Privacy Policy
This policy applies to the 5th Republic verification website, public stock pages, admin panel features, and related Discord bot integrations.
1. Purpose of Processing
The service processes personal data only to operate Roblox-to-Discord community verification, prevent abuse, grant Discord roles, maintain community records, and provide related community features.
- Linking a Discord account to a Roblox account.
- Registering a verified email address as an optional stock-site login method and sending one-time verification or login codes.
- Checking Roblox account age, Roblox group rank, restricted-group status, and blocklist status.
- Granting or removing Discord roles, changing Discord nicknames, and recording verification logs.
- Handling admin review, support tickets, appeals, and abuse prevention.
- Operating community systems such as virtual stock data, attendance records, and Roblox game data tools.
2. Data We Process
| Category | Data | Source |
|---|---|---|
| Discord verification | Discord user ID, username, display name, server membership, roles, nickname, account creation date, server join date | Discord OAuth and Discord Bot API |
| Roblox verification | Roblox user ID, username, profile link, account creation date or account age, Roblox group rank, restricted-group status | Roblox OAuth and Roblox APIs |
| Stock email authentication | Verified email address, linked Discord user ID, one-time-code challenge identifier and non-plaintext digest, purpose, expiry, send, attempt, and consumption metadata | User, website, and configured SMTP delivery service |
| Moderation and operation | Verification request status, approval or denial logs, blocklist status, ticket channel IDs, log message IDs, admin handler IDs | Website, Discord bot, Trello/blocklist integrations |
| Security | Session cookies, CSRF token, request time, IP address, user agent, rate-limit and error logs | Web server and application logs |
The service does not request Roblox passwords, Roblox cookies, Robux, payment card numbers, government ID numbers, or real financial account information from users. One-time email codes are not retained in plaintext after issuance.
3. Legal and Compliance Basis
The service is operated for a Korean community and is structured to follow the general principles of the Personal Information Protection Act of the Republic of Korea, including purpose limitation, data minimization, security safeguards, and user rights. Where external services such as Roblox or Discord are used, their own privacy policies and terms also apply.
4. Retention Period
- Discord-Roblox linked verification records are retained until server departure, verification removal, deletion request, or operational need ends.
- A verified stock-login email address is retained until the user removes or replaces it, requests deletion, or the email-login feature ends.
- One-time-code challenges expire after a short configured validity period. Their non-plaintext digests and delivery, attempt, expiry, and consumption metadata are ordinarily deleted or anonymized within 30 days, unless a longer period is necessary to investigate abuse or a security incident.
- Verification request, denial, appeal, admin-review, and related security records may be retained for up to one year, or longer when needed for dispute, moderation, security, or legal compliance.
- Persistent session cookies use the configured rolling lifetime and expire after inactivity, explicit logout or revocation, or the configured maximum period.
- Community game, attendance, and virtual stock data are retained while the community feature is operated or until deletion is processed where applicable.
5. Third-Party Services
The service uses Discord, Roblox, Trello/Atlassian, Google Cloud infrastructure, and a configured SMTP email-delivery provider to provide authentication, role management, logs, blocklist checks, hosting, and one-time-code delivery. To deliver an email code, the destination email address, sender address, message content including the code, and delivery metadata are transmitted to the SMTP provider. Personal data is not sold and is transmitted only as needed to provide the service. If the selected provider processes data outside Korea, any additional legally required provider, country, transfer method, and retention disclosures will be provided.
6. Cookies and Local Storage
- Persistent session cookies are used to maintain admin, stock-login, and verification sessions across browser restarts for the configured rolling period. Activity may extend the expiry time.
- Users should explicitly log out on shared devices. Logout, server-side revocation, inactivity expiry, or the configured maximum period ends the session.
- CSRF tokens are used to protect state-changing requests.
- Local storage may be used to remember display language or interface preferences.
7. User Rights
Users may request access, correction, deletion, suspension of processing, withdrawal of verification, or removal or replacement of a registered stock-login email address through the official Discord support channel. The operator may verify account ownership before processing the request. Some records may be retained where required for moderation, security, legal compliance, or dispute handling.
8. Security Measures
- HTTPS/TLS for web access and API communications, and required TLS for SMTP delivery where configured.
- HTTP-only, SameSite, Secure session cookies where applicable.
- One-time-use email codes with short expiry, non-plaintext code storage, attempt limits, and resend and request rate limits.
- CSRF protection, rate limits, generic login responses designed to reduce account enumeration, and server-side access control.
- Restricted access to admin functions, database files, email addresses, and server secrets.
- Security and error logs for abuse detection and incident response without intentionally logging plaintext one-time codes or SMTP credentials.
9. Contact
For privacy requests, contact the 5th Republic staff through the official Discord support channel.