Privacy Policy

Data Controller: Hayley Weighill, Great Britain

Version 1.4.0 · Effective 2026-06-30

Privacy Policy

Effective Date: 3 July 2026 Last Reviewed: 3 July 2026


1. Who We Are

TrucklineMP is operated by Hayley Weighill, based in Great Britain, who acts as the data controller for personal data processed through this platform.


2. Scope

This policy covers personal data processed through:

  • the TrucklineMP web platform (trucklinemp.com and its subdomains, including beta.trucklinemp.com, forum.trucklinemp.com, and id.trucklinemp.com);
  • the public REST API (api.trucklinemp.com, api-dev.trucklinemp.com, and equivalent paths on the main site);
  • the recruitment portal (recruitment.trucklinemp.com);
  • the forum and community features;
  • the support system, ban appeals, and knowledge base;
  • VTC (Virtual Trucking Company) features, including events, verification, and recruitment;
  • the developer / OAuth-app and API features;
  • the TrucklineMP mobile application;
  • the official TrucklineMP Discord server and Discord bots we operate (modbot, community bot);
  • our self-hosted content moderation service (cm.trucklinemp.com);
  • the staff admin console (admin.trucklinemp.com).

All of the above share a common PostgreSQL database (with the exceptions noted in section 3.16). Data collected in one service is available to authorized staff across the platform.

It does not cover:

  • the in-game multiplayer service itself (beyond launcher authentication and config storage described below);
  • third-party services you choose to connect (Steam, Discord: Discord, Google, YouTube, Twitch), each of which has its own privacy policy;
  • third-party Discord servers (including VTC-owned servers), except where a VTC has verified a guild to TrucklineMP and we process guild metadata for that link.

Note on feature rollout: TrucklineMP is currently in a limited pre-launch phase. Not all features listed in this policy are yet accessible to all users. This policy documents the full platform as built, including features that will activate at or after launch. Data already collected (accounts, recruitment applications, pre-release NDA acceptances, Discord ticket transcripts) is governed by this policy from the moment of collection.


3. Data We Collect

3.1 Account and profile

  • account ID, username (display name), @handle, and numeric web ID;
  • email address and email-verified status (the email field exists on every account but may be empty unless you provide one, e.g. on a recruitment application);
  • profile avatar — either a URL pointing to an external provider CDN (Steam, Discord) or a file you upload to our storage (see section 9.3);
  • profile banner image, if you set one;
  • profile signature (short text displayed below forum posts);
  • optional social and external links you choose to add (YouTube, Twitch, TikTok, Twitter/X, World of Trucks, Medal.tv), including linked provider IDs and display names where OAuth linking returns them;
  • account creation date, last profile update date, and onboarding status;
  • whether you have joined the waitlist;
  • whether your account is alt-restricted (a flag set when automated ban-evasion detection finds a high-confidence match — see section 3.15);
  • whether your profile picture is locked by staff (pfpLocked).

3.2 Authentication, sessions, and security

  • session tokens, session expiry, login IP address, and browser user agent for each active web session;
  • two-factor authentication status and, when 2FA is enabled, an encrypted TOTP secret and hashed backup codes;
  • security and audit logs covering login attempts, role changes, admin actions, ban and appeal records, and username/handle changes;
  • request metadata used for rate limiting and abuse prevention (including Redis-backed counters — see section 3.16);
  • ephemeral Steam auth states during the Steam OpenID login flow (token, IP, optional callback URL; deleted on use or expiry);
  • legal document acceptances — which Terms, Privacy Policy, Rules, or other mandatory documents you accepted, the document version, and the timestamp.

3.2.1 Launcher sessions

When you authenticate via the TrucklineMP launcher, we create a launcher session storing a session token and expiry. Launcher sessions are separate from web sessions and have their own lifecycle. We also store launcher login tokens (hashed) and external auth tokens for approved third-party origins that integrate with the launcher.

3.2.2 Mobile authentication

When you authenticate on a mobile device, we process:

  • QR login attempts — a short-lived token, the IP address of the device that scanned the code, the IP address of the device that approved it, and the browser user agent;
  • Handoff codes — a one-time code used to transfer a session between devices, along with the IP address and user agent at the time of generation;
  • Mobile device push tokens — if you enable push notifications on the mobile app, we store the device token and platform (iOS/Android).

QR login and handoff records are ephemeral and are deleted once consumed or expired.

