Privacy Policy

Last Updated: August 13, 2025

Introduction NexCore (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect about users of the PatchPost service (“PatchPost” or the “Service”), how we use and share that information, and your rights in relation to that information. This policy applies to all users of PatchPost, including visitors to our website, administrators using the web portal, and Discord users interacting with the PatchPost bot or API. It is designed to comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using PatchPost, you agree to the collection and use of information in accordance with this Privacy Policy.

We understand that your data is important, and we want to be transparent about how we handle it. If you have any questions or concerns about this policy, please contact us via our support channels (see the “Contact Us” section at the end of this policy).

1. Information We Collect

We only collect data that is necessary to provide and improve the PatchPost Service. The types of information we may collect include:

  • Discord Account Information: When you log into PatchPost via Discord OAuth2, we receive certain information from Discord about your account. This typically includes your Discord user ID, username (and discriminator, e.g., "User#1234"), avatar (if any), and the list of Discord guilds (servers) where you have membership. We specifically use guild information to determine which servers you can manage with PatchPost (for example, identifying the servers where you are an admin or have the required permissions). If PatchPost requests additional scopes in the future (such as your Discord email address or other profile details), we will only do so with your explicit consent during the OAuth process. (At present, PatchPost does not collect your email address via Discord login unless you explicitly grant access to it.)
  • Guild and Project Data: If you use PatchPost to manage changelogs for a Discord server, we will collect and store data about that server relevant to the Service. This includes the Discord Guild ID, guild name, and settings you configure (e.g., which channel to post changelogs in, what projects you create within the guild). We may also store a list of users or roles who are authorized within your guild to use PatchPost features (for instance, who is marked as an admin or has publishing rights in the PatchPost portal).
  • Changelog Content (User Content): We store the content you create using PatchPost. This includes the text of changelog entries, titles, timestamps, attachments or images (if you upload any for inclusion in changelogs), and any tags or categories (like labels for New, Fixed, etc.). Essentially, any content you submit through the web interface, Discord bot commands, or API to be part of a changelog or announcement is stored on our servers.

  • Usage Data: We collect information about how you and others interact with PatchPost. This usage data may include:

    • Log Information: When you interact with our Service, our servers may automatically record certain information (“log files”), including your IP address, the date and time of access, the features or endpoints you used (e.g., which API calls were made, or which web pages were visited), and error logs or debug information if something goes wrong.
    • Device and Software Information: We might collect information about the device and software you use to access PatchPost, such as the type of web browser or application version, operating system, device type, and unique device identifiers. This is typically collected via analytics or server logs to ensure compatibility and optimize our Service.
    • Cookies and Similar Technologies: The PatchPost web portal uses cookies or similar technologies for necessary functionality, such as maintaining your session after you log in. These cookies store a token or identifier that links your browser to your logged-in session. We do not use cookies for advertising. We may use cookies or local storage for remembering preferences (like theme settings) or for security (such as CSRF tokens). You can control cookies through your browser settings, but please note that disabling essential cookies may affect the functionality of the Service (for example, you might not be able to stay logged in).
  • Support and Communication: If you contact us for support or to report an issue (for example, via our Discord support server or email), we may collect the information you choose to give us in that communication. This could include your contact details (like your Discord handle or email address) and a description of the problem or question. We will use this information only to assist you and improve the Service.
  • Billing Information: If you purchase a premium plan, Stripe processes your payment. We receive your Stripe customer ID, subscription status, and limited billing details so we can activate and manage your subscription. We never receive your full payment card number.

