Privacy Policy

This Privacy Policy explains how Downbad DayZ ("Downbad", "we", "us", or "our") collects, uses, shares, and protects personal information when you use our services. By "services" we mean everything we operate under the Downbad DayZ name, including:

• Our game servers on DayZ (EU1, EU2, Redux, US1, US2, Originz, and any future servers);
• Our Discord community server;
• Our website and store at downbaddayz.com and store.downbaddayz.com;
• Our community web application (leaderboards, achievements, The Book, DB Duels, the bounty board, the store, map voting, and related features);
• Our ticket and moderation systems; and
• Any anti-cheat or fair-play investigation activities we carry out in connection with the above.

We are committed to handling your information lawfully, fairly, and transparently in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Downbad DayZ is operated as a sole trader business based in the United Kingdom and registered with the UK Information Commissioner's Office (ICO). Our ICO registration number is available on request. For any questions about this policy, your personal data, or to request the identity of the data controller, contact us at: [email protected].

The information we collect depends on which of our services you use.

3.1 When you join our Discord

• Your Discord user ID, username, and any server-specific nickname or roles
• Messages you post in our channels (held by Discord on our behalf)
• Tickets you open and the contents of those tickets
• Any information you voluntarily share with staff during a ticket or investigation

3.2 When you play on our game servers

• Your Steam ID and Steam username
• Your in-game character name and gameplay activity (kills, deaths, events captured by the server, chat messages where applicable)
• Connection information including IP address and session times, as recorded by our server hosting and by CFTools
• Map locations relevant to gameplay events
• Any information generated by anti-cheat systems while you are connected

3.3 When you use our community web app

• Authentication information from Steam and/or Discord (via OAuth) — we receive your Steam ID, Discord ID, and public profile information; we do not receive your password
• Activity within the app (DB Points balance, achievements, cosmetics, store purchases, sportsbook activity, duels, bounty board activity, map votes, leaderboard position)
• Technical information such as IP address, browser type, device type, and pages visited

3.4 When you purchase from our store

• Name and email address as provided to PayPal or Stripe at checkout
• Transaction ID and purchase details
• We do not receive or store your full payment card details — these are handled exclusively by PayPal and Stripe

3.5 When you are subject to a moderation investigation

• Records of suspected rule violations and the evidence supporting them
• Ticket transcripts
• Notes made by staff during the investigation
• Screenshots taken by staff where relevant to the investigation
• Where you voluntarily run Echo (an external anti-cheat scanning tool) at our request, the resulting scan report. The scan itself is held by Echo, not by us — see section 6.

3.6 What we do not collect

We do not collect special category data (such as health information, ethnicity, political opinions, or sexual orientation). We do not knowingly collect personal data from children under 13.

We use your information for the following purposes. For each, we identify the lawful basis under Article 6 UK GDPR.

• Providing access to our game servers and community — Legitimate interests (running our community)
• Operating the Discord server, ticket system, and community web app — Legitimate interests (running our community)
• Investigating suspected cheating, ban evasion, exploits, and rule violations — Legitimate interests (protecting fair play and server integrity)
• Enforcing bans and preventing banned users from returning — Legitimate interests (protecting our community); establishment, exercise or defence of legal claims
• Communicating with you about your account, tickets, or purchases — Legitimate interests / contract
• Processing store purchases — Contract
• Complying with legal obligations (such as responding to lawful requests from authorities) — Legal obligation
• Improving and securing our services — Legitimate interests

Where we rely on legitimate interests, we have considered your interests and rights and concluded that our processing is necessary and proportionate to the purpose. You have the right to object — see section 9.

We keep personal data only for as long as we need it.

• Active community member data (Discord ID, Steam ID, in-game profile, web app data): for as long as you remain a member of the community, plus a reasonable period afterwards for record-keeping.
• Game server logs: typically retained by CFTools and our hosting provider for limited periods set by them.
• Ticket transcripts: retained for as long as needed for community administration and reference, typically up to several years.
• Ban records and supporting evidence: retained indefinitely while a ban is in effect, in order to enforce that ban and prevent ban evasion. This includes Steam IDs, Discord IDs, ticket transcripts, screenshots, and investigation notes.
• Store transaction records: retained as required by tax and accounting law (typically six years).

Where we no longer need information, we delete or anonymise it.

Some of the services we use are operated by third parties, who are independent controllers or processors of your personal data. We do not control their systems, retention periods, or internal handling.

• Discord: hosts our community server. See: https://discord.com/privacy
• Steam (Valve): authentication and gameplay identity. See: https://store.steampowered.com/privacy_agreement/
• CFTools: game server administration, logs, anti-cheat information, and player records. See: https://cftools.com/legal/privacy-policy
• Echo: third-party anti-cheat scanning tool that is only used where a member is asked to run it as part of a moderation investigation, and only with their cooperation. Echo holds the scan data itself. See: https://echo.ac/legal/privacy
• PayPal: payment processing for store purchases. See: https://www.paypal.com/uk/legalhub/privacy-full
• Stripe: payment processing for store purchases. See: https://stripe.com/privacy
• Supabase: database hosting for our community web app.
• Netlify: hosting for our website and community web app.
• Our DayZ server hosting provider: game server infrastructure.

For any data held by these third parties, you should contact them directly to exercise your rights in respect of the data they hold.

Some of the third parties listed above are based outside the UK, including in the United States and the European Economic Area. Where we or our third parties transfer your data internationally, we rely on the safeguards offered by those providers, including Standard Contractual Clauses and/or UK adequacy decisions where applicable.

We use technical and organisational measures to protect your information, including access controls on our admin systems, HTTPS on our websites, and role-based permissions in Discord and our web app. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access: to ask for a copy of the personal data we hold about you.
• Right to rectification: to ask us to correct inaccurate data.
• Right to erasure: to ask us to delete your data, subject to the limits below.
• Right to restrict processing: to ask us to limit how we use your data in certain circumstances.
• Right to object: to object to processing based on legitimate interests.
• Right to data portability: where applicable.
• Right to withdraw consent: where we rely on consent (which is rarely our lawful basis).

To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month, although in complex cases we may extend this by up to two further months.

Limits on these rights. Some of these rights are not absolute. In particular:

• We are entitled to refuse erasure or objection requests in respect of data we retain for the establishment, exercise, or defence of legal claims, or where we have an overriding legitimate interest (for example, ban enforcement and prevention of ban evasion).
• We are entitled to withhold information from a subject access response where disclosure would adversely affect the rights of others (such as other community members or staff), or where an exemption under Schedule 2 of the Data Protection Act 2018 applies, including in particular our interest in preventing and detecting cheating and ban evasion.
• We do not disclose internal moderation or anti-cheat methods, as doing so would prejudice the purposes for which the information was collected.

Our websites use cookies and similar technologies for authentication, session management, and basic analytics. You can disable cookies in your browser, but parts of our services may not work properly without them.

Our services are not directed at children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take appropriate steps to remove it.

We may update this Privacy Policy from time to time. Changes will be posted here with the "Last updated" date revised accordingly. Significant changes will also be announced in our Discord.

If you are unhappy with how we have handled your personal data, we would like the chance to put it right — please contact us first at [email protected].

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: https://ico.org.uk/make-a-complaint/
• Helpline: 0303 123 1113

For any questions about this policy, your data, or to exercise any of your rights, contact us at: [email protected].