3.2.3 Enterprise Access authentication

When an organization or partner signs in with an Enterprise Access token at id.trucklinemp.com/enterprise-access, we log each successful login with:

  • timestamp;
  • IP address and browser user agent;
  • the destination host you are redirected to after login (hostname only, not the full URL or query parameters).

We use this data for security, abuse prevention, and partner account accountability. Access is limited to authorized Truckline staff through Founder-managed enterprise administration.

3.3 Connected accounts (OAuth providers)

When you choose to connect an external account, we receive and store the minimum identifiers needed to keep the link in place: provider ID (e.g. Steam ID, Discord ID, Google subject ID, YouTube channel ID, Twitch user ID), a display name or avatar URL where the provider returns one, and an OAuth access/refresh token bound to your account.

We do not pull data from connected providers beyond what each integration needs to function (e.g. we do not read your Discord DMs, YouTube watch history, or Google contacts).

3.3.1 Steam account linking

In addition to using Steam for login, you may request to link a Steam ID to your account for in-game features. Linking requests store your Steam ID, request status, staff notes, and timestamps.

3.4 Game / launcher configuration files

If you use the launcher's configuration-management feature, we store the configuration files you upload under your account. These are stored verbatim (as raw text) and associated with your user ID and a name you give them. You may hide your configs from other users via profile settings.

3.5 Recruitment

  • application submissions, position applied for, and the answers you give to each question;
  • whether you declared your answers truthful, agreed to consent terms, and agreed to any NDA applicable to that position;
  • scorecards, reviewer assignments, interview slot proposals, checklist items, and flags tied to your application;
  • staff-side notes, status history, pipeline stage history, internal messages, and audit events (visible to reviewers and administrators only);
  • messages exchanged with our team in the context of an application;
  • your name and email address as submitted on the application form;
  • recruitment bot onboarding state — when you are accepted for a position that uses Discord onboarding, our modbot stores your Discord ID, application ID, position details, invite codes and expiry, interview scheduling, assigned Discord role IDs, and flow phase in its own database (see section 3.16.2).

3.6 Forum and community

When forum features are active, we collect and store:

  • Threads and posts — the content you write, when you wrote it, and any edits (including the content before each edit, the editor's ID, and the edit reason);
  • Pending posts — posts held for review (new-user approval, board approval, or content-mod flags) including a contentModMeta record describing which rule categories matched (the post text itself is stored in the post record; see section 3.14);
  • Post reactions — which emoji reaction you placed on which post;
  • Reputation — reputation points you give to or receive from other users on specific posts;
  • Poll votes — which option you voted for in polls attached to threads. For non-anonymous polls, votes are linked to your account; for anonymous polls, the vote count is shown but individual choices are not exposed publicly;
  • Private conversations (direct messages) — the content of private messages between users, participant list, read timestamps, and sent timestamps. Staff may access these for moderation purposes;
  • Mentions — @mentions of users in posts;
  • Thread subscriptions — which threads you have subscribed to for notifications;
  • Bookmarks — which posts you have bookmarked, and any personal note you added;
  • Saved searches — search queries and filter presets you save;
  • Read tracking — which threads you have read and approximately how far through you read them (post count at last read). This is used to show unread indicators;
  • Presence data — your last-seen timestamp, whether you are currently online, which page or thread you are currently viewing. This data is used to power online indicators and "who's viewing this thread" displays. You may opt out of showing your activity via your forum settings;
  • Follows — the list of users you follow and who follows you;
  • Clubs — club membership, role within the club, and join date;
  • Profile wall posts and comments — content written on other users' profile pages;
  • Forum awards — awards granted to you by staff, including the reason;
  • Forum warnings — warnings issued to your account by moderators, including point value and reason;
  • Forum restrictions — active posting or feature restrictions on your account;
  • Forum moderation actions — actions taken on your posts or threads (hidden, deleted, locked, etc.) and the reason logged;
  • Reports you submit — when you report a post, thread, or user, we store the report content, reason, and your user ID;
  • Forum user settings — your forum preferences such as in-platform notification preferences, email notification preferences (stored but not currently acted on — see section 4), signature visibility, content density, and whether you have opted to hide your activity from your public profile.

