← soul.lol

Privacy Policy

Last updated: 3 June 2026

1. Who We Are

soul.lol is a biolink profile platform. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For data privacy queries, contact: [email protected]

2. Data We Collect

Account data: Username, email address, password hash (managed by Clerk), Discord OAuth tokens (if connected), display name, bio, avatar.

Technical data: IP address at registration and last login, browser user agent, referrer URL.

Profile content: Links, appearance settings, badges, audio, images, and other content you add to your profile.

Analytics: Visitor IP addresses and referrers for your profile page (aggregated view counts visible to you).

Payment data: Processed by Stripe. We store Stripe payment intent IDs, amount, and status. We do not store card details.

Casino data: Game history and S$ balances (virtual currency, no monetary value).

3. Legal Basis for Processing

  • Contract: To provide the soul.lol service you signed up for
  • Legitimate interests: Security, fraud prevention, abuse detection
  • Legal obligation: Compliance with applicable laws
  • Consent: Optional features such as analytics sharing

4. How We Use Your Data

  • To create and maintain your account and profile
  • To process premium purchases via Stripe
  • To detect and prevent fraud, abuse, and spam
  • To provide aggregate view analytics on your dashboard
  • To send transactional emails (purchase receipts, ban notices) via Resend

We do not sell your personal data to third parties.

5. Data Sharing

We share data only with the following third-party processors where strictly necessary:

  • Clerk: authentication and user management
  • Stripe: payment processing
  • UploadThing: file storage (avatars, background media)
  • Resend: transactional email delivery
  • STRIX VPS: server hosting (data stored in EU)

6. Data Retention

Your account data is retained while your account remains active. Upon account deletion, we delete your profile, links, and personal data within 30 days. Analytics data (visitor counts) is retained for 90 days. Payment records are retained for 7 years for legal compliance.

7. Your Rights (UK GDPR)

You have the right to:

  • Access: request a copy of your personal data (Data Subject Access Request)
  • Rectification: correct inaccurate data
  • Erasure: request deletion of your data ("right to be forgotten")
  • Portability: export your data in a machine-readable format (available in Settings)
  • Restriction: restrict processing of your data in certain circumstances
  • Objection: object to processing based on legitimate interests

To exercise any right, contact [email protected]. You may also lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

soul.lol uses strictly necessary cookies for authentication (managed by Clerk) and session management. We do not use advertising or tracking cookies. No consent banner is shown as we only use functional cookies.

9. Security

All data is transmitted over HTTPS/TLS. Passwords are hashed and managed by Clerk (never stored in plaintext). Payment data is processed directly by Stripe and never touches our servers. We apply security headers, rate limiting, and access controls throughout the platform.

10. Children

soul.lol is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has registered, please contact [email protected] for immediate account removal.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via the platform. Continued use after changes constitutes acceptance.

12. Contact

Data privacy enquiries: [email protected]