Privacy Policy
How Kissune handles account, gameplay, purchase, support, and security data.
Discord and account data
Kissune handles Discord ID, username, display name, avatar, guild membership, and configured roles to authenticate players, connect server identity, provide permissions, and operate the service.
Profile and gameplay data
Kissune stores profile settings, cards, exact copies and prints, collections, albums, currencies, cooldowns, cosmetics, subscriptions, and event activity so the bot and website can operate as one account.
Payments and orders
Kissune stores Stripe customer, order, subscription, invoice, refund, and delivery status. Stripe processes card payments; Kissune does not receive complete payment-card numbers.
Support and custom requests
Kissune stores support messages, privacy requests, custom-asset requests, request history, staff notes, and submitted reference images to provide support and complete requested work.
Sessions, security, and infrastructure
Kissune uses essential signed session cookies, OAuth state, security logs, audit records, and IP or device information supplied by infrastructure providers for login, abuse prevention, diagnostics, and service security.
Service providers
Kissune uses Discord, Stripe, MongoDB Atlas, AWS/S3, the configured CDN, and website hosting providers. These providers process data under their own terms and privacy practices as needed to deliver their services.
No sale or targeted advertising
Kissune does not sell personal information and does not use targeted-advertising trackers.
Access, correction, and deletion
Signed-in players can submit access, correction, deletion, or account-support requests below. Requests may also be sent to privacy@kissune.cc. Kissune verifies account control before acting on sensitive requests.
Retention
OAuth state is retained for about 10 minutes and signed website sessions for 7 days. Account and game data remains while active, then is deleted or anonymized within 30 days of an approved deletion request. Completed custom-request reference images are deleted within 90 days unless earlier deletion is requested. Closed support and privacy requests, security logs, and audit records are normally retained for 24 months. Financial, order, refund, and grant records are retained for seven years or the period applicable law requires. Backups expire within 90 days.
Children
Kissune is not for children under 13 and does not intentionally collect their personal information. If Kissune learns that data from a child under 13 was collected, it will take appropriate steps to delete it and restrict the account.
Policy changes
Kissune versions this Privacy Policy and displays its last-updated date. Material changes may require renewed acknowledgement where appropriate.
Contact
Privacy questions and requests can be sent to privacy@kissune.cc. This is an operational policy draft and must receive qualified legal review before live payments are enabled.