Privacy Policy

Last updated: December 2025

1. Introduction

This Privacy Policy explains how OTSafeTrade (“we”, “our”, “the platform”) collects, uses and protects your personal data when you use this website.

OTSafeTrade is a privately operated hobby project and not a commercial company. We still aim to respect your privacy and comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) for users in the EEA.

By using the platform, you agree to this Privacy Policy.

This policy may be changed at any time without notice. It is the users' responsibility to regularly educate oneself of the contents of our policies.

2. Data Controller & Contact

The data controller for this website is the private operator of OTSafeTrade. If you have questions or requests regarding your data, please open a support ticket on our Discord-server.

3. Data We Collect

3.1 Account Data

• Username
• Email address
• Password hash (never the plain password)
• Email notification preferences
• Account creation date

3.2 Usage & Security Data

• IP address (e.g. during registration or login attempts)
• Timestamps of registration, logins, and certain actions
• Reputation actions (who gave rep to whom and when)
• Dispute-related information you choose to submit
• Internal moderation notes in case of rule violations

3.3 KYC / Identity Verification Data (Optional)

If you choose to complete KYC verification, we may collect:

• ID document images
• Full legal name
• Other information you voluntarily provide as part of verification

KYC is optional but may be required for certain trust features (e.g. “Verified Seller”).

3.4 Communication Data

• Messages sent through the platform (e.g. notifications, offers, disputes)
• Emails you send to our support address

4. Purposes and Legal Bases

We process your data for the following purposes and legal bases (under GDPR):

4.1 To Provide and Manage Your Account

• Creating and maintaining your user account
• Allowing you to log in and use the platform

Legal basis: Performance of a contract / steps prior to entering a contract.

4.2 Platform Features

• Listing and browsing characters
• Reputation system
• Profile comments and disputes

Legal basis: Performance of a contract and our legitimate interest in operating a community platform.

4.3 Security, Abuse Prevention & Rate-Limiting

• Limiting one registration per IP per 24 hours
• Preventing bots, spam, and abusive behavior
• Investigating suspected rule violations

Legal basis: Legitimate interest in securing the platform and its users.

4.4 Email Notifications

• Account verification emails
• Security-related emails (e.g. important changes)
• Optional notifications and updates as per your preferences

Legal basis: Performance of a contract and/or your consent for optional emails.

4.5 Legal and Safety Reasons

In rare cases, we may process or disclose data to comply with applicable laws or to assist law enforcement in case of serious fraud, crime, or legal investigations.

Legal basis: Legal obligation and/or legitimate interest.

5. Cookies & Tracking

We use a minimal amount of cookies necessary for the platform to function:

• Session cookie – required to keep you logged in while you browse the site.

We do not use:

• Analytics cookies (e.g. Google Analytics)
• Advertising or tracking cookies
• Third-party marketing trackers

6. Data Retention

• Account data: kept as long as your account is active. If you request account deletion, we delete or anonymize your data where possible, subject to limited technical/log/legal needs.
• IP logs for registration / security: kept for approximately 24 hours for rate-limiting and abuse prevention, then deleted or overwritten.
• KYC data: kept as long as your account is active, and deleted within 1 month after account closure.
• Reputation & disputes: may be stored as long as the account exists or as long as reasonably necessary for community trust and moderation.

7. Data Sharing

We do not sell your personal data.

We may share data with:

• Hosting provider – to operate the server and database that runs OTSafeTrade.
• Email service provider (SendGrid) – to send transactional emails such as verification messages and account notifications.
• Authorities / law enforcement – only if we are legally required to do so or if serious abuse or crime is suspected.

8. International Data Transfers

Our hosting and email providers may be located outside your home country, including in the United States. By using the platform, you acknowledge that your data may be transferred to and processed in such countries.

We aim to use reputable service providers.

9. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights under the GDPR, subject to conditions:

• Right of access – to know what personal data we hold about you.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure – to request deletion of your data, where applicable.
• Right to restriction – to limit processing in certain cases.
• Right to object – to object to processing based on legitimate interests.
• Right to data portability – to receive your data in a structured, commonly used format.
• Right to withdraw consent – where processing is based on consent (e.g. optional emails).

To exercise these rights, please open a support ticket on our Discord server.

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

10. Security

We use reasonable technical and organizational measures to protect your data, such as:

• Password hashing
• Limited access to KYC data (only the platform owner)
• Basic rate-limiting and abuse prevention

However, no system is perfectly secure. We cannot guarantee absolute security of your data.

11. Children

The platform is intended for users 18 years or older. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us to request removal.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will change the “Last updated” date at the top when we do. Continued use of the platform after changes means you accept the updated Policy.

13. Contact

For privacy questions, data requests, or complaints, please open a support ticket on our Discord server.

Back to Registration