3.7 VTC (Virtual Trucking Companies)

  • VTC profile, name, description, contact information, social links, and branding;
  • member roster, role assignments within the VTC, join dates, and invite usage;
  • VTC member notes — internal notes written by VTC managers about members (visible to VTC management and staff, not to the member unless shared);
  • VTC audit logs recording management actions within the VTC;
  • linked Discord guild ID and guild name, where a VTC owner verifies their server;
  • VTC recruitment listings, applications, and applicant answers;
  • VTC verification applications — answers to verification questions submitted when a VTC applies for verified/official status;
  • events you create or attend, attendance and check-in records, slot assignments, co-host records, event bans, and event moderation history;
  • VTC blacklist entries where a VTC manager has recorded a user;
  • VTC news posts and reactions;
  • VTC announcement webhooks — Discord webhook URLs configured by VTC managers (encrypted at rest), per-event message templates, delivery mode, and configuration audit logs;
  • VTC announcement delivery logs — event type, delivery status, HTTP status, response time, retry attempts, and the rendered Discord payload (which may include member display names, handles, and profile URLs when linking is enabled);
  • VTC announcement configuration logs — who changed webhook settings, what changed, and when;
  • authorized platform leadership (Founder and Project Manager roles) may view aggregate VTC announcement webhook statistics — delivery counts, success/failure rates, response-time percentiles, and event-type breakdowns — for platform health monitoring. These aggregates are not end-user browsing analytics. Operational troubleshooting views may identify a VTC by name when a webhook is auto-disabled;
  • VTC member support tickets — where a VTC has enabled its member support system, tickets you submit to that VTC's support team: subject, message body, category, priority, status, timestamps (created, updated, closed, resolved), assigned staff member, and the full message thread including any replies from VTC staff. Internal staff-only notes within the ticket thread are not visible to the submitting member. Ticket data is controlled by the VTC and is accessible to VTC managers and VTC support staff, as well as to TrucklineMP platform staff for moderation purposes.

3.8 Support and appeals

  • support tickets you open: subject, description, category, tags, attachments, and metadata (priority, SLA deadlines, escalation level, assignee history, spam score, read timestamps);
  • replies and comments on tickets, including internal staff notes (visible to staff only);
  • ticket lifecycle events, linked tickets, CC recipients, and viewer presence;
  • CSAT survey responses where you choose to complete a satisfaction survey;
  • knowledge-base article view records (article ID, optional user ID, session key, source ticket);
  • ban appeals — appeal reason, body, contact email, messages exchanged with staff, decision, assigned reviewer, SLA deadlines, and linked ban/case IDs;
  • ban evidence — files and links attached to ban records by staff (may include screenshots, URLs, and captions; some evidence may be public depending on ban configuration).

3.9 Developer / API

  • API tokens you generate: name, scopes, permissions, rate-limit tier, last-used IP address, last-used user agent, and total request/error counts;
  • API request logs (keyed traffic): endpoint, HTTP method, status code, response time, hashed client IP, user agent, country code (from Cloudflare edge headers only — we do not store city), and error details for sampled or failed requests;
  • anonymous API usage rollups: hourly aggregates keyed by hashed IP, endpoint group, and method (no raw IP stored in these rollups);
  • API usage analytics aggregates (hourly buckets per token);
  • API security events and IP block records (hashed IP, reason, expiry);
  • OAuth applications you register: name, redirect URIs, allowed scopes, client ID, hashed client secret, and grant history;
  • OAuth authorizations granted by users to third-party apps: scopes, token expiry, last-used IP;
  • OAuth app abuse reports submitted by users;
  • webhooks you configure: URL, subscribed events, and delivery logs (payload, HTTP status, response);
  • developer project membership and project audit logs.

3.10 Notifications

  • in-app notifications generated for your account, including read status and optional Discord delivery timestamps;
  • where a Discord webhook target has been configured for your scope (e.g. a VTC, recruitment position, support department, or globally), certain event notifications may be posted to that webhook. See section 9.4.

