Privacy Policy

Last updated: 2026-05-04 · operated by Refuge Gaming

What we collect

To operate the RefugeBot Service we collect and store:

• Account data: your Steam ID (Steam64) and Steam display name, captured at sign-in via Steam OpenID. Optionally an email address you provide.
• Tenant + server data: tenant names, server names you create, AgentKeys we generate for your servers, plan tier.
• Game-server data your Agent reports: connected player names, platform IDs (Steam64 or EOS UUID), IP addresses captured during normal admin operations, chat messages relayed through the bridge, ban records, shop catalog, in-game purchase history, scheduled tasks, plugin enable/disable state.
• Operational logs: webhook deliveries, audit log entries, error logs. These are retained on our infrastructure for diagnostic purposes.

What we do NOT collect

• Passwords. Steam handles authentication; we never see your Steam password.
• Payment card data. Stripe handles billing; card numbers, CVC, and bank details never touch our servers.
• The contents of 7 Days to Die game saves beyond what your Agent explicitly relays.

How we use it

Solely to operate the Service for you and your players: rendering the admin panel and player shop, routing the Discord chat bridge, executing scheduled tasks, gating paid features, processing subscription payments, debugging incidents, and complying with applicable law.

We do not sell your data. We do not use it for advertising or to train machine-learning models.

Third-party processors

• Steam (Valve Corporation) — OpenID authentication. Subject to Steam's privacy policy.
• Stripe — payment processing and customer billing portal. Subject to Stripe's privacy policy.
• Discord — when you enable the Discord bridge, message contents you authorize for relay flow through Discord's infrastructure. Subject to Discord's terms.
• Cloudflare — DNS for refugegaming.org.
• Hivelocity — VPS hosting for app.refugegaming.org.

Retention

• Account and tenant records: retained while your account is active. Deleted on request or 30 days after subscription cancellation.
• Chat log: 30-day rolling retention by default; admins can clear earlier.
• Audit log: retained for 1 year.
• Operational logs (webhooks, errors): up to 90 days.

Your choices

You can:

• Sign out at any time. Your account stays in the database but no further data is collected unless you sign back in.
• Cancel your subscription via the customer billing portal.
• Request export or deletion of your data by emailing support@refugegaming.org. We respond within 30 days.
• Disable the Discord bridge from your tenant Settings page to stop chat-message relay.

Security

Data is stored in Postgres on our VPS at app.refugegaming.org. The connection is TLS-terminated by Caddy with a Let's Encrypt certificate. The service runs as an unprivileged system user. Subscription tokens, API keys, and Discord bot tokens are stored in a non-public secrets file readable only by the service user.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately.

Children

The Service is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us and we will delete it.

Changes

Material changes to this policy will be posted here with an updated "last updated" date. Substantial changes will be emailed to active subscribers.

Contact

Privacy questions or data requests: support@refugegaming.org or visit the contact page.