Vuplore logo Vuplore
Sign in

Privacy Policy

How Vuplore handles personal data.

This Privacy Policy explains which data Vuplore processes, why it is processed, how long it is kept, who may receive it, how protected communications are treated, and which rights users can exercise.

Version1.1
Effective16 July 2026
ControllerOperator named in Imprint

1. Controller and contact

The data controller for Vuplore services is the legal operator named in the Imprint. Privacy requests, data access requests, correction requests, deletion requests, objections, consent withdrawals, portability requests, and complaints must be submitted through the official Support Center or the contact listed in the Imprint so identity and request scope can be verified.

If a request concerns a staff record, application, contract, time account, security record, ticket, or legal matter, Vuplore may require additional proof before disclosing or changing data. This protects the requester, other users, staff, and affected records.

2. Services covered

This Policy applies to Vuplore websites, Vuplore IDs, Support Center, reports, appeals, tickets, Community Hub, mailbox, document systems, staff applications, department workspaces, internal staff tools, platform integrations, hosted events, APIs, bots, commercial services, and any other Vuplore service that links to this Policy.

External platforms such as Roblox, Discord, War Thunder, Steam, payment providers, email providers, hosting providers, and OAuth providers process data under their own policies when you interact with them directly or authorize an integration.

3. Account and identity data

Vuplore may process account identifiers, Vuplore IDs, legacy SREC IDs during migration, usernames, normalized usernames, display names, email addresses, password hashes, 2FA status, trusted-device records, recovery state, consent records, profile settings, avatar references, language, timezone, birthday, age status, guardian-consent status where applicable, and account lifecycle events.

Vuplore may process platform identifiers such as Roblox user IDs, Roblox display names, Discord user IDs, Discord usernames, War Thunder identifiers, Steam identifiers, OAuth state, linked-account status, public profile URLs, platform avatar URLs, verification status, ownership proof, and unlink requests.

4. Support, reports, and cases

When you submit a report, appeal, support request, privacy request, staff application, document request, or ticket, Vuplore may process the form fields, subject, description, selected service, target identifier, evidence, attachments, status, assignment, staff notes, user replies, internal notes, escalation path, linked records, audit history, and outcome.

Tickets may be routed to department-specific queues such as Trust & Safety, People & Culture, Product & Technology, Communications, Legal & Compliance, or Intelligence & Security depending on the issue. Some ticket types are one-way reports; some support tickets support a two-way chat only when the requester uses a Vuplore ID.

5. Community Hub data

Public Community Hub channels may process message bodies, edits, deletes, attachments, link previews, reactions, replies, mentions, channel membership, moderation actions, reports, timestamps, device/session signals, and safety-review results. Public channels may be scanned by automated systems and reviewed by authorized staff where needed for safety, abuse prevention, child-safety risk, moderation, legal compliance, and audit accountability.

Community Hub direct message bodies are true end-to-end encrypted by default. Vuplore cannot read, recover, export, decrypt, scan, moderate, or later review protected DM message bodies. Vuplore may still process DM metadata needed for delivery, abuse controls, account security, rate limits, participant lists, message existence, timestamps, encryption state, user reports, and evidence voluntarily provided by a participant.

6. Technical and security data

Vuplore may process IP addresses, hashed IP values, device signals, user agent, referrer, request route, method, response status, latency, rate-limit state, bot-check results, failed login attempts, session identifiers, CSRF state, security challenge results, network risk signals, upload metadata, error logs, API audit events, and traffic telemetry.

Sensitive tools may record stronger audit entries, including actor Vuplore ID, role snapshot, route, case reason, target, field viewed, reveal state, timestamp, session state, and outcome. These records protect users, staff, systems, and legal accountability.

7. Staff, applicant, and personnel data

Staff applications and personnel records may include legal name, address, contact details, date of birth, eligibility checks, guardian information where applicable, department preference, availability, experience, scenario answers, interview notes, training records, contract records, time account entries, payroll or volunteer status, warnings, promotion records, disciplinary records, offboarding records, and policy acknowledgements.

Personnel records are handled through protected staff and document systems. They may be archived as signed PDFs or structured records where necessary for employment, volunteer management, training, legal compliance, audit, and dispute handling.

8. Payment and commercial data

When paid services are offered, Vuplore may process order data, billing contact, product selection, invoice references, subscription status, cancellation state, refund state, tax-relevant records, support entitlements, upload limits, and payment provider references. Payment card or bank details should be handled by the payment provider wherever possible and not stored by Vuplore unless a lawful and secure payment flow requires it.

9. Purposes of processing

Vuplore processes data to create and secure accounts, provide services, verify ownership, run tickets, route reports, handle appeals, moderate abuse, protect minors, investigate safety risks, maintain audit logs, prevent fraud and ban evasion, operate linked-platform features, provide event tools, process paid services, send official notices, manage staff records, improve reliability, detect security incidents, meet legal duties, and defend legal claims.

Vuplore does not use private support cases, staff records, protected DM bodies, child-safety signals, or sensitive legal records for general advertising profiles.