3.11 Moderation and safety records

  • Website/game/event/VTC bans — scope, severity, reason, issue date, expiry, public visibility, restrictions array, linked VTC/event IDs, evidence links, appeal eligibility, and internal notes;
  • Discord bans — Discord user ID, guild ID, reason, active status, link to TrucklineMP user ID where resolvable, banned/lifted timestamps. Synced from our official Discord server by modbot;
  • ban evidence records (see section 3.8);
  • ban appeals and appeal message threads;
  • soft warnings issued to your account;
  • moderation cases — consolidated case records tying together bans, warnings, appeals, and enforcement actions;
  • user standing cache — a computed moderation score, tier, and breakdown derived from your warning/ban/appeal history;
  • user mutes — active mutes with reason, expiry, and staff actor;
  • staff blacklist and credential blacklist records (internal moderation tools — block re-registration by Steam ID, Discord ID, email hash, etc.);
  • profile picture lock records;
  • alt detection events — signal type (discord_id_reuse, email_match, or ip_match), HMAC-SHA256 hash of the matched value (not the raw value), confidence level, linked banned account ID, review status, and whether auto-restriction was applied;
  • username and handle change history — old and new values with timestamps;
  • staff notes on your user record — internal notes visible to staff only;
  • automod rule configurations (platform-wide, not user-specific).

3.12 Beta and pre-release participation

If you signed the pre-release NDA before launch (via the dedicated acceptance flow):

  • your Discord ID and Discord username at the time of signing;
  • your Discord avatar URL at the time of signing;
  • the version of the NDA you agreed to;
  • the timestamp of acceptance;
  • the IP address and browser user agent at the time of signing.

This record is retained indefinitely for legal defense.

Recruitment positions may also require NDA agreement (ndaAgreed on the application record). Accepted candidates may receive beta Discord roles tracked in modbot onboarding flows.

3.13 Analytics

See section 8.

3.14 Content moderation checks

When you submit text that is checked against our content moderation service (forum posts/replies, Discord messages via modbot automod, and other integrated surfaces):

  • the text of your submission is sent over HTTPS to our self-hosted content moderation service at cm.trucklinemp.com for real-time rule matching;
  • the content moderation service does not store your message text in its database — only moderation rules are stored there;
  • if a forum post is held for review, we store metadata about the match (matched categories, severity, action) in the post's contentModMeta field alongside the post content in our main database;
  • Discord messages blocked or flagged by modbot automod are not transcribed to our web database unless they occur within a Discord support ticket (see section 3.15).

3.15 Discord bots and ticket transcripts

3.15.1 Community bot (shared database)

Our community Discord bot uses the same PostgreSQL database as the web platform. It stores:

  • guild settings — Discord guild IDs, channel IDs, role IDs, and linked VTC IDs for servers that have run setup;
  • bot action logs — target Discord ID, actor Discord ID, guild ID, action type, reason, duration, and timestamp for moderation actions performed via the bot;
  • discord link cache — mapping between Discord IDs and TrucklineMP user IDs, display names, staff status, and staff role names, updated when users link accounts or staff sync runs;
  • bot guild registrations — record of Discord guilds that have registered with the bot.

3.15.2 Modbot (separate database + web sync)

Our moderation Discord bot (modbot) maintains its own PostgreSQL database for operational state:

  • recruitment onboarding flows — application ID, candidate Discord ID, position details, invite codes, interview times, recruiter notes, assigned role IDs, and flow phase;
  • Discord ticket panels and tickets — opener Discord ID, category, status, opening form answers, claim/close metadata, feedback rating;
  • ticket messages — full message content, embeds, attachment metadata, edit history, deletion state, author Discord ID/name/avatar;
  • ticket internal notes — staff-only notes on Discord tickets;
  • role persistence — Discord user ID and role ID list per guild (restored when a member rejoins);
  • automod rule configurations for Discord channels;
  • Discord ban reconciliation state.

When a Discord support ticket is closed, modbot pushes a transcript to our main platform database:

  • transcript metadata (guild, channel, panel/category labels, opener Discord ID and name, linked TrucklineMP user ID if resolvable, closer, timestamps, feedback rating);
  • all ticket messages including staff internal notes, with full content, embeds, attachment URLs, and edit history.

These transcripts are retained for support quality, dispute resolution, and moderation purposes.

3.15.3 Betatesters bot

A lightweight Discord bot used for beta/community messaging operates without its own database. Messages it posts to Discord channels are governed by Discord's privacy policy once sent. It does not persist user data beyond what Discord stores.

3.16 Infrastructure and caching

  • Redis — used for ephemeral rate-limit counters (typically 60-second and 5-minute windows for anonymous IPs; per-token buckets for API keys), session-adjacent caches, alt-detection alert pub/sub, and semi-fresh public API response caches. These counters are not the same as durable API logs in section 3.9 — they expire automatically and are not written to PostgreSQL.
  • In-memory caches — the content moderation service caches its rule list in memory (30-second TTL). The Discord community bot caches guild settings in memory (5-minute TTL).

