Privacy Policy

Last updated: February 13, 2026

1. Introduction

MilSim Units ("we", "us", or "the Platform") operates the website at milsimunits.com. This Privacy Policy explains what personal data we collect, why we collect it, and your rights regarding that data.

By using the Platform you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Platform.

2. Data Controller

MilSim Units is the data controller for personal data processed through the Platform. You can reach us via our Discord server.

3. Data We Collect

3.1 Account Data (Authenticated Users)

When you sign in with Discord we receive the following from Discord via OAuth 2:

Discord user ID
Discord username and avatar URL
Email address associated with your Discord account

We store this data in your user profile so you can manage units and access your dashboard.

3.2 Unit Profile Data

Information you voluntarily provide when creating or editing a unit profile, including unit name, description, game selections, images, schedule, requirements, and invite links.

3.3 Voting & Anti-Fraud Data

When you cast a vote (with or without an account) we collect the following to prevent vote manipulation:

Hashed IP address — a one-way hash; we cannot recover your raw IP
Hashed browser fingerprint — derived from generic browser characteristics, also one-way hashed
Voter token — a random identifier stored in a cookie to enforce the one-vote-per-day rule

Legal basis: Legitimate interest in maintaining fair rankings and preventing fraud.

3.4 Analytics & Usage Data

We collect aggregated, pseudonymised usage data including:

Page views (hashed IP, hashed fingerprint, user agent)
Referrer information (which site linked you to us)
Search queries entered on the Platform

This data helps unit owners understand how recruits discover their profiles and helps us improve the Platform.

3.5 Payment Data

If you purchase a premium subscription, payment is processed by Stripe. We do not store your full card number. We receive from Stripe: a customer ID, subscription status, and the last four digits of your card for display purposes.

3.6 Cookies & Local Storage

Name	Purpose	Duration	Category
Supabase auth cookies	Keep you signed in	Session / 7 days	Necessary
`msunits_vt`	Voter token for daily vote limit	365 days	Functional
`msunits_ref_*`	Referrer attribution	30 days	Analytics

4. How We Use Your Data

Provide the service — authenticate you, display unit profiles, process votes and subscriptions
Prevent abuse — detect vote manipulation and enforce rate limits
Improve the Platform — analyse aggregated usage patterns to prioritise features
Communicate — send service-related notifications (e.g. subscription receipts)

5. Third-Party Data Processors

We share data with the following processors:

Processor	Purpose	Data Shared
Supabase (US)	Database, authentication, file storage	Account data, unit data, votes
Vercel (US)	Application hosting, edge functions	IP addresses (in server logs), request data
Discord (US)	OAuth authentication	OAuth tokens during sign-in
Stripe (US)	Payment processing	Email, payment method details
Twitch / YouTube (US)	Stream status checks for linked streamers	Channel IDs (public data)

All processors listed above are based in the United States. Where applicable, transfers are governed by Standard Contractual Clauses (SCCs) included in each processor’s Data Processing Agreement.

6. Data Retention

Account data — retained while your account is active; deleted upon account deletion
Vote records — retained for 90 days for anti-fraud purposes, then deleted
Page view & referrer data — retained for 90 days, then deleted
Search queries — retained for 30 days, then aggregated and anonymised
Payment records — retained as required by applicable tax and accounting law

7. Your Rights

Depending on your jurisdiction (including under the GDPR and UK GDPR) you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — correct inaccurate data
Erasure — request deletion of your account and associated data
Restriction — ask us to limit processing in certain circumstances
Portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interest

To exercise any of these rights, contact us on Discord. We will respond within 30 days.

8. Children

The Platform is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Security

We implement industry-standard security measures including encrypted connections (TLS), hashed identifiers, row-level security policies, and regular security audits. No system is 100&percnt; secure; however, we take reasonable steps to protect your data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the Platform. Continued use after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, reach out on our Discord server.