Privacy Policy

1. Information We Collect

When you use SquadCP (Squad Command Panel), we collect:

• Discord user ID, username, and avatar (via OAuth2)
• Discord server memberships and roles (to determine whitelist access)
• Steam64 IDs and/or EOS IDs that you voluntarily submit
• Steam player names (cached from Steam's public API)
• Audit logs of whitelist actions (submissions, edits, removals)

2. How We Use Your Data

Your data is used exclusively to:

• Authenticate you via Discord OAuth2
• Determine your whitelist tier based on Discord roles
• Generate whitelist files for Squad game servers
• Display your whitelist information on the dashboard
• Provide admin tools for server managers

3. Steam Account Linking

We use Steam's OpenID protocol to verify Steam ownership. When you click Link via Steam, you are redirected to steamcommunity.comto log in. Your Steam credentials are entered on Steam's site, never on ours. Steam sends us only your public Steam64 ID after you authorize.

We never see, receive, or store your Steam password, email address, two-factor codes, or any session tokens. The same applies to EOS verification — the in-game code only confirms you control the EOS ID; it carries no account credentials.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties. Your Steam IDs are included in whitelist files that are served to your community's Squad game server via a secure, unique URL.

5. Data Storage

Your data is stored in a PostgreSQL database hosted on Railway. Session data is stored in encrypted cookies. We use HTTPS for all communications.

6. Data Retention

Active whitelist entries are retained as long as you maintain your Discord role. Inactive entries are automatically purged after the retention period configured by your server administrator (default 90 days).

7. Your Rights

You can:

• View your stored data via the My Profile page
• Edit or delete your Steam/EOS IDs at any time
• Request complete data deletion by contacting your server admin
• Revoke Discord OAuth2 access in your Discord settings

8. Cookies

We use a single encrypted session cookie (wl_session) for authentication. It expires after 24 hours. We do not use tracking cookies or analytics.

9. Contact

For privacy concerns, contact us via the SquadCP Discord community.