3.17 What we do not collect

  • We do not collect government IDs, payment cards, biometrics, health data, or any other GDPR Article 9 special categories.
  • We do not collect precise street-address geolocation. Country and region only (from edge geolocation or IP-derived analytics).
  • We do not fingerprint your device.
  • We do not permanently store raw IP addresses in alt detection records — only HMAC hashes of matched signals.

4. What We Do Not Do

  • We do not sell personal data for monetary or other valuable consideration.
  • We do not share personal data for cross-context behavioral advertising.
  • We do not run advertising, retargeting, or third-party ad networks.
  • We do not profile you or make automated decisions that produce legal or similarly significant effects, except for automated alt-restriction (applying the altRestricted account flag when high-confidence ban-evasion signals match — this restricts account functionality pending staff review and is not a ban).
  • We do not use any third-party analytics, tag managers, or marketing pixels.
  • We do not currently send outbound email to users. Forum settings include email notification preferences for future use, but all platform notifications today are in-app and/or Discord (where you have linked Discord and we have configured delivery). Recruitment applications collect your email for staff contact purposes within the application workflow — we do not send automated marketing email.

This statement maps onto CCPA/CPRA "no sale, no share" disclosures and the equivalent provisions of the Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, Montana CDPA, Iowa ICDPA, and Florida FDBR.


5. How We Collect Data

We collect data:

  • directly from you when you register, submit forms, write posts, upload content, open tickets, or connect accounts;
  • automatically during use (session logs, security events, support ticket activity, API logs, forum read tracking, forum presence, moderation standing computation);
  • from third-party providers you choose to connect (e.g. Steam returns your Steam ID and avatar URL when you sign in; Discord returns your Discord ID when you link);
  • from Discord when our bots process messages, tickets, bans, and role events on our official server;
  • from the URL of inbound links (UTM parameters such as utm_source, utm_medium, utm_campaign, utm_content, utm_term) so we can understand traffic sources. UTM data is captured by our self-hosted analytics only and is not sent back to the partner.

6. Legal Bases (UK / EU GDPR)

  • Contract — to provide the account, forum, VTC, recruitment, support, developer, Discord integration, and mobile features you actively use.
  • Legitimate interests — to secure the platform, prevent abuse and ban evasion, run first-party aggregate analytics, moderate user content (including automated content-mod checks), route operational notifications, track forum presence for community features, operate Discord bots, store ticket transcripts for dispute resolution, and run the service reliably. We have documented a legitimate-interest assessment for each of these purposes.
  • Legal obligation — where required by law (e.g. responding to lawful authority requests, retaining NDA acceptance records and moderation audit logs for fraud or abuse defense).
  • Consent — for clearly optional features that require it. At present we run no marketing communications.

You can withdraw consent at any time for any consent-based processing. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.


7. Cookies and Storage

We use a small number of strictly necessary cookies for core functionality. We do not use any optional, analytics, advertising, or tracking cookies. We do not read or write to localStorage, sessionStorage, or IndexedDB for tracking purposes.

The cookies we set or that may appear on our domains:

  • better-auth.session_token (or __Secure-better-auth.session_token in secure contexts) — keeps you signed in across TrucklineMP subdomains when cross-subdomain cookies are enabled.
  • queue_id — identifies your queue position while queue protection is active.
  • maintenance_bypass — used only when staff bypass is enabled during maintenance.
  • __cf_bm (Cloudflare bot management) — set by Cloudflare to distinguish humans from bots; expires within 30 minutes of inactivity. This is a strictly necessary security cookie.

Because all of the above are strictly necessary for the service you have requested, no cookie consent banner is shown. See /cookie for full details.


8. Analytics (TinyTracker)

We run a self-hosted, first-party, cookieless analytics service called TinyTracker. It is served same-origin from trucklinemp.com (the script at /js/tt and event collection at /api/event); both are server-side proxies to our TinyTracker instance at analytics.trucklinemp.com, which runs on infrastructure we own and operate. There are no third parties involved, no advertising integrations, no data brokers, and no analytics data leaves our servers.

What the browser sends

  • the site domain (always trucklinemp.com);
  • the current page path and query string (e.g. /jobs/1234?ref=indeed);
  • the HTTP referrer (the page you came from), if any;
  • the browser viewport width in pixels;
  • UTM campaign parameters from the URL: utm_source, utm_medium, utm_campaign, utm_content, utm_term.

