API endpoints may process authentication keys, request paths, request methods, payload fields, target identifiers, response status, and rate-limit bucket data. Sensitive keys are used only to authorize requests and should not be shared publicly.
15. Device and Network Metadata
Creamá may process limited request metadata such as IP-derived rate-limit identifiers, user agent context, host headers, origin headers, content length, request timestamps, and error state. This data supports security, abuse prevention, and diagnostics.
16. Cookies
Creamá uses cookies for OAuth state validation and dashboard session continuity. These cookies are used for authentication, session protection, and safe redirects. They are not used to sell personal data.
17. How Data Is Used
Data is used to verify account ownership, show account connection profiles, run Discord bot commands, process ranking actions, manage blacklists, preserve audit integrity, protect the dashboard from misuse, enforce service limits, diagnose errors, and maintain accurate records of staff actions.
18. Operational Necessity
Creamá processes only the data reasonably needed to provide the relevant workflow, enforce permissions, maintain logs, protect users, and keep service operations reliable. The service should not be used to submit unnecessary private information.
19. Access Controls
Administrative data is limited to authorized staff and service operators who need it for approved duties. Access may depend on owner, corporate, presidential, management, or command-specific authorization checks.
20. Confidentiality Expectations
Authorized personnel are expected to keep service data, credentials, operational records, and internal tooling details confidential. Data should not be exported, copied, disclosed, or reused outside approved Creamá purposes.
21. Sharing and Processors
Creamá does not sell personal data. Data may be processed by hosting providers, database providers, Discord, Roblox, and infrastructure services only as needed to operate, secure, debug, or enforce the service.
22. Legal and Platform Disclosure
Data may be disclosed if required by law, platform rules, valid security investigations, abuse prevention, dispute resolution, or actions needed to protect users, staff, Creamá, Discord, Roblox, or service infrastructure.
23. International Processing
Creamá may run across multiple hosting regions and infrastructure providers. Data may be transmitted between regions for authentication, database access, logging, service delivery, redundancy, and reliability.
24. Retention
Temporary service data may be retained for up to five years unless removed earlier by a lifecycle action or required for an active operational process. Examples include logs, rate-limit records, sent outbox entries, diagnostic records, and dashboard session records.
25. Persistent Records
Permanent records, including Roblox account connection records and persistent safety-enforcement records, may be kept until a valid removal action occurs or continued retention is no longer necessary for the service purpose.
26. Deletion and Cleanup
Data may be deleted earlier when an authorized action requires it, including removing an account connection, deleting logs, ending an active session, completing a safety review, removing verification data, revoking a blacklist, or performing another administrative cleanup action.
27. User Requests
You may request review, correction, disconnection, or removal of eligible personal data through the appropriate Creamá staff channel. Some records may need to be retained for security, enforcement, dispute resolution, audit integrity, platform compliance, or service continuity.
28. Accuracy
Creamá relies on Discord, Roblox, staff input, and service systems for data accuracy. Users and staff should report incorrect account connections, outdated records, incorrect usernames, or mistaken moderation entries through approved channels.
29. Security
Creamá uses access controls, session validation, hashed session tokens, rate limits, permission checks, audit logging, and operational monitoring to reduce unauthorized access and misuse. No system can be guaranteed perfectly secure, but reasonable safeguards are applied and reviewed as the service changes.
30. Incident Handling
If a security, integrity, or availability issue is identified, Creamá may investigate logs, restrict access, rotate credentials, remove sessions, preserve relevant records, notify appropriate personnel, and take corrective action.
31. Children and Platform Accounts
Creamá is designed for community management and staff workflows connected to Discord and Roblox accounts. Users should follow Discord and Roblox age, account, safety, and privacy requirements.
32. Automated and Rule-Based Decisions
Creamá may apply rule-based checks such as rank thresholds, owner-only access, rate limits, blacklist status, session validity, and permission gates. These checks protect service integrity and do not replace appropriate staff review where review is required.
33. Changes
This policy may be updated when Creamá changes its features, retention rules, security controls, or operational needs. The effective date above identifies the current version.
34. Contact
Questions, correction requests, and eligible removal requests should be sent through the appropriate Creamá staff or owner channel so they can be reviewed by authorized personnel.