Privacy Policy
1. Data Controller
| Name | EI GAY Simon |
| SIREN | 990 423 162 |
| Address | 11 rue de Douaumont, France |
| contact@playandchill.bet |
2. Data Collected
We collect the following data:
a) Registration Data (via Discord OAuth)
- Discord ID
- Discord username
- Email address
- Profile picture
b) Profile Data (provided voluntarily)
- Biography
- Website
- Twitter handle
- Banner image
c) Seller Data (via Stripe Connect)
- Account type (individual / business)
- Legal name
- Country
- GDPR consents and timestamps
Important: Seller identity, banking, and tax data are collected and stored exclusively by Stripe. UEFNSTORE does not have access to this sensitive information.
d) Transaction Data
- Purchase history (product, amount, date)
- Stripe payment ID
e) Technical Data
- Anonymized browsing data (Vercel Analytics)
3. Legal Bases for Processing
| Processing | Legal Basis |
|---|---|
| User account management | Performance of a contract (Terms of Use) |
| Payment processing | Performance of a contract (Terms of Sale) |
| Seller registration / Stripe Connect | Explicit consent |
| Analytics (Vercel) | Legitimate interest |
| Email communication | Consent |
4. Data Retention Period
| Data | Retention Period |
|---|---|
| User account | Until account deletion |
| Transaction data | 10 years (accounting obligation) |
| Seller data (excluding Stripe) | Until account deletion + 3 years |
| Technical logs | 12 months maximum |
5. Sub-processors and Data Transfers
| Service | Usage | Location | Safeguards |
|---|---|---|---|
| Supabase (AWS) | Database, authentication, storage | USA / EU | DPA, SOC2 |
| Vercel | Hosting, analytics | USA | DPA, SOC2 |
| Stripe | Payments, seller identity | USA / EU | DPA, PCI-DSS |
Transfers to the United States are governed by the EU-US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses.
6. Your Rights (GDPR)
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access: obtain a copy of your personal data.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request the deletion of your data.
- Right to restriction: restrict the processing of your data.
- Right to data portability: receive your data in a structured format.
- Right to object: object to the processing of your data.
- Right to withdraw your consent at any time.
To exercise your rights, send an email to contact@playandchill.bet including your account identifier. We will respond within 30 days.
If you are not satisfied with our response, you may file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertes): www.cnil.fr.
7. Security
We implement technical and organizational measures to protect your data: encryption in transit (TLS), OAuth authentication, Row Level Security (RLS) on the database, and restricted access to production data.
8. Minors
The Platform is accessible to individuals aged 16 and over. For users between 16 and 18 years old, registration implies that a legal guardian has consented to the use of the Platform.
9. Changes
We reserve the right to modify this policy. Substantial changes will be notified to users. The date of the last update is indicated at the top of this page.
10. Contact
For any questions regarding your personal data:
Email: contact@playandchill.bet