What our server derives from request headers

Without storing the underlying headers, our server derives:

  • your country and region as two-letter ISO codes, from edge/proxy geolocation (city-level geolocation is disabled);
  • your browser name and major version, operating system name and version, and device category (desktop / mobile / tablet), parsed from the User-Agent string.

What is used transiently and never stored

Your IP address is used only:

  • to enforce per-minute rate limits, held in an in-memory cache for 60 seconds; and
  • as one input to a daily-rotating salted SHA-256 hash that produces an opaque 32-character session identifier.

The IP address itself is never written to disk. The hash salt rotates at UTC midnight every day, so the same visitor cannot be re-identified across days by design.

What is stored durably

We store the fields above (browser-sent and server-derived), the daily session identifier, and a UTC timestamp, in our analytics database. Records are automatically deleted after 24 months by a database TTL.

What is never collected by analytics

  • No cookies, localStorage, sessionStorage, or IndexedDB.
  • No device fingerprinting (no canvas, fonts, audio context, or similar).
  • No mouse, keyboard, scroll, or form-content tracking.
  • No cross-site or cross-device identifiers.
  • No automated decision-making and no advertising profiles.

Legal basis and how to opt out

We rely on legitimate interests under UK / EU GDPR Art. 6(1)(f). The script automatically becomes a no-op when your browser sends:

  • the Do Not Track header (DNT: 1); or
  • the Global Privacy Control signal (Sec-GPC: 1).

When either signal is present, no analytics request is made. You can also object to this processing at any time at [email protected].


9. Service Providers and Recipients

We use a small number of service providers ("processors" under GDPR, "service providers" under CCPA/CPRA) to operate the platform. Each acts on our written instructions, handles data only for the purposes we set, and is contractually prohibited from using personal data for their own purposes. Where required, we rely on the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, or applicable adequacy decisions.

ProviderRoleData they processWhere
SummerHostingHosting / computeAll platform data on our serversUK / EU
Cloudflare R2Object storage for uploaded profile pictures and attachmentsThe files you uploadRegion: EU (configured)
Cloudflare TurnstileCAPTCHA / bot challenge on login and sensitive formsChallenge token, request metadata; no PII tied to your accountGlobal Cloudflare network
Cloudflare CDN / WAFEdge delivery, DDoS protection, bot management (__cf_bm cookie)IP, request metadata, TLS metadataGlobal Cloudflare network
Sentry (planned)Application error monitoringStack traces, request URLs, sanitized request metadata, occasional logged-in user IDRegion: EU (configured at deploy time)

We do not use any other third-party analytics, marketing, advertising, attribution, or behavioral-tracking services.

Our content moderation, Discord bot, and analytics services are self-hosted on the same infrastructure — they are not third-party processors, but internal services we operate. Text sent to the content moderation service for checking is processed in memory and not retained by that service.

9.1 Connected-account OAuth providers

When you link an external account, that provider receives an authentication request from us and returns identifiers and tokens. The supported providers are Steam, Discord, Google, YouTube, and Twitch. We send these providers nothing about you beyond what each OAuth flow requires; they each have their own privacy policy and you should read it before connecting.

9.2 Steam first-party login

Account registration is currently Steam-first via our identity service. When you sign in with Steam, we receive your Steam ID and public avatar URL. We do not see your Steam password, library, friends, or game time except where the OpenID extension we use exposes it.

9.3 Profile picture storage

Profile pictures you upload are stored as opaque object keys in Cloudflare R2 in our chosen region. Staff may review profile pictures reported by users or flagged during moderation. You can contact [email protected] if you believe a moderation decision was incorrect.

On account deletion, your uploaded profile pictures are deleted from R2.

9.4 Discord webhook notifications

Where we or a server administrator have configured a Discord webhook target for a particular scope (a department, a recruitment position, a VTC announcement channel, a specific ticket, or globally), certain operational notifications may be posted to that Discord webhook. VTC managers choose which events trigger announcements and may optionally include hyperlinks to TrucklineMP profile pages in message content. The contents are limited to what the notification needs (e.g. "new ticket reply on ticket #1234" or "member joined the VTC"). Once a payload is posted to a Discord webhook, it leaves our infrastructure and is governed by Discord's privacy policy. Discord is acting as a separate controller for the data in its messaging product.

