Privacy Policy

rebzyyx.site is a community-owned platform managed by Xnti (founder, main owner, developer) and Rebzyyx (secondary owner, main artist). This is not a registered company, but an independent community project.

Data Controller: Xnti
Support Response Times: <10 minutes during working hours (Polish timezone). Maximum 1 hour during off-hours. If we don't respond or you need to leave, you can return to the same support ticket anytime to continue the conversation.

We collect the following categories of personal data:

• Discord OAuth Data: User ID, username, email address (provided via Discord authentication)
• Profile Data: Bio, avatar URL, profile visibility settings
• Listening Data:
  • Spotify listening events (artist name, track title) — only if you have Spotify connected to your Discord account AND are a member of our Discord server
  • Rebzyyx Archive listening events (song ID, timestamp, listen count)
• Authentication Tokens: Persistent authentication tokens stored in browser cookies (secure, HTTP-only, SameSite=Lax)
• Contribution Data: Rebzyyxpedia edits, additions, and community reactions you create
• Activity Logs: Login timestamps, action history on the platform

Storage:

• User data is stored in MongoDB (cloud database) and JSON file backups
• Session cookies store authentication tokens (encrypted)

Security Measures:

• Authentication tokens expire after 30 days (refresh tokens) and 1 hour (access tokens)
• Cookies are marked as Secure (HTTPS only) in production and use SameSite=Lax protection
• All Discord API communication uses HTTPS/TLS encryption
• Database backups are maintained for disaster recovery
• Only authenticated, authorized users can access the platform

Data Retention:

• Account data is retained as long as your account exists
• Listening history is retained indefinitely (can be requested for deletion)
• Authentication tokens expire automatically
• Upon account deletion, most personal data is removed instantly (see "Your Rights" section for exceptions)

We use your data for the following purposes:

• Authenticate and maintain your account securely
• Display your profile, contributions, and activity history
• Track music listening statistics (personal analytics)
• Store and manage your Rebzyyxpedia contributions
• Display your reactions and interactions on content
• Enforce community rules and prevent abuse/spam
• Improve platform features and user experience
• Generate community statistics and leaderboards

We do NOT:

• Sell your data to third parties
• Share personal data with external analytics companies
• Use your data for marketing or advertising purposes
• Share listening data with Spotify beyond what Spotify already knows

What cookies we use:

• Authentication Cookie: Named "token" — stores your encrypted session token to keep you logged in. Expires after 30 days of inactivity or when you log out.
• Legacy Cookies: "access_token" and "refresh_token" (for backward compatibility) — cleared on logout

What we DON'T track:

• No external analytics services (Google Analytics, Mixpanel, etc.)
• No tracking pixels or beacons
• No third-party cookies
• No behavioral tracking across websites

Opting out: You can disable cookies in your browser settings, though this may prevent login functionality.

Discord API: When you sign in with Discord, we share your Discord ID and username with Discord's servers for authentication. Discord's Privacy Policy applies to their processing of this data.

Spotify API: If you have Spotify connected to your Discord account and are in our server, we send your listening data to our database. Spotify does not have access to this data directly — we only collect what Discord exposes about your Spotify activity. Spotify's Privacy Policy governs Spotify's handling of your data.

No other third-party sharing: We do not share your personal data with any other external services.

You have the following rights:

• Access Your Data: You can request a copy of all your personal data. Use the "Export Data" option in your account settings or contact support.
• Delete Your Account (Instant): Delete your account in account settings → account deletion. This immediately removes:
  • Your user profile and authentication tokens
  • Your personal listening statistics
  • Your account credentials and settings
• Delete Specific Data: Contact support at rebzyyx.site/support (live chat) to request removal of:
  • Your listening history
  • Your Rebzyyxpedia edits and contributions
  • Your reactions and comments
• Opt Out of Spotify Tracking: Leave our Discord server at any time to stop collection of your Spotify listening data. Already-collected data can be deleted via support chat.
• Response Times: Support requests are typically handled in <10 minutes during working hours (Polish timezone) or max 1 hour during off-hours.

This platform is not intended for users under 13 years of age. If you are under 13, you may not use this service. Users under 18 should have parental consent. If we become aware that a child under 13 is using this service, we will delete their account and data.

If we discover a data breach or unauthorized access to your personal information, we will:

• Notify affected users as soon as possible via email or Discord
• Describe the nature and scope of the breach
• Recommend immediate steps (e.g., change passwords)
• Explain what we're doing to prevent future incidents

We may update this privacy policy at any time. Material changes will be posted here with a new "last updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy. We will notify users of significant changes via email or Discord announcement.

Privacy Questions or Data Requests:

• Support Chat: rebzyyx.site/support (fastest response, <10 min in working hours)
• Discord: Join our server and create a support ticket
• Direct Contact: Email or message Xnti (founder) in Discord