TOPSPAWN

Privacy Policy

Last updated: March 7, 2026

1. Data Controller

The data controller for personal data collected on the topspawn.com website is TOPSPAWN.

DPO contact: contact@topspawn.com

2. Data Collected

In the course of operating the service, we collect the following data:

  • Account data: email address, username, password (hashed)
  • Profile data: profile picture (optional)
  • Server data: name, IP/domain, description, images, tags
  • Technical data: IP address (for votes and anti-spam purposes), user agent
  • Contact data: name, email, message (via the contact form)

3. Purposes of Processing

Your data is processed for the following purposes:

  • User account management and authentication
  • Directory operation (server publication and display)
  • Voting system (one vote per IP every 2 hours to prevent abuse)
  • Anti-spam and abuse prevention (Cloudflare Turnstile, rate limiting)
  • Responding to contact requests
  • Audience analytics (with consent)

4. Legal Basis

  • Contract performance: account management, server publication
  • Legitimate interest: website security, anti-spam, vote fraud prevention
  • Consent: analytics cookies (Google Analytics)

5. Retention Periods

  • Account data: retained for as long as the account is active, then deleted within 30 days of a deletion request
  • Vote IP addresses: retained for 2 hours for anti-abuse purposes
  • Contact messages: retained for a maximum of 12 months
  • Technical logs: retained for a maximum of 12 months

6. Cookies and Trackers

The website uses the following cookies and trackers:

  • Essential cookies: authentication session (Supabase Auth), anti-spam protection (Cloudflare Turnstile). These cookies are necessary for the website to function and do not require consent.
  • Analytics cookies: Google Analytics 4 (GA4), enabled only with your consent. These cookies allow anonymized measurement of website traffic.

You may manage your cookie preferences at any time via the consent banner or your browser settings.

7. Hosting and Sub-processors

Your data is hosted by:

  • Vercel Inc. website hosting (United States, compliant with EU standard contractual clauses)
  • Supabase Inc. database, authentication and storage (servers in the European Union)
  • Upstash Redis cache for rate limiting (European Union)
  • Cloudflare anti-spam protection via Turnstile
  • Stripe Inc. payment processing (premium subscriptions). Stripe is responsible for processing your banking data in accordance with its own privacy policy.

8. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act, you have the following rights:

  • Right of access: obtain a copy of your personal data
  • Right of rectification: correct inaccurate or incomplete data
  • Right of erasure: request deletion of your data and account
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to the processing of your data on legitimate grounds
  • Right to restriction: request restriction of the processing of your data

To exercise these rights, please contact us at contact@topspawn.com. We will respond within 30 days.

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés — French data protection authority).

9. Security

We implement appropriate security measures to protect your data:

  • HTTPS encryption across the entire website
  • Passwords hashed using secure algorithms (bcrypt)
  • Authentication via secure JWT tokens
  • Protection against CSRF and XSS attacks
  • Rate limiting to prevent abuse

10. Amendments

We reserve the right to amend this privacy policy at any time. Any material changes will be communicated via a notice on the website. The last updated date is shown at the top of this page.

11. Contact

For any questions regarding the protection of your personal data, please contact our DPO at contact@topspawn.com.