9.5 Discord Inc. (bot API)

Our Discord bots communicate with Discord's API to read and send messages, manage roles, and process interactions on our official server. Discord processes this data under its own privacy policy and Terms of Service.

9.6 Legal authorities

We may disclose data to law enforcement, regulators, or other authorities where we are legally required to or where we believe in good faith that disclosure is necessary to prevent imminent harm.

9.7 No other recipients

We do not share personal data with any other third parties. If we ever add a new recipient — for example, if we add Sentry to live deployments or enable outbound email via a provider — we will update this list before the change goes live and bump the Last Reviewed date at the top.


10. International Transfers

Most processing happens in the UK / EU. The exceptions are:

  • Cloudflare — globally distributed edge. Cloudflare relies on a combination of adequacy where available and Standard Contractual Clauses elsewhere.
  • Sentry (when deployed) — configured for the EU region; cross-border access for Sentry support staff is governed by Standard Contractual Clauses.
  • OAuth providers you choose to connect (Steam, Discord, Google, YouTube, Twitch) operate globally; their transfers are governed by their own policies.
  • Discord Inc. — processes bot and webhook data on global infrastructure under Discord's terms.

We do not transfer analytics data internationally; analytics is fully self-hosted.


11. Retention

DataRetention
Account and profileWhile your account is active
Legal document acceptancesWhile your account is active; retained in audit context after deletion where required
Sessions and login history90 days from last activity
Enterprise Access login events90 days
Mobile QR logins and handoff codesDeleted on consumption or expiry
Steam auth statesDeleted on consumption or expiry
Two-factor secretsWhile you have 2FA enabled
Launcher configuration filesWhile your account is active; deleted on account deletion
Recruitment applicationsDuration of the recruitment process plus a reasonable defense period
Modbot recruitment flowsDuration of onboarding plus a reasonable period; deleted when flow completes or is cancelled
Forum posts and threadsWhile your account is active; subject to moderation deletion
Forum private messagesWhile the conversation is active; deleted on account deletion unless required for moderation
Forum presence dataRolling; overwritten each session
Forum read trackingWhile your account is active
Support ticketsActive ticket lifetime + closure period for dispute defense
Discord ticket transcriptsSupport/dispute defense period; typically retained alongside equivalent web support tickets
VTC member support ticketsWhile the ticket is active; retained for a reasonable closure period for dispute defense; deleted when the VTC is disbanded or on request by the VTC owner where no legal hold applies
Audit logs and moderation recordsUp to 7 years where needed for safety, fraud, or legal defense
Alt detection eventsWhile relevant to active review or restriction; retained in moderation audit context
Profile pictures (R2)Latest version while account is active; deleted on account deletion
Pre-release NDA acceptance recordsIndefinitely for legal defense
Analytics events (TinyTracker)24 months, then auto-deleted by database TTL
API request logs90 days
Anonymous API usage rollups30 days
API usage analytics aggregates24 months
Webhook delivery logs30 days
Discord webhook delivery logs30 days
VTC announcement delivery logs30 days
VTC announcement configuration logsWhile the VTC exists, or up to 7 years in audit context
Discord bot action logsUp to 2 years
Content moderation checksNot retained by the contentmod service; forum contentModMeta retained with the post
Sentry events (when deployed)90 days
User standing cacheRecomputed on each moderation event; retained while account is active

On account deletion, we remove or anonymize data where possible, subject to legal, security, and platform-integrity exceptions (for example, ban records, appeal records, Discord ticket transcripts involving other parties, and moderation audit logs may be retained for safety and abuse prevention).


12. Your Rights — UK and EU

Under UK GDPR and EU GDPR, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • request deletion;
  • restrict or object to certain processing (including a standalone right to object to processing based on legitimate interests, such as our analytics or forum presence tracking);
  • request data portability for data you provided to us;
  • withdraw consent for any consent-based processing;
  • not be subject to a decision based solely on automated processing that has legal or similarly significant effects — our alt-restriction flag is a temporary account limitation pending human review, not a final decision.

To exercise any right, contact us at [email protected]. We respond within one month and may extend by a further two months for complex requests, telling you why.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at https://ico.org.uk/ and, where applicable, your EU supervisory authority.


