Legal

Privacy Policy

Last updated: April 28, 2026

UmaCore (“we”, “us”) is a free, community-run tool for managing Uma Musume club quotas. This page explains what data we collect, why, and what rights you have under the EU General Data Protection Regulation (GDPR).

1. Who is responsible for your data?

UmaCore is operated by Haruki. You can contact us at intranetzosu@gmail.com or via our Discord server.

2. What data we collect and why

Discord account data (when you sign in)

We use Discord OAuth 2.0 for authentication. When you sign in, Discord shares the following with us:

Discord user ID — To uniquely identify your account across sessions
Username & avatar — To display your name in the dashboard header
Email address — Provided by Discord as part of the OAuth flow; we do not store or use it independently
Guild list & permissions — To determine which Discord servers you are an administrator of, so we can show you only your clubs

Your Discord access token is used only during sign-in to fetch guild membership and is never stored on our servers.

Club and quota data

When you or your club members submit quota data, we store the following in our database:

In-game trainer names
Daily fan counts and quota deficit / surplus
Club configuration (name, daily quota target, schedule)
Bomb records (active status and days remaining)

This data is operational — it is required to provide the quota tracking service. The legal basis is legitimate interest (GDPR Art. 6(1)(f)) in operating the dashboard for club administrators.

Session cookie

After signing in, we set a single HTTP-only, encrypted session cookie (next-auth.session-token / __Secure-next-auth.session-token). This cookie is strictly necessary to keep you signed in and contains no personal data beyond your Discord user ID and the list of guild IDs where you hold administrator permissions. It expires when your session ends or after 30 days.

3. What we do NOT collect

No analytics or tracking cookies (no Google Analytics, Plausible, or similar)
No advertising identifiers
No Discord messages or server content
No payment data (Ko-fi donations are handled entirely by Ko-fi)

4. Data sharing

We do not sell, rent, or share your data with third parties except where strictly required to operate the service:

Discord — OAuth provider — subject to Discord's own Privacy Policy
Hosting / database provider — Our server and database infrastructure; data is processed in accordance with GDPR data-processing agreements

5. Data retention

Session tokens expire after 30 days of inactivity. Quota and club data is retained for as long as your club remains active on UmaCore. You may request deletion at any time (see Section 6).

6. Your rights (GDPR)

If you are in the EU / EEA, you have the right to:

Access — Request a copy of the data we hold about you
Rectification — Ask us to correct inaccurate data
Erasure — Ask us to delete your data ("right to be forgotten")
Restriction — Ask us to stop processing your data in certain circumstances
Objection — Object to processing based on legitimate interest
Portability — Receive your data in a machine-readable format

To exercise any of these rights, contact us at intranetzosu@gmail.com. We will respond within 30 days.

7. Changes to this policy

We may update this policy when we change how we process data. The “last updated” date at the top will reflect any changes. Continued use of UmaCore after an update constitutes acceptance of the revised policy.

← Back to login·Discord support