Hoorks Privacy Policy
This policy explains what data Hoorks collects, why it is needed, and how it is used to connect Roblox servers with Discord securely.
Part 1: Summary
Hoorks collects only the data required to authenticate administrators, record Roblox purchase events, and send notifications to Discord. We do not collect payment card data, bank details, or player emails.
Part 2: Full privacy policy
1. Information we collect
| Category | Specific data | Source | Purpose |
|---|---|---|---|
| Admin account | usernamepassword hash (bcrypt)admin idcreated_at | Entered by the administrator | Create and authenticate the admin account and secure dashboard access. |
| Session and cookies | rdb_session cookie (JWT with adminId and username)24h expiration | Generated by the server | Maintain admin sessions and protect restricted routes. |
| API keys | labelSHA-256 hashcreated_atrevoked statusraw key shown once | Generated in the admin dashboard | Authenticate game server requests and allow key revocation. |
| Roblox transactions | userIdproductIdgamepassId (optional)isAGiftgifterId (optional)amountuniverseIdplaceIdtransactionIdtimestampitemTypecreated_at | Roblox game servers via API | Record purchases, display analytics, and send Discord notifications. |
| Discord webhook | webhook URLtest timestampdelivery status | Entered by the administrator | Send real-time purchase notifications to Discord. |
| Technical data | IP address (rate limiting)request headershosting logs | Collected automatically | Security, abuse prevention, and technical troubleshooting. |
Note: Hoorks does not request player emails, payment cards, or sensitive personal data.
2. How we collect data
Data comes from three sources: (1) administrator input in the dashboard (setup, login, API keys, webhook), (2) purchase events sent by Roblox game servers through the Hoorks API, and (3) technical data collected automatically by the hosting infrastructure for security and stability.
3. How we use data
4. Legal basis for processing[⚠️ LEGAL REVIEW REQUIRED]
Typical legal bases include contract performance (providing the service), legal obligations, legitimate interests (security), and consent for any non-essential processing. Confirm the applicable basis with legal counsel.
6. International data transfers[⚠️ LEGAL REVIEW REQUIRED]
Data may be processed in regions outside a user location depending on provider infrastructure. Ensure appropriate transfer mechanisms (e.g. SCCs) if GDPR applies.
7. Data retention
Hoorks retains data for as long as it is needed to provide the service:
- Admin data and API keys: until revoked or removed.
- Transactions: retained until removed by the administrator.
- Discord webhook: stored until replaced or removed.
- Rate-limit IP data: stored in memory for the window duration.
[⚠️ LEGAL REVIEW REQUIRED] Define exact retention periods based on jurisdiction and tax obligations.
8. User rights[⚠️ LEGAL REVIEW REQUIRED]
Depending on jurisdiction, users may have the right to:
- Access to personal data and a copy of the data
- Correction of inaccurate information
- Deletion or restriction of processing
- Data portability
- Opt-out of marketing (if enabled)
- Lodge a complaint with a supervisory authority
Requests can be sent to: devmirkoo@gmail.com or @devmirko on Telegram or Discord.
10. Security
Data is protected with credential hashing, signed JWTs, SHA-256 API keys, and rate limiting. No system is fully secure, but we apply reasonable safeguards to reduce risk.
11. Children's privacy[⚠️ LEGAL REVIEW REQUIRED]
Hoorks is intended for server operators and is not designed for direct use by children. Confirm any COPPA or local obligations if minors are involved.
12. Contact
Privacy contact: devmirkoo@gmail.com. Telegram or Discord: @devmirko.
13. Policy changes
If we make material changes, we will provide notice in the dashboard or via official project channels.