1. Introduction
UhFidler International ("Company," "we," "us," "our") operates ERLC Directory at erlcglobal.com/directory (the "Service"). This Privacy Policy describes how we collect, use, store, share, and protect information when you use the Service. By using the Service, you agree to the practices described here. This Policy is incorporated into and forms part of our Terms of Service.
2. Information We Collect
2.1 From Discord (OAuth)
When you sign in with Discord, we receive and store:
- Your Discord user ID, username, and global avatar hash
- An OAuth access token and refresh token (used to verify Discord-server ownership when you claim an organization)
- The list of Discord guilds you are a member of (queried at the time of an org claim, not stored persistently in raw form)
2.2 You Provide Directly
If you create an organization or edit your profile, we collect:
- Profile bio text
- Organization name, description, slug, and logo URL (logo is sourced from your claimed Discord server's icon)
- The Discord guild ID you designated as your org's home
- Member invitations (you invite a directory user; they may accept or reject)
2.3 From Stripe (if you subscribe)
If you purchase a Verified Organization subscription, Stripe processes the payment. We receive and store the Stripe customer ID and subscription ID for billing reference. We never see, store, or transmit your full card details — those go directly from your browser to Stripe's PCI-compliant infrastructure.
2.4 From Alt Central (Club33 lookup)
To grant the free verification path for active Club33 members, our hourly cron job queries the Alt Central licenses database for your Discord ID and reads only the Club33 plan status and expiry date. No other license fields are read or stored on the Directory side.
2.5 Operational / Technical Data
Cloudflare (our hosting provider) collects standard request logs (IP address, user-agent, request path, response status). These logs are managed by Cloudflare under their privacy policy and are used for fraud prevention and infrastructure operation. We do not store IPs in our application database.
2.6 What We Do NOT Collect
We want to be explicit about categories of data we do not collect:
- Your Discord password
- Your Discord email address (Discord OAuth scope `identify` does not return email by default; we do not request the `email` scope)
- Direct message contents on Discord
- Card numbers, CVCs, or full payment instrument data (Stripe holds these)
- Browsing history outside this Service
- Biometric data
- Precise geolocation
3. How We Use Your Information
- To authenticate your session via signed cookies
- To verify your ownership of a claimed Discord server at org-claim time
- To render your public profile and any organization pages you participate in
- To process subscriptions, billing, and verification status
- To detect and prevent fraud, impersonation, abuse, and Terms violations
- To debug operational errors and improve the Service
- To comply with legal obligations and respond to lawful requests
We do not use your data for behavioral advertising, profiling for purposes unrelated to the Service, or sale to any third party.
4. Where Data Is Stored
Application data is stored on Supabase infrastructure (Postgres on AWS), region us-west-2. Static pages and Pages Functions are served via Cloudflare Pages. Payment data is stored by Stripe. All transmission uses HTTPS / TLS 1.2+. Database access is gated by row-level security and service-role keys held only by Cloudflare Pages Functions.
5. Sharing and Disclosure
We do not sell, rent, or trade your personal information to any third party. We may share data only in these limited circumstances:
- Service providers: Cloudflare (hosting, edge), Supabase (database), Stripe (payments), Discord (authentication). Each receives only the minimum data required for their function and is contractually bound to protect it.
- Legal: If required by law, subpoena, or court order, or where we believe disclosure is necessary to protect rights, property, safety, or to comply with a legal obligation.
- Business transfer: In a merger, acquisition, or asset sale, your information may transfer as part of the transaction. We will notify users of such a change where practicable.
- With your consent: When you explicitly authorize sharing.
6. Public Information
Some information is intentionally public on the Service: your handle, Discord username, avatar, profile bio, organizations you own, and confirmed members of those organizations. Anything published to a profile or org page is visible to anyone visiting the Service. Do not publish information you would not want public.
7. Data Retention
We retain personal information for as long as your account exists plus a reasonable period thereafter to comply with legal obligations and resolve disputes. You may request deletion of your account and associated data at any time via the contact channels in Section 11. Deletion is processed within thirty (30) days, subject to legal retention requirements (e.g. financial records for completed transactions). Audit-log entries referencing administrative actions on your account may be retained in pseudonymized form for fraud-prevention purposes.
8. Your Rights and Choices
Subject to your jurisdiction, you may have the rights to:
- Access — request a copy of personal data we hold about you
- Correction — request that we correct inaccurate information
- Deletion — request that we erase your data, subject to legal retention requirements
- Portability — request a machine-readable export
- Object / restrict processing — for processing based on legitimate interests
- Withdraw consent — where processing relies on consent
To exercise any of these rights, contact us per Section 11. We respond to verified requests within thirty (30) days. We will not charge a fee for reasonable requests.
9. Children's Privacy
The Service is not directed to children under thirteen (13), consistent with Discord's age policy. We do not knowingly collect information from children under thirteen. If we become aware that a child under thirteen has provided personal information, we will delete it and terminate the associated account. Parents or guardians who believe a child has provided us information may contact us at the channels below.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will: (a) update the Effective Date at the top of this document, and (b) notify you through the Service or our Discord server. Continued use of the Service after the effective date constitutes acceptance.
11. Contact
For privacy-related questions, requests, or complaints:
UhFidler International
Discord: discord.gg/altingcentral
Web: uhfidlerinternational.com
This Privacy Policy is governed by the laws of the State of Wyoming, USA. Any disputes are subject to the binding arbitration and class action waiver provisions in Section 14 of our Terms of Service.