Privacy Policy — GlobalSpeak

1. Information We Collect

We collect information you provide directly and information generated by your use of the Service.

Category	What we collect	When
Account data	Email address, username, display name, password (hashed — never stored in plain text)	At registration
Profile data	Avatar image, bio, status, badges	When you update your profile
Message content	Messages sent in servers and direct messages, file attachments	As you use the platform
Usage data	Servers joined, timestamps of activity	Automatically during use
Technical data	IP address (for security checks), browser/device type via socket connection	On connection

We do not collect payment information, location data, or any data from third-party sources.

2. How We Use Your Information

We use the information we collect to:

Create and manage your account.
Deliver the core messaging and community features of the platform.
Send transactional emails such as email verification codes.
Detect and prevent abuse, spam, and violations of our Terms of Service.
Respond to support requests and moderation actions.
Improve the performance and reliability of the Service.

We do not use your data for advertising or sell it to third parties.

3. Message Encryption

All messages sent on GlobalSpeak — both server messages and direct messages — are encrypted at rest using AES-256-GCM encryption. This means message content is stored in an encrypted form in our database and is only decrypted when delivered to authorised recipients.

File attachments are stored on our servers and accessible only via authenticated requests.

4. Information Sharing

We do not sell, rent, or share your personal information with third parties for commercial purposes.

We may share information in the following limited circumstances:

Legal compliance: When required by applicable law, court order, or government authority.
Safety: To protect the rights, property, or safety of GlobalSpeak, our users, or the public — including reporting illegal content such as CSAM to authorities.
Service providers: We use Mailtrap to deliver transactional emails on our behalf. They receive only your email address and the content of the email being sent.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide you with the Service.

Account data: Retained until you delete your account.
Messages: Retained until you or a server admin deletes them, or until your account is deleted.
Data exports: Generated export files are automatically deleted after 30 days.
Verification codes: Expire after 10 minutes and are removed after use.

After account deletion, your personal data is removed from our active databases. Some anonymised technical logs may be retained for security and auditing purposes.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the data we hold about you via the Settings → Export Data feature in-app.
Correction: Update your profile information at any time in account settings.
Deletion: Delete your account from account settings. This removes your personal data from our systems.
Portability: Download a JSON export of your messages and profile data via Settings → Export Data.

To exercise rights not available through the in-app tools, contact our support team via our Contact page.

7. Children's Privacy

GlobalSpeak is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly.

If you believe a child under 13 is using GlobalSpeak, please contact us via our Contact page.

8. Security

We take reasonable technical and organisational measures to protect your information against loss, misuse, and unauthorised access. These measures include:

AES-256-GCM encryption for stored messages.
bcrypt hashing for passwords (never stored in plain text).
JWT-based authentication with short expiry windows.
Rate limiting on authentication and messaging endpoints.
IP-based access controls for internal systems.

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top. We encourage you to review this policy periodically.

Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

10. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, visit our Contact page or use the in-app support feature.