We do not intentionally collect any sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data. We ask that you do not provide any such information through PatchPost. PatchPost is not intended to process sensitive personal data, and any sensitive information that might appear in your changelog content is provided at your discretion and under your control.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Providing the Service: The primary use of your information is to operate PatchPost and provide its core functionality to you. For example, we use your Discord account and guild information to authenticate you and determine which Discord servers and projects you are allowed to manage. We use the content and settings you provide to generate and post changelog entries to the appropriate Discord channels and to display them on the web dashboard or via the API.
  • Improving and Developing the Service: We analyze usage data and feedback to understand how PatchPost is used and to identify areas for improvement. For instance, log data and error reports help us troubleshoot issues, debug crashes, and optimize performance. Usage patterns can guide us in adding new features or refining existing ones. Any analytics we perform are generally on aggregated or pseudonymized data, and are aimed at enhancing user experience and reliability.
  • Communicating with You: We may use your contact information (for example, your Discord username or an email if provided) to send you service-related communications. This might include notifications of important updates, changes to the Service or Terms, security alerts, or support responses. We do not send marketing or promotional messages unrelated to PatchPost without your consent. Most communications will occur via our Discord support server or in-app notifications, but if critical, we might use email or Discord direct messages (such as from our bot or a staff account) for reaching you.
  • Maintaining Security and Preventing Misuse: Information we collect is also used to keep PatchPost secure and to prevent abuse. We monitor logs and usage for signs of malicious activity, unauthorized access attempts, or violations of our Terms of Service. For example, IP addresses and usage patterns can help identify and mitigate DDoS attacks or bots abusing the API. If we detect an issue, we may use relevant data to investigate and take appropriate action (such as rate-limiting or banning an offending IP or user account).
  • Processing Payments: We use billing information to manage premium subscriptions, process charges, and handle upgrades or cancellations via Stripe.
  • Legal Compliance: We might need to use and retain your information to comply with legal obligations. For example, if law enforcement requests data with proper authority, or we need to preserve information as part of a legal process (such as for handling disputes or enforcing our Terms), we will use your data as required. We also use data to enforce our agreements (Terms of Service) and to protect our rights or the rights of other users.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for a related reason that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

3. How We Share and Disclose Information

We understand that your information is important and we treat it with care. We do not sell your personal information to third parties. We only share information in the following circumstances:

  • With Your Discord Guild (User-Directed Sharing): When you use PatchPost to publish a changelog entry, you are choosing to share that content with others in your Discord guild or any other platforms you link. For example, if PatchPost posts an update to a Discord channel, all members of that Discord server who have access to that channel will see the content (including your Discord username as the author if displayed). Similarly, if you use the public API to display changelogs on a website, those entries become visible to whoever can access that site or API. This kind of sharing is under your control – you decide what to publish and where.

  • Service Providers: We may share certain data with third-party service providers who help us operate or support PatchPost. These providers might include:

    • Hosting and Infrastructure: We may use cloud hosting services or data center providers (for example, a VPS or cloud service located in the UK or EU) to store data and run the PatchPost application. These providers process data on our behalf and are obligated to keep it secure and confidential.
    • Storage and CDN: If PatchPost uses an object storage service (like Amazon S3 or similar) for image or file uploads, user-uploaded files may be stored on those servers. We take steps (such as access controls and encryption where applicable) to ensure these third parties protect your data.
    • Analytics or Error Tracking: We might use third-party tools to collect crash reports or performance analytics (for example, a service that captures error logs or user events to help us diagnose issues). These services would receive some system information (and potentially user identifiers or IDs in logs), but we will configure them to avoid collecting any more personal data than necessary. They also would be bound by confidentiality.
    • Discord and API integrations: Technically, Discord is a third-party platform. When PatchPost interacts with Discord’s API (to fetch your guild info or post messages), data is flowing to and from Discord’s servers. Your use of PatchPost therefore inherently involves sharing data with Discord (for authentication and message delivery). This is governed by your relationship with Discord. We only send Discord the information needed to perform the action (like the content of a changelog message when posting it, or your token for verification).
    • Payment Processing: We use Stripe to handle subscription payments. Stripe processes your payment information in accordance with its own privacy policy. We only share your Discord user ID, guild ID and plan details so the transaction can be completed and future renewals or cancellations can be managed.
  • Business Transfers: If in the future NexCore undergoes a business transaction such as a merger, acquisition, or sale of assets, user information (including personal data) might be transferred as part of that deal. If such a transfer happens, we will ensure that your information remains subject to the commitments we’ve made in this Privacy Policy (unless, of course, you consent to new terms). We would also provide notice, for example via the website or other communication, if your data becomes subject to a new privacy policy.
  • Legal Requirements and Protection: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, law enforcement investigation, or regulatory requirement). Additionally, we may disclose information that is reasonably necessary to (i) enforce our Terms of Service or other agreements, (ii) investigate or defend ourselves against third-party claims or allegations, (iii) protect the security or integrity of the Service, and/or (iv) exercise or protect the rights, property, or safety of NexCore, our users, or others. This includes sharing information with law enforcement or authorities if we believe, in good faith, that such disclosure is needed to prevent harm, illegal activities, or to assist in an investigation (for example, reporting fraudulent or abusive activities).