13. Your Rights — United States

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Florida, or another US state with applicable privacy law, you may have the right to:

  • know what personal information we have collected and the categories of sources and recipients;
  • access and obtain a portable copy of that information;
  • correct inaccurate information;
  • delete personal information, subject to listed exceptions;
  • opt out of sale or sharing for cross-context behavioral advertising — we do neither, so there is nothing to opt out of;
  • limit use of sensitive personal information — we do not use sensitive PI for any inferring or profiling purpose;
  • not be discriminated against for exercising your rights.

We honor the Global Privacy Control (Sec-GPC: 1) browser signal as an opt-out preference signal. Our analytics script respects it as a no-op, and we do not engage in any sale or sharing that would otherwise be triggered.

To exercise these rights, contact us at [email protected]. We will verify the request via your account credentials or, where you request as a non-account-holder, through reasonable identity-confirmation steps. We will not charge you a fee for the first request in any 12-month period and will not deny goods or services for exercising a right.

You may also designate an authorized agent to make a request on your behalf; we will require written authorization or proof of power of attorney.


14. Children's Privacy

TrucklineMP is not directed at children under 13 and is not intended for children under 13 to use. Steam itself sets a minimum age of 13.

If you are under 13, do not use TrucklineMP and do not provide any personal information to us. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete the account and the data as soon as practicable.

If you are a parent or guardian and you believe a child under 13 has provided us with personal information, please contact [email protected] and we will act promptly.

If you are between 13 and 18 (or the age of majority in your jurisdiction), please use TrucklineMP only with a parent or guardian's permission, and read the Notice to Parents and Information for Young Players pages for guidance.

This policy is intended to align with the Children's Online Privacy Protection Act (COPPA) in the United States and with the UK Information Commissioner's Office Age-Appropriate Design Code.


15. Security

We apply reasonable technical and organizational measures, including:

  • TLS for all network traffic;
  • session-bound and IP-bound rate limits, plus CAPTCHA challenges (Cloudflare Turnstile) on sensitive actions including login;
  • two-factor authentication (offered to all users, required for staff);
  • per-feature permission checks and audit logging for staff actions;
  • secret rotation for daily analytics salts, alt-detection HMAC secrets, and signing secrets;
  • credential blacklisting to prevent banned users from re-registering with the same identifiers.

No system is risk-free. To report a vulnerability: [email protected].


16. Updates

We may update this policy as the platform evolves. Material changes will be communicated in-product and may require re-acceptance through the legal acceptance flow. The Effective Date at the top is updated when changes are published; the Last Reviewed date is updated whenever we re-confirm the policy without changes.


17. Contact


Changes in This Version (3 July 2026)

  • Added VTC member support tickets to section 3.7: subject, body, category, priority, status, assignee, message thread (including staff-only internal notes), and closed/resolved timestamps.
  • Updated retention table for VTC member support tickets.

Changes in This Version (30 June 2026)

  • Added VTC announcement webhooks: manager-configured Discord notifications, delivery logs, configuration audit logs, optional profile links in payloads, and Founder/Project Manager aggregate platform analytics.
  • Updated retention table for VTC announcement delivery and configuration logs.

Changes in This Version (28 June 2026)

  • Expanded scope to cover identity service, forum subdomain, admin console, Discord bots, and content moderation service.
  • Added sections for: legal document acceptances, alt-account detection (hashed signals), content moderation (transient text checks + stored metadata), Discord bots and ticket transcripts, modbot recruitment flows, Discord ban sync, moderation standing/cases/mutes, mobile push tokens, VTC verification and member notes, and Redis/ephemeral caching.
  • Clarified that outbound email is not currently sent despite forum email preference fields existing.
  • Clarified shared-database architecture across services.
  • Updated retention table for new data classes.

Changes in This Version (22 June 2026)

  • Removed AI-assisted support ticket analysis and automated profile-picture moderation (OpenAI / Google Gemini). Profile pictures are published on upload; staff review applies to reported content only.

Changes in This Version (21 June 2026)

  • Added full forum data section: posts, edit history, DMs, reactions, reputation, polls, presence, read tracking, follows, clubs, bookmarks, saved searches, warnings, moderation actions, awards, and forum user settings.
  • Added mobile authentication data: QR login attempts and handoff codes (both capture IP and user agent; both ephemeral).
  • Added profile banner and signature to account/profile section.
  • Added launcher configuration files (game configs stored verbatim per account).
  • Added pre-release NDA acceptance records (Discord ID, IP, user agent; retained indefinitely for legal defense).
  • Expanded retention table with new data classes.
  • Clarified that one policy covers both current limited access and the full post-launch platform.