10. Legal bases

Depending on the context, processing may be based on contract performance, steps requested before a contract, consent, legitimate interests, legal obligations, vital interests, employment or staff administration requirements, child-safety obligations, security obligations, or establishment, exercise, and defense of legal claims.

Where processing depends on consent, consent can be withdrawn for future processing. Withdrawal does not affect processing that already happened lawfully and does not remove records that Vuplore must or may retain under another lawful basis.

11. Child-safety and attachment handling

Attachments, media, public-channel content, ticket evidence, and standard uploads may be checked for child-safety risk, abuse, malware, spam, harassment, threats, illegal content, or Terms violations. Vuplore prefers first-party, official, or public-authority-backed scanning where available and suitable.

Where an upload is flagged as dangerous, illegal, abusive, or high-risk, Vuplore may restrict rendering, preserve evidence, route the item to authorized review, redact exports, report where legally required, or block delivery. Protected DM bodies remain outside content review unless a participant separately reports or provides evidence from their own device.

12. Cookies, local storage, and sessions

Vuplore may use cookies, local storage, and similar technologies for login sessions, theme preferences, CSRF protection, 2FA state, bot checks, trusted-device settings, security challenges, language choices, consent state, service operation, and abuse prevention.

Non-essential analytics, personalized advertising, third-party ad scripts, cross-site tracking, or ad-network cookies require a separate approved consent model before being enabled. First-party sponsor placements may be selected by placement, broad page context, or language without third-party tracking.

13. Sharing and recipients

Vuplore may use hosting, database, email, backup, logging, file-storage, malware scanning, payment, security, infrastructure, analytics, and support-service providers where necessary. Processors must be bound by appropriate data protection obligations where required.

Vuplore may share data with platform providers, payment providers, legal authorities, emergency responders, rights holders, external advisors, insurers, auditors, or business partners where necessary for integration, payment, security, legal compliance, abuse handling, child safety, rights protection, or claims. Vuplore does not sell personal data.

14. Internal access

Internal access is limited by role, department, need-to-know, active case, and audit requirements. Department workspaces receive only the data needed for their task. Intelligence & Security may have broader lawful oversight access, but protected DM bodies remain unavailable because Vuplore does not possess the keys or recovery path for those contents.

Staff are prohibited from curiosity access. Privileged lookups, reveals, exports, restrictions, ticket actions, and document downloads may be logged with actor, reason, target, timestamp, and outcome.

15. International transfers

Some providers, platform integrations, or support tools may process data outside the user's country. Where GDPR or similar law applies, Vuplore uses appropriate safeguards such as adequacy decisions, standard contractual clauses, processor contracts, technical controls, or another lawful transfer mechanism.

16. Retention

Data is kept only as long as necessary for the purpose collected unless a longer period is required or justified for safety, legal compliance, audit, abuse prevention, accounting, dispute handling, personnel administration, child-safety handling, security, backup integrity, or legitimate operational needs.

Account deletion may use a delayed deletion window for safety and reactivation protection. Deletion requests may be limited where records are needed to preserve moderation integrity, legal claims, staff files, tax records, payment records, fraud prevention, child-safety evidence, or security audit trails. Some records may be anonymized, restricted, or retained separately instead of fully deleted.

17. User rights

Depending on applicable law, users may have rights to access, correction, deletion, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority. Requests must be submitted through official privacy or support channels so identity and scope can be verified.

Vuplore may refuse or limit requests where disclosure would harm another person's rights, reveal confidential security measures, expose protected staff or legal records, interfere with an investigation, violate law, or require disclosure of data Vuplore cannot access, such as protected DM bodies.

18. Minors and guardian consent

Where a user is under 18, Vuplore may require confirmation that a parent or legal guardian agrees to the Terms and Privacy Policy. Some services remain unavailable to minors even with guardian agreement. Staff roles, communication features, paid features, commercial products, and sensitive workflows may have additional age, eligibility, or guardian-document rules.

19. Security

Vuplore protects data through access control, hashed passwords, required 2FA for privileged tools, session separation, least-privilege roles, encryption in transit, secure backups, audit logs, retention controls, rate limits, bot checks, monitoring, vulnerability handling, and staff rules. No system is risk-free, and security incidents are handled through a documented response process.

If Vuplore becomes aware of a personal-data breach requiring notification, it will assess the risk and notify affected users or authorities as required by applicable law.

20. Automated decisions

Automated systems may flag content, uploads, accounts, traffic, or reports for review. Automated systems may also apply temporary rate limits, upload blocks, spam controls, bot challenges, or security restrictions. Serious final actions should include staff review or appeal availability where required by law or Vuplore policy.

21. Changes

Vuplore may update this Privacy Policy when services, laws, providers, security practices, data flows, business operations, or internal systems change. Material changes are announced through official channels where practical. Continued use after an update means future processing follows the updated policy.

This Privacy Policy is written in English as Vuplore's primary operating language. Local-language versions may be provided where required. If translations differ, the legally designated version shown during acceptance controls unless mandatory local law requires otherwise.