In all cases where we share your data with service providers or third parties, we will only share the minimum amount of information necessary to fulfill the purpose. We also ensure that any third-party agents or service providers we engage are bound by contractual obligations to keep personal information confidential and to use it only for the purposes for which we disclose it to them.

4. Data Storage and Security

Storage Locations: Your data is stored on servers operated by us or our infrastructure providers. We currently host PatchPost in the United Kingdom. However, it’s possible that some data may be processed or stored outside of the UK if we use third-party services (for example, if we use a cloud provider with data centers in the European Economic Area (EEA) or if an image storage service is in the EU). We aim to choose hosting options that are in the UK or EEA when possible. If we ever need to transfer personal data outside of the UK/EEA (to a country not deemed “adequate” by data protection authorities), we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other legal transfer mechanisms, to protect your information.

Data Security: We take reasonable and appropriate measures to protect the personal data we hold from loss, misuse, and unauthorized access or disclosure. These measures include:

  • Using industry-standard encryption (e.g., HTTPS/TLS) to secure data in transit between your device, our Service, and Discord’s API.
  • Limiting access to databases and servers to authorized personnel only, and using authentication tokens/keys for internal service communication.
  • Regularly updating and patching our software dependencies and infrastructure to address security vulnerabilities.
  • Monitoring for suspicious activity or unauthorized access attempts, and employing firewalls or rate-limiting on our APIs.

Despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security. It is important that you also play a role in keeping your data secure. Never share your login credentials, Discord tokens, or API keys with unauthorized people. If you believe your account or data may have been compromised (for example, you suspect someone has gained unauthorized access), please contact us immediately so we can help secure your account.

Data Breach Procedures: In the unlikely event of a data breach that affects your personal data, we will act promptly to mitigate the damage. We will also notify you and any applicable regulators (such as the UK Information Commissioner’s Office) as required by law. Our notification would include information about the nature of the breach, what data may have been affected, and steps we are taking to address it.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of providing the Service, satisfying any legal, accounting, or reporting requirements, or resolving disputes.

  • Account and Guild Data: As long as you have an active account and use PatchPost, we will keep your account-related data (Discord ID, guild links, etc.) so that the Service functions properly. If you cease to use PatchPost or remove the PatchPost bot from your server, your data may remain in our system for a period of time, but we will eventually delete or anonymize it, especially if we detect that you have been inactive for a long duration (for example, 1 year of inactivity).
  • Changelog Content: Content you have created (changelog entries, projects) will be retained until you delete them or request their deletion. If you simply stop using the Service without deleting content, the content might remain stored. If storage or retention becomes an issue, we might purge old content after extensive inactivity (with prior notice if feasible). Keep in mind, content that was posted to Discord will remain on Discord until removed from there, even if we delete our copy.
  • Logs and Backups: Server logs are generally retained for a short period (a few weeks to a few months) for troubleshooting and analysis, after which they are automatically deleted or anonymized. Some logs (like security or audit logs) might be kept longer if necessary for security monitoring. We also maintain encrypted backups of our database and these may contain your data. Backups are rotated and eventually deleted according to our data retention schedule (typically, backups are kept only for a limited time). If we restore a backup for recovery, we only use it for that purpose.
  • Billing Records: Subscription and payment metadata received from Stripe is kept for as long as necessary for accounting or legal obligations. If you cancel a subscription, we retain minimal billing history to comply with these requirements.
  • Legal Holds: If we are required for legal reasons to retain data (for example, as part of an investigation or litigation hold), we will retain the data as long as necessary to comply with our obligations and then delete it when those obligations are fulfilled.

When we delete personal data, we ensure it is securely erased from our active systems. Please note, however, that residual copies might remain in our backup files for a short period until those backups are cycled out, but such copies are safeguarded and eventually overwritten/destroyed as well.

6. Your Rights and Choices

Under data protection laws (including UK GDPR), you have certain rights regarding your personal data. We are committed to upholding these rights. Your principal rights include:

  • Access: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it. This is commonly known as a “Subject Access Request.” We will provide you with a copy of your data in a commonly used electronic format, subject to some exceptions (for example, we may not be able to provide data that includes personal information about another user, or information that is subject to legal privilege).
  • Rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. For example, if your Discord username has changed and we still display an old name in our records, you can request an update (although note that typically our system syncs with Discord, so it should update automatically when you log in again).
  • Erasure: You have the right to request the deletion of your personal data (“right to be forgotten”). You can ask us to erase personal data when it is no longer needed for the purposes for which it was collected, or if you have withdrawn consent (in cases where consent was required), or if you object to processing and we have no overriding legitimate interest in continuing. Note that we cannot delete data that is required for us to comply with legal obligations or for establishing or defending legal claims. Also, deleting your data may mean we can no longer provide you with Service functionality (for instance, if you delete your account data, you will no longer be able to log in or use PatchPost without creating a new account).
  • Restriction of Processing: In certain circumstances, you can request that we limit how we use your data. This might apply if you contest the accuracy of the data (until we verify or correct it), or if you have objected to processing (pending verification of our legitimate grounds), or if processing is unlawful but you don’t want the data erased. When processing is restricted, we can still store your data but not use it further except for limited purposes (like with your consent or for legal reasons).
  • Data Portability: You have the right to obtain the personal data you provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller, where technically feasible. In context, this might mean you could ask for an export of the data you’ve put into PatchPost (such as your changelog entries or project data). We will do our best to provide such exports in a useful format (e.g., JSON or CSV files).
  • Object to Processing: You have the right to object to certain types of processing, especially data processed under legitimate interests or for direct marketing purposes. For example, if we were to send marketing messages (which we currently do not without consent), you could opt-out or object. You can also object if you feel our processing of your data is not justified by a legitimate interest, and we will consider your objection. However, if we have compelling legitimate grounds to continue (or a legal reason), we may still proceed with processing specific data.
  • Withdraw Consent: Where we rely on consent to process your personal information (in cases where we might ask for your consent, such as for an optional feature or for using your email for something), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw consent, we will stop the processing that was based on consent. For example, if you had consented to let us use your email for notifications, you can revoke that and we will stop sending emails (except for essential ones).
  • Subscription Cancellation: You can cancel a premium subscription at any time from the billing page or by contacting us. When cancelled, we instruct Stripe to stop future charges and your premium access remains until the end of the current billing period.

To exercise any of these rights, please contact us (see Contact section below). We may need to verify your identity before fulfilling certain requests (for example, by confirming you own the Discord account in question), to protect your privacy and security. We will respond to your request within one month, as required by law, unless the request is particularly complex (in which case we might inform you that we need more time, up to two further months).

Please note that these rights are not absolute. There are circumstances where we may be legally entitled or required to refuse requests. If we refuse a request, we will explain our reasoning (unless we are legally prevented from doing so).

Finally, if you have unresolved concerns, you have the right to complain to a data protection authority. In the UK, this is the Information Commissioner’s Office (ICO). We encourage you to come to us first so we can try to address your concerns directly, but you are entitled to contact the ICO or your local data protection regulator about any complaints.

7. Children’s Privacy

PatchPost is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13, do not use PatchPost or provide any information about yourself to us. If we learn that we have inadvertently collected personal data from a child under 13 (or under the applicable minimum age in other jurisdictions), we will take steps to delete that information as soon as possible. Since PatchPost relies on Discord, and Discord itself requires users to be at least 13, this situation is unlikely to occur through normal use of the Service.

If you are a parent or guardian and believe that your child under 13 (or a minor under the age of consent in your jurisdiction) has provided us with personal information, please contact us immediately. We will investigate and remove the information and the account if necessary.

8. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time. If we make material changes, we will notify users by updating the "Last Updated" date at the top of this policy and, where significant, by additional means such as a notice on our website/portal or an announcement via our Discord support server. Please review this Privacy Policy periodically to stay informed about how we are protecting your information.

If you continue to use PatchPost after Privacy Policy changes go into effect, it means you have accepted the revised policy. If you do not agree with any updates to the policy, you should stop using the Service and can request that we remove your personal data as outlined above.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please reach out to us. We are here to help and address any issues.

  • Discord: The quickest way to get in touch is via our official NexCore Support Discord server. You can join it here: https://discord.gg/CNhjnDZQ. Feel free to ask for a team member or administrator if you have a privacy question or need assistance with your data.
  • Email: If you prefer email or need to discuss something more formally, you can contact our team at info@crypticredhat.com.
  • Mail: As we are a small UK-based operation (sole trader), we do not list a public office address here for privacy. However, should you need to send us physical correspondence for any legal reason, please reach out via Discord or email to request mailing details, and we will provide an appropriate address.

We will do our best to respond to your inquiry within a reasonable timeframe (typically within a few business days).

By using PatchPost, you acknowledge that you have read and understood this Privacy Policy. Thank you for trusting PatchPost with your community’s changelogs – we value your privacy and are committed to protecting it.