PRIVACY POLICY // CYBERNET

DRAFT — pending legal review. This document is a working draft prepared for product review and does not constitute the operative terms of any agreement until reviewed by counsel, signed off by the operator, and published with a final effective date. Do not rely on this text for legal compliance purposes.

EFFECTIVE[DRAFT] LAST UPDATED[DRAFT]

This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to cybernet.gg, the CyberNet Launcher, the CyberNet Plugin, Public Servers we operate, and Hosted Servers we provision under our hosting service.

We do not sell your personal information.

1. Information We Collect

A. Account information you give us

Handle (3-24 alphanumeric characters)
Email address
Password — we store only a salted bcrypt hash; we never see the plaintext
Optional Discord identifier and avatar hash if you sign in via Discord OAuth
Profile gender, when detected from your local Cyberpunk 2077® save metadata by the Plugin and reported back to your Account, used to select your character record on connect

B. Authentication and session data

A session cookie named cn_session containing a 256-bit random opaque token (no personal data)
Session metadata: creation time, expiry, originating IP address, and User Agent string of the browser or launcher used to log in
OAuth state tokens used during Discord login (deleted within 1 hour)

C. Server connection and gameplay data

When you connect to any CyberNet server (Public or Hosted):

Your CyberNet handle, role, gender, and globally banned status are conveyed to that server
The server logs the connection time, your IP address, your client version, and any ban or kick events relating to you
The server may log in-game positions, chat messages, and similar gameplay events as required to operate the server, enforce its rules, and respond to abuse reports

D. Voice data

The Service includes proximity voice chat. Voice is encoded with the Opus codec on your machine, transmitted over a dedicated channel to the server, mixed and spatialized server-side, and forwarded to nearby Players. We do not record or persist voice audio in normal operation. Short-lived buffers exist transiently in server memory only as required to perform the spatial mix.

E. Payment information (Hosted Server purchases)

Payment is processed by Stripe, Inc. We receive only a non-card token, the last 4 digits of your card, the card brand, the billing country, and information necessary to manage your subscription. We never see the full card number, CVV, or expiration date.

F. Launcher telemetry

The Launcher reports its version, the operating-system version, and basic launch-error diagnostics so we can debug crashes. It does not transmit gameplay data or scan your filesystem beyond the Cyberpunk 2077® installation directory.

G. Cookies and similar technologies

We use a single first-party session cookie (cn_session) to keep you signed in. We use temporary cookies to manage Discord OAuth flow. We do not use third-party advertising or cross-site tracking cookies.

H. Audit data

For accountability, every administrative action taken via cybernet.gg (role changes, server registrations, bans, key issuance, etc.) is recorded with the actor's User ID, the action, the target, the originating IP, the User Agent, and a redacted JSON of details. This is retained as described in Section 4.

2. How We Use Information

Authenticate you, manage sessions, and protect your Account
Provide the Service, including connecting you to servers, replicating game state, and routing voice
Bill you for paid products and prevent fraud
Enforce our Terms of Service, Code of Conduct, and DMCA Policy
Investigate and respond to support requests, abuse reports, and legal demands
Improve the Service through aggregate analytics and crash diagnostics
Comply with legal obligations

3. How We Share Information

A. With server Operators

When you connect to a Hosted Server, the Operator and their delegated staff can see:

Your CyberNet handle, internal User ID, and (if you've linked it) Discord ID
Your connection IP at the time of connect
Your in-game actions on their server
Your global ban status and your per-server ban history across other servers (visible only to staff with the appropriate role; this cross-server visibility is a material feature of the platform — see our Code of Conduct)

Operators are bound by these Terms and our Code of Conduct regarding the use of this information. We are not responsible for an Operator's misuse of information they receive in the course of operating their server; report any such misuse to abuse@cybernet.gg.

B. With service providers

Stripe, Inc. (payment processing)
Discord, Inc. (when you opt to link a Discord account)
Hosting and DNS providers (to operate cybernet.gg and Hosted Servers)
Email providers (to send transactional email)

These providers process information on our behalf under their own privacy commitments.

C. Legal compliance and protection

We may disclose information in response to a valid legal process, to protect the safety of any person, to investigate fraud or violation of these Terms, or as part of a corporate transaction in which the recipient agrees to honor this Privacy Policy.

D. We do not sell, rent, or trade your personal information for advertising.

4. Data Retention

Category	Retention
Account profile	Until you delete the Account
Sessions	14 days from last activity, or earlier on logout
OAuth state tokens	1 hour
Audit log	Indefinite, as a security record
Per-server bans (server_bans)	Indefinite; deletion of Account replaces personal references with NULL
Server connection logs (per Operator)	Up to 90 days, unless the Operator has set a different retention
Stripe records	As required by Stripe and applicable financial-records law
Backups	Up to 30 days; deletions propagate to backups within that window

If you delete your Account, your handle and personal data are removed from our active databases within 30 days, except as required for security, fraud prevention, or legal compliance.

5. Your Rights

Depending on where you live, you may have rights to:

Access the personal data we hold about you
Correct inaccurate data
Delete your data, subject to retention exceptions described above
Export your data in a portable format
Object to or restrict certain processing
Withdraw consent (where processing is based on consent)
Lodge a complaint with a data-protection authority

Submit requests to privacy@cybernet.gg. We will verify your identity and respond within the time required by applicable law.

6. Children's Privacy

The Service is not intended for children under 13. EEA/UK residents must be at least 16. We do not knowingly collect personal information from children below the relevant age. If you believe a child has provided us information, contact privacy@cybernet.gg and we will delete it.

7. International Data Transfers

We are based in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. and possibly other jurisdictions where our service providers operate. Where required, we use Standard Contractual Clauses or equivalent transfer mechanisms.

8. Security

We use industry-standard practices including TLS for traffic in transit, salted bcrypt for password storage, HMAC-signed server registration, restricted database access, and audit logging of administrative actions. No system is perfectly secure; we make no guarantee against breach.

9. Breach Notification

In the event of a personal-data breach affecting you, we will notify you and the relevant regulators within the time required by applicable law (typically 72 hours of becoming aware, where required).

10. Changes

We may update this Policy. Material changes will be announced at cybernet.gg or by email at least 30 days in advance, except where shorter notice is required for legal or security reasons.

11. Contact

Privacy — privacy@cybernet.gg
Data subject rights — privacy@cybernet.gg
General — support@cybernet.gg

WHAT WE COLLECT, WHAT WE DO NOT.