Privacy Policy

Categories Of Processing

• Access data, security logs, and operational metadata generated when the site is requested.
• Account and profile data such as username, email address, provider user ID, avatar, and privacy settings.
• Emote-related data such as identifiers, tags, license selection, uploads, public/private visibility, moderation results, and optimized derivatives.
• Community interaction data such as favorites, download events, and creator profile activity.
• Support or abuse-report information you send to us by email or through other direct contact channels.

Access Logs, Hosting, And Delivery

When you access myEmotes, technical request data can be processed to deliver the website, maintain stability, defend against abuse, and investigate incidents. This may include IP address, date and time of the request, requested path, referrer, browser information, device information, and server-side log entries.

The website is operated on our own application infrastructure and may be delivered through supporting network and security services, including Cloudflare when active. The legal basis is generally our legitimate interest in secure and reliable website delivery under Article 6(1)(f) GDPR.

We keep such data only for as long as required for operational security, troubleshooting, and legal defense, unless longer retention is necessary due to abuse prevention or legal obligations.

Account Creation And Social Login

myEmotes currently supports sign-in through third-party identity providers such as Discord, Google, and Twitch. When you choose one of these options, we receive the account data that the provider makes available to us for authentication and account creation, typically including a provider user ID, username or display name, email address, verification status, and avatar image.

If you sign in through Discord, the application may also check Discord guild role information to synchronize internal account roles. Depending on the current configuration, a login through Discord may also trigger an automated server-join flow that uses the access token granted during sign-in.

The legal basis is Article 6(1)(b) GDPR where processing is necessary to provide the account and login function you requested, and Article 6(1)(f) GDPR where processing serves account security or role synchronization.

Public Profiles, Uploaded Emotes, And Community Visibility

If you create an account, upload emotes, or enable a public creator profile, parts of your account and content can become publicly visible on myEmotes. This may include your username, profile image, biography, published emotes, licenses, tags, and related metadata, depending on your privacy settings and the visibility state of the content.

Public content may be crawled by search engines, cached by third parties, or referenced by direct links. Removing or changing the visibility of content on myEmotes does not automatically remove copies already indexed or cached outside our systems.

The legal basis is generally Article 6(1)(b) GDPR for the requested publishing function and Article 6(1)(f) GDPR for the operation and discoverability of the service.

Upload Processing, Moderation, And Technical Derivatives

Uploaded files are processed to normalize images, run virus checks, create platform-specific derivatives, generate technical metadata, and support duplicate or similarity review. This may include the original uploaded file, converted image versions, optimized downloads for platforms such as Discord, Twitch, Slack, or WhatsApp, and similarity embeddings derived from the file content.

myEmotes also uses automated moderation workflows to detect unsafe or unsuitable content. Based on the current production configuration, moderation can involve OpenRouter and downstream model providers such as Google Vertex AI and xAI for image or media safety classification. These providers may receive image or video payloads and limited contextual metadata needed for moderation.

The legal basis is Article 6(1)(b) GDPR where processing is necessary to provide the upload service, and Article 6(1)(f) GDPR for service integrity, safety, abuse prevention, and duplicate detection.

Downloads, Favorites, And Usage Signals

When users download an emote, we record the event to maintain download statistics and popularity ranking. Download records may be associated with a signed-in user account where available, or stored without a user relation if the download is made without an authenticated account.

To protect the platform against automated bulk downloads and abusive traffic, myEmotes may apply technical safeguards such as request throttling and, where risk signals indicate unusual download behavior, a Cloudflare Turnstile verification step. In that case, technical request data and the verification response are processed to decide whether the download flow may continue.

If you favorite an emote while logged in, we store the relationship between your account and that emote so the feature works on your profile. The legal basis is Article 6(1)(b) GDPR for requested service functionality and Article 6(1)(f) GDPR for internal analytics limited to operating the platform.

Cookies And Similar Storage

myEmotes uses essential cookies and similar storage primarily to keep login sessions active, protect forms, and operate account-related features. Optional categories remain disabled unless you actively enable them through the consent controls.

More detail is available on the Cookie Settings page. Cookie Settings.

Contact Requests And Security Reports

If you contact us by email or report abuse, copyright concerns, or security issues, we process the information you provide to evaluate and respond to the request. This typically includes your email address, message content, related URLs, and any attachments or screenshots you send.

The legal basis is Article 6(1)(f) GDPR for handling support, abuse, and security matters, and Article 6(1)(c) GDPR where legal retention or compliance obligations apply.

Recipients And Service Providers

Depending on the feature you use, personal data can be disclosed to carefully selected service providers or external platforms acting as processors or independent controllers.

• Discord OAuth
• Google OAuth
• Twitch OAuth
• OpenRouter
• Your selected login provider when you actively use social sign-in.
• Email, hosting, infrastructure, or security providers where necessary to operate the service lawfully and securely.
• Cloudflare, where used for delivery, abuse prevention, or Turnstile verification in suspicious download situations.

Where providers act as processors, they are engaged under appropriate contractual safeguards where required.

Retention

We retain personal data only for as long as needed for the purposes described in this policy, including account management, platform operation, abuse prevention, legal defense, and statutory retention obligations.

• Account data is generally retained while your account remains active and for a limited follow-up period where necessary.
• Public content may remain visible until you delete it, hide it, or the account is disabled, subject to technical backups and external caching.
• Security, access, and incident logs are retained according to operational necessity and legal requirements.
• Records may be kept longer where legal claims, abuse investigations, or statutory duties require it.

Your Rights

Subject to the applicable legal requirements, you may have the right to request access to your personal data, rectification, erasure, restriction of processing, data portability, and objection to certain processing. Where processing is based on consent, you may withdraw that consent with effect for the future.

You also have the right to lodge a complaint with a supervisory authority. The currently designated supervisory authority for this legal notice is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf, [email protected]

Changes To This Policy

We may update this Privacy Policy when legal requirements, technical integrations, or platform features change. The current version published on this page applies from the date it is made available on myEmotes.