Privacy Policy

The current website does not use its own analytics, advertising, or marketing tracking. Google Fonts are no longer loaded from external Google servers in the browser.

The privacy-relevant parts are mainly Discord login, cookies and browser-side storage, event signups, tryout submissions, team pages with member profiles, and technical application logs.

• Discord is the main external service for login, community communication, tryouts, and parts of event organization.
• Event and team data are stored server-side and used for the related website and Discord features.
• Approved team pages may contain public member profiles.

• Article 6(1)(b) GDPR where you actively use or request features such as Discord login, event signup, team management, or tryout submission.
• Article 6(1)(f) GDPR for the secure, stable, and abuse-resistant operation of the website, administration features, internal account mapping, logging, and organizational workflows.
• Section 25(2) TDDDG for technically necessary cookies and browser-side storage required to provide digital services you explicitly request.

Technical connection data is processed when the website is accessed so that pages and files can be delivered.

The application also logs selected operational and usage events where necessary for troubleshooting, stability, abuse prevention, administration, or traceability. The admin area is protected by login and an additional permission check.

• technical errors, timestamps, and exceptional cases
• Discord login events
• event joins and leaves
• tryout submissions and certain team or admin actions
• Discord IDs, usernames, or submitted form values where they are part of the relevant operation

No optional tracking or marketing cookies are currently used. The existing storage is limited to functional or technically necessary purposes.

The session cookie only contains a random session identifier and not your full profile data. There is currently no consent banner because optional tracking technologies are not loaded.

• xpl_lang: stores the selected language for up to 1 year and is only set when you actively choose a language version.
• xpl_session: stores a random website login session ID for up to 7 days; the cookie is marked Secure and HttpOnly.
• xpl_admin_nav: is only used in the admin area as a localStorage entry to remember the navigation state; it is not automatically transmitted to third parties.

When you sign in with Discord, you are redirected to Discord's OAuth flow. The currently used scope is identify only. No email address is requested through this login.

After a successful login, we process your basic Discord profile to create the website session, map protected areas to a Discord account, and correctly check team or admin permissions.

• Discord user ID
• username
• global name
• avatar hash or derived avatar URL
• internal rules_verified and verified_at flags where used for moderation or organizational purposes
• temporary OAuth security state value stored in server memory for up to 10 minutes

For event management we store the metadata required for the relevant workflow, such as game, title, description, date, time, recurrence, tags, target teams or channels, and optional external event links.

When you join or leave an event, we process your Discord ID together with the event reference, signup scope, and timestamp. Signups and overview messages may also be mirrored into Discord channels or Discord scheduled event features.

• event title, description, game assignment, and scheduling data
• notification targets, team or channel assignments, and role references
• participant records with Discord ID, event ID, signup scope, and joined_at timestamp

If you submit the tryout form on the website, we process the information you enter in order to forward it to the responsible team or Discord channel.

At the current state, there is no separate applicant database on the website for this workflow. However, the submitted information is processed in Discord messages and application logs.

• name
• age
• peak rank
• selected team
• requested role
• requested tryout date
• Discord name

For team pages, we process team and profile data maintained by authorized team managers or administrators. This also includes public information for roster and marketplace presentation.

Approved team pages may make member profiles public. Only enter information there that is intended for public team presentation. If external image URLs are used, the visitor's browser connects to that external host when the page is opened.

• team name, short description, description, website, colors, and open positions
• banner and logo URLs or embedded image data
• member profiles with in-game name, real name, role, and bio
• edit logs with updatedAt and updatedBy

Recipients of personal data are limited to the parties technically required for the relevant feature or intentionally accessed by you.

This includes Discord for OAuth login, Discord server messages, Discord scheduled events, the public widget data retrieval, and where applicable the delivery of Discord avatars. External image hosts can also be involved if team managers place such media URLs on team pages.

• Discord API for OAuth and basic profile retrieval
• Discord Widget API for the real-time data fetch on the Discord page
• Discord server channels for tryouts, events, news, and organizational workflows
• Discord CDN when Discord avatars are loaded
• external image hosts if team pages reference media stored there
• linked third-party websites only once you actively click an external link

For Discord and the Discord CDN, processing outside the EU or EEA, especially in the United States, cannot be ruled out. More information is available in the Discord Privacy Policy.

• xpl_lang: up to 1 year
• xpl_session: up to 7 days; earlier on logout, expiry, cleanup, or server restart
• OAuth state values: up to 10 minutes
• Discord widget cache: approximately 75 seconds server-side; automatically discarded afterwards
• Discord login and user-mapping data: as long as needed for login, administration, permission checks, or organizational purposes, or until deleted/cleaned up
• event and participation data: as long as required for planning, display, traceability, or internal documentation
• team page and member profile data: until changed, removed, the team page is deleted, or the presentation purpose no longer applies
• tryout data: no separate website applicant database; the processing remains in Discord messages and technical logs until they are deleted or cleaned up there
• application logs: until technical necessity ends, log rotation occurs, or manual cleanup is performed
• admin-area localStorage: until deleted by the browser or by you