Privacy Policy

We collect the following types of information:

• Account Information: Email address, username, and password (hashed)
• Discord OAuth Data: Discord user ID, username, avatar (if using Discord login)
• Server Listings: Server name, description, IP address, banner images, tags
• Vote Information: Username used when voting, timestamps
• Technical Data: IP addresses (for rate limiting), browser type, session data

We use Discord OAuth for optional authentication. When you log in with Discord:

• Discord shares your user ID, username, email, and avatar with us
• We store this data to maintain your account and link your Discord identity
• We do not store your Discord password or access tokens permanently
• Email from Discord is auto-verified for convenience

We use collected data to:

• Provide and maintain our server listing and voting services
• Authenticate users and prevent fraud
• Display user profiles and server listings
• Enforce rate limits (one vote per server per 24 hours)
• Allow server owners to verify votes via API
• Improve our services and user experience
• Communicate with users about service updates

We do not sell your personal information. We may share information:

• With server owners: Vote usernames via our public API (for reward systems)
• When required by law: To comply with legal obligations
• To protect rights: To enforce our terms and protect our users

We implement industry-standard security measures:

• Passwords are hashed using bcrypt with secure rounds
• HTTPS encryption for all data transmission
• Secure database access controls
• Regular security updates and monitoring

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

We use cookies and local storage for:

• Authentication sessions
• CSRF protection
• User preferences

You can disable cookies in your browser settings, but some features may not work properly.

• Account data is retained for as long as your account is active
• Vote history older than 30 days is automatically deleted
• Server listings are retained until manually deleted
• You may request account deletion at any time

You have the right to:

• Access: Request a copy of your personal data
• Correct: Request correction of inaccurate data
• Delete: Request deletion of your account and data
• Export: Request your data in a portable format
• Withdraw consent: Withdraw consent at any time

To exercise these rights, contact us at hello@hytlist.org

If you vote for a server on HytList, the server owner may access your voting data through our API. This includes:

• Username: The in-game name you used when voting
• Vote status: Whether you voted in the last 24 hours
• Timestamp: When you last voted

This enables server owners to reward voters through in-game systems. By voting, you consent to this data sharing.