Legal

Privacy Policy

Draft · Last revised 5/12/2026 · Pending legal review

This is a draft for review. A final Privacy Policy will be issued before public launch and before App Store / Play Store submission. If you're reading this in production, send Klapen a message — that's a launch checklist item that slipped.

1. What this covers

This Policy describes how Charon (a service operated by Klapen LLC) collects, uses, and protects information from people who use the Charon website, mobile apps, and delivery service.

Charon's purpose is automated in-game corvette delivery for No Man's Sky. You give us what we need to deliver; we don't keep more than that.

2. What we collect

2.1 When you sign in

Charon uses Discord OAuth for sign-in. When you authenticate, Discord shares your Discord user ID, username, avatar URL, and (if you grant it) your email address. We store these to identify your account.

If you subscribe through Patreon or PayPal, the linked Patreon/PayPal account ID is stored so we can sync your tier automatically.

2.2 When you place an order

We collect your NMS friend code, platform, and the ship you ordered. We use these to dispatch the delivery bot. Friend code is stored encrypted at rest.

2.3 When you upload a corvette

We collect the .nmsship file or JSON you upload, plus the metadata you provide (name, description, photos, tags, build method). On upload, our tool automatically scrubs the file of Personally Identifiable Information (inventory, location, position, direction) before the ship enters the catalog. We keep the resource hash and seed.

2.4 When you submit a delivery issue ticket

The issue form collects the delivery ID, your description, any evidence files you choose to upload, and your contact preference. Mods review tickets case-by-case.

2.5 Automatically

Standard web logs: IP address, browser type, referring page, timestamps. Used for security (rate-limiting, fraud detection) and aggregate analytics. Retained for 90 days.

3. What we don't collect

  • Your NMS save file contents (other than the specific ship you upload, with PII stripped)
  • Your real-world name, address, phone number, or government ID
  • Payment card details — Patreon and PayPal handle billing; we never see card numbers
  • Anything from third-party trackers — we don't use Google Analytics, Meta Pixel, or similar surveillance pixels

4. How we use it

  • Deliver service. Friend code and platform let the bot find your session. Order data routes the right ship to you.
  • Maintain your account. Tier sync, allotment tracking, ledger history.
  • Catalog operation. Upload metadata appears on the public catalog when you publish a ship.
  • Support & safety. Issue ticket review, abuse investigation, fraud prevention.
  • Aggregate insight. How many people use what, what's popular, where bots get stuck. Always aggregated, never individual.

5. Third parties

Charon shares data with a small list of named third parties, only where necessary to operate:

  • Discord — sign-in (OAuth), community, delivery notifications
  • Patreon — subscription billing, tier sync (if you choose Patreon)
  • PayPal — subscription billing, token purchases (if you choose PayPal)
  • Railway — backend hosting (your data lives in Railway's Postgres)
  • Cloudflare — edge security, DDoS protection
  • Netlify — website hosting (no personal data stored here; site is static)

Charon does not sell or rent your data to anyone. Ever.

6. Your rights

  • Access. You can request a copy of everything Charon stores about you, via Discord DM to the mod team or by emailing privacy@charon.example (placeholder).
  • Correction. Fix anything wrong from your account dashboard.
  • Deletion. Close your account from your account dashboard. Charon retains audit-log entries for 1 year for fraud prevention; everything else is removed within 30 days of closure.
  • Portability. Your delivery history, uploaded ships, and ledger are downloadable as JSON.
  • Object. You can ask us to stop using your data for any non-essential purpose.

If you're in the EU, UK, or California, your statutory rights under GDPR / UK-GDPR / CCPA apply on top of the above.

7. Children

Charon is not directed at children under 13 and we don't knowingly collect data from them. If you believe a child has signed up, contact us and we'll remove the account.

8. Security

Standard practice: HTTPS everywhere, friend codes encrypted at rest, OAuth-only authentication, 2FA required for admin/mod accounts, IP allowlist + shared-secret for the bot-to-server API. Cloudflare handles edge security. Charon is small but takes this seriously — see Terms for the liability boundary.

9. Changes

If this Policy changes meaningfully, the "Last revised" date updates and active users get a notice through the email or Discord DM channel they've already authorized.

Questions? Discord DM the mod team, or email privacy@charon.example (placeholder — real address pending).

See also: Terms of Service · Builder Code