Privacy Policy

1. Who We Are

Keystone Management ("we", "us") operates the Keystone Management web dashboard and Discord bot. We are not affiliated with Roblox Corporation, Discord Inc., Police Roleplay Community, or Google LLC.

2. What Data We Collect

• Discord user ID — Collected when you sign in with Discord OAuth or when a member verifies in your server.
• Roblox username & user ID — Collected during the Roblox verification flow to link your Discord account to your Roblox identity.
• Server join timestamps — When you join a Discord server that uses this Service, the bot records the date and time of your join. This is used solely to enforce the minimum-tenure requirements that server administrators configure on application forms.
• Application submissions — If you submit an application form through the Service, we collect your answers (which may include text, numbers, URLs, and images you choose to upload), your Roblox username, and your Discord user ID. The resulting submission record also stores the review status and any reviewer notes added by server staff.
• Uploaded images — Images submitted through application forms are compressed and stored in Supabase Storage. Server administrators may also upload banner images for their forms, which are stored in the same storage bucket.
• Moderation records — When a moderation action (warning, mute, or kick) is issued against a member, we store the action type, reason, target Roblox username and Discord user ID, the issuing moderator's Discord user ID, and a timestamp.
• Warning records — Individual warnings issued to members, including the reason and the Discord user ID of the person warned, are stored per guild.
• ERLC server key — Provided by you when configuring Voice Routing or Mod Tools. Stored encrypted at rest with AES-256-GCM; the raw key is never returned by the API.
• Zone & channel configuration — Coordinate bounds and Discord voice channel IDs you create in the Zone Editor.
• Guild metadata — Discord server ID, server name, server icon hash, and the IDs of roles and channels you configure in the dashboard.
• Staff, training & HR records — Staff profiles, training records, and related data that server administrators enter or generate through the HR features.
• Shift & patrol data — Shift clock-in/out timestamps and patrol log entries tied to Discord user IDs.
• Ticket data — Thread IDs, the Discord user ID of the ticket opener, category name, status, close reason, and timestamps.

3. How We Use Your Data

We use collected data solely to provide the Service: verifying members, routing players to voice channels, processing support tickets, enabling moderation and HR features, evaluating application submissions, and displaying your server configuration in the dashboard. We do not sell, rent, or share your data with third parties for marketing purposes.

4. Data Storage & Security

Data is stored in a Supabase PostgreSQL database and Supabase Storage. ERLC server keys are encrypted with AES-256-GCM before storage. Access is restricted by row-level security policies keyed to your Discord user ID. Uploaded images are stored in a non-public-by-default bucket with scoped access. We take reasonable precautions but cannot guarantee absolute security.

5. Advertising

The Roblox account verification page displayed to end users shows advertisements served by Google AdSense. Google and its partners may use cookies, device identifiers, and similar technologies to serve personalised ads based on your past visits to this and other websites. You can opt out of personalised advertising by visiting Google's Ads Settings (g.co/adsettings) or by using the NAI opt-out tool. The use of Google AdSense is subject to Google's Privacy Policy (policies.google.com/privacy).

6. Third-Party Services

• Discord — OAuth login and bot functionality. Subject to Discord's Privacy Policy.
• Roblox — OAuth for account linking. Subject to Roblox's Privacy Policy.
• ERLC API — Live player position data queried with your server key. Subject to ERLC's terms.
• Google AdSense — Advertising on the verification page. Google may collect data and use cookies as described in Google's Privacy Policy.
• Supabase — Database and file storage hosting. Subject to Supabase's Privacy Policy.
• Netlify — Web hosting and serverless functions. Subject to Netlify's Privacy Policy.

7. Data Retention

We retain your data for as long as your server uses the Service. Verified member records, zones, application submissions, uploaded images, and configuration are deleted upon request. Server keys are deleted when you remove the ERLC configuration in the dashboard. Server join timestamps are retained only while the guild is active in the Service. We do not retain data for longer than necessary.

8. Your Rights

You have the following rights over your personal data: • Access & Export — You may download a copy of all data we hold about you at any time from your dashboard under Account → Export My Data. The export is provided as a JSON file and is generated immediately. • Correction — You may request correction of inaccurate data by contacting us via our Discord support server. • Deletion — You may request deletion of all your personal data at any time. We will action deletion requests within 30 days. To exercise any right not covered by the self-service export, contact us via our Discord support server.

9. Children

The Service is not directed at children under 13. If you believe a child under 13 has provided us with personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The revision date at the top of this page will reflect the latest changes. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or data deletion requests, reach out via our Discord support server. Links are available on the main site.