Habbo Archive - dChat

Legal

Privacy Policy

Version v2 Updated Mar 27, 2026 23:46

Privacy Policy

Last updated: v2

This Privacy Policy explains how the Operator of Habbo Archive - dChat handles personal data when you visit or use the Service. The primary privacy contact for this deployment is me@dek.cx unless the Operator publishes a different privacy contact.

1. Who controls your data

The Operator of this deployment of the Service is the data controller for personal data processed through the Service, unless the Operator clearly states otherwise.

dChat is software. Each site operator is responsible for how they configure and use the software, including any optional third-party services they enable.

2. Personal data we process

Depending on how the Service is configured and how you use it, the Operator may process:

Account and identity data

  • username;
  • email address;
  • password hash;
  • account status and role or permissions;
  • legal consent records; and
  • direct-message preferences.

Profile data

  • avatar image;
  • bio;
  • website URL;
  • social profile links or handles; and
  • profile customization choices.

Community content

  • thread titles and bodies;
  • replies, quotes, mentions, votes, tags, and notifications;
  • uploaded files or images;
  • moderation reports and related notes; and
  • change history such as edit timestamps.

Direct messages

  • conversation metadata;
  • sender and recipient details;
  • encrypted message bodies stored by the software; and
  • report or moderation information if a message is reported.

Technical and usage data

  • IP address and device or browser information contained in server, security, or application logs;
  • timestamps and request metadata;
  • authentication and session data;
  • rate-limit and anti-abuse data; and
  • presence data such as recent activity or online status indicators.

Cookie and similar technology data

  • essential cookie choices and session identifiers;
  • CSRF/security tokens; and
  • if enabled by the Operator, analytics or third-party embed related data.

3. How we collect personal data

We collect personal data:

  • directly from you when you register, post, edit your profile, upload content, send direct messages, or contact the Operator;
  • automatically when you use the Service, through logs, sessions, security controls, and cookies; and
  • from other users when they mention you, message you, report content, or otherwise interact with your account or content.

4. Why we process personal data and legal bases

Depending on your location and the applicable law, the Operator may rely on one or more of the following legal bases:

Contract

We process personal data where necessary to provide the Service you request, including account login, hosting posts, showing profiles, delivering direct messages, and maintaining core forum functionality.

Legitimate interests

We may process data where necessary for legitimate interests such as:

  • operating, securing, and improving the Service;
  • preventing fraud, spam, abuse, and unauthorized access;
  • moderating content and enforcing community rules;
  • maintaining backups, logs, and system integrity;
  • handling user support and complaints; and
  • understanding feature reliability and performance.

Where required, the Operator should balance these interests against users' rights and freedoms.

Consent

We may rely on consent where required, such as for optional non-essential cookies, optional email digests, or optional third-party services. You can withdraw consent at any time, but this does not affect processing already carried out lawfully before withdrawal.

Legal obligation

We may process personal data where necessary to comply with legal obligations, lawful requests, court orders, or obligations relating to safety, record keeping, or regulatory compliance.

5. Public nature of community content

Unless the Operator configures the Service differently, your username, profile details, threads, replies, uploads, votes, and other public interactions may be visible to other users, visitors, search engines, and archive tools.

Please do not post personal data or confidential material that you do not want to be public.

6. Direct messages

Direct messages are intended to be private between participants. The software stores message bodies in encrypted form at rest, but direct messages are not end-to-end encrypted.

The Operator may access, review, preserve, or disclose direct messages where reasonably necessary to:

  • investigate abuse or security incidents;
  • handle reported messages;
  • comply with law or lawful requests;
  • restore systems or backups; or
  • maintain or secure the Service.

7. Who personal data may be shared with

Personal data may be shared with:

  • hosting providers, infrastructure providers, and backup providers;
  • email or notification providers, if the Operator enables those features;
  • analytics or monitoring providers, if the Operator enables them;
  • third-party content providers when you load external embeds or links;
  • moderators and administrators where necessary for community management, security, and abuse handling; and
  • courts, regulators, law enforcement, or advisors where legally required or reasonably necessary to protect rights, safety, or the Service.

We do not describe every possible processor in this default policy. Operators should add site-specific provider details where required by law.

8. International transfers

The Service may be hosted or administered from countries outside your own. Where personal data is transferred internationally, the Operator should use an appropriate transfer mechanism where required by applicable law.

9. Data retention

The Operator may retain personal data for as long as reasonably necessary for the purposes described above, including to operate the Service, enforce rules, resolve disputes, maintain backups, and comply with legal obligations.

By default, retention may include:

  • account data: for as long as the account remains active, and for a reasonable period afterwards for security, abuse prevention, or compliance;
  • public posts and uploads: until deleted by the user, removed by the Operator, or the Service is shut down, subject to backups and legal obligations;
  • direct messages: until deleted, removed under policy, or no longer needed for service operation, backup, dispute handling, or abuse investigation;
  • moderation records and reports: as long as reasonably necessary for safety, enforcement, and compliance; and
  • logs and rate-limit records: for as long as reasonably necessary for security, troubleshooting, and abuse prevention.

Operators should customize retention periods if they adopt fixed schedules.

10. Your rights

Depending on your jurisdiction, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • delete certain data;
  • restrict certain processing;
  • object to certain processing;
  • receive a portable copy of certain data;
  • withdraw consent where processing is based on consent; and
  • complain to a supervisory authority or regulator.

The Service includes account export and deletion tools, but some requests may still require manual review by the Operator.

If you are in the UK, you may have rights under UK GDPR and may complain to the Information Commissioner's Office. If you are in the EEA, you may complain to your local supervisory authority. Users elsewhere may have additional rights under local law, including some US state privacy laws.

11. Security

The Operator uses administrative, technical, and organizational measures intended to protect personal data. No method of transmission, storage, or security control is completely secure, and the Operator cannot guarantee absolute security.

12. Children

The Service is not intended for children below the minimum age allowed by applicable law. If you believe a child has provided personal data unlawfully, contact the Operator so the data can be reviewed and, where appropriate, removed.

13. Changes to this policy

The Operator may update this Privacy Policy from time to time. The current version will be published on the Service with an updated version number or date.

14. Contact

Privacy questions, rights requests, and complaints should be sent to me@dek.cx or to any updated privacy contact published by the Operator.

This site uses essential cookies for login, security, and preferences. Operators may also enable optional analytics or third-party embeds. See cookie policy.