Security & Compliance

Last updated: 21 March 2026

Overview

Projection Roleplay is committed to protecting user data and maintaining security best practices. This page outlines our approach to GDPR compliance and our alignment with SOC2 Trust Service Criteria.

GDPR Compliance

We comply with the EU General Data Protection Regulation (GDPR) and UK GDPR. Our Privacy Policy details:

  • Lawful basis for processing
  • Your rights (access, rectification, erasure, portability, objection)
  • Data retention and purpose limitation
  • International transfer safeguards

SOC2 Trust Service Criteria Alignment

While we are not SOC2 certified, we align our practices with SOC2 Trust Service Criteria where applicable:

  • Security
    • Authentication via Steam (OAuth); no storage of passwords
    • HTTPS/TLS for all traffic
    • Environment variables and secrets not exposed to client
    • Database access restricted; parameterised queries to prevent injection
    • Stripe handles payment data; we do not store card details
  • Availability
    • Hosting on Vercel with redundant infrastructure
    • Database hosted on managed MySQL with backups
  • Processing Integrity
    • Stripe webhooks with signature verification
    • Discord interactions verified with public key
    • Admin actions require authentication and role checks
  • Confidentiality
    • Personal data encrypted in transit
    • Access to production data limited to authorised personnel
    • No sale or sharing of user data with third parties for marketing
  • Privacy
    • Privacy by design; we collect only what is necessary
    • Data subject rights supported (see Privacy Policy)
    • Retention limits and purpose limitation applied

Third-Party Security

We rely on trusted providers that maintain their own security and compliance programmes:

  • Stripe — PCI DSS compliant for payment processing
  • Vercel — SOC2 Type II certified hosting
  • Steam — Authentication provider
  • Discord — Optional linking and fulfilment

Incident Response

In the event of a data breach or security incident, we will assess impact, contain the incident, and notify affected users and relevant authorities as required by applicable law (e.g. GDPR Art. 33–34).

Contact

For security or compliance enquiries, contact us via the official Projection Roleplay Discord server.

Terms of ServiceRefund PolicyPrivacy PolicyBack to store