Privacy Policy

exclude.gg (“we,” “us,” or “our”) operates a customizable internet identity and profile platform. This Privacy Policy describes how we collect, use, store, and protect information when you use the Platform, including when you register an account, customize your profile, upload media, connect third-party accounts, or otherwise interact with our services.

By using exclude.gg, you agree to the practices described in this policy. If you do not agree, please do not use the Platform.

This policy applies to all users globally. Where we reference specific rights — such as those under GDPR or CCPA — those rights are available to all users regardless of location.

We collect information in two ways: information you provide directly, and information generated automatically by your use of the Platform.

We use the information we collect to:

• Provide, operate, and maintain the Platform and all of its features.
• Display your public profile — including media, links, and connected accounts — to visitors.
• Authenticate your identity, maintain session security, and protect your account.
• Send transactional communications: account verification emails, password reset links, and security alerts.
• Detect, investigate, and prevent fraud, abuse, spam, and violations of our Terms of Service and Content Policy.
• Respond to support requests, reports, and other communications you initiate.
• Analyse anonymized, aggregate usage data to understand how the Platform is used and to prioritize improvements.
• Comply with legal obligations and enforce our Terms.

We do not: sell your personal data to third parties, use your data to build advertising profiles, serve targeted advertising based on your activity, or share your data with data brokers.

We do not sell your personal data. We share your information only in the following limited circumstances:

• Infrastructure and service providers: We use third-party services for cloud hosting (Vercel), database hosting (Neon), object storage (Vercel Blob), and transactional email. These providers process data on our behalf under data processing agreements and are contractually prohibited from using your data for their own purposes.
• Legal compliance: We may disclose information when required to do so by a valid legal obligation — including a court order, subpoena, or binding request from a governmental authority. Where permitted by law, we will attempt to notify you before disclosing your information.
• Safety and harm prevention: We may share information with law enforcement or other parties where we believe in good faith that doing so is necessary to prevent imminent physical harm to a person, protect the safety of our users, or report CSAM as required by law.
• Business transfer: In the event of a merger, acquisition, bankruptcy, or asset sale, user information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on the Platform before such a transfer occurs, and you will have an opportunity to delete your account if you do not consent.

When you link a third-party account to your exclude.gg profile:

• We store the public data returned by that platform's API — typically your display name, username, avatar URL, and a platform-specific user ID.
• We do not retain OAuth access tokens beyond their immediate use, except where an ongoing, periodic verification process requires token storage. Any such tokens are encrypted at rest.
• Linked account data is displayed publicly on your profile by default. You may remove any linked account from your profile settings at any time.
• Removing a linked account from your exclude.gg profile deletes the stored platform data from our database but does not revoke the OAuth authorization you granted to that platform. You must revoke that access independently through the third party's own account settings.
• Each third-party platform's own privacy policy governs how they handle your data when you interact with their service.

When you upload a media file (avatar, banner, background, or music artwork), that file is transmitted over TLS and stored in Vercel Blob, a cloud object storage service operated by Vercel, Inc. We record the storage URL (“blob key”) of each uploaded file in our database to enable us to serve the file to profile visitors and to locate it for deletion.

• Uploaded files are stored in cloud object storage and served via a CDN. This means your uploaded media may be cached in multiple geographic locations to improve delivery performance.
• File metadata (content type, size, upload timestamp) is retained alongside the blob key in our database.
• When you replace or delete a media item from your profile, we delete the associated file from Vercel Blob storage. Deletion from CDN cache may take a short time to propagate.
• When you delete your account, all associated uploaded media files are deleted from storage within 30 days.
• We do not analyze, scan for faces in, or use the content of your uploaded media for any purpose other than serving it to your profile visitors and conducting required moderation review.

Vercel processes stored data in accordance with Vercel’s own privacy policy and data processing agreement. By using the upload features, you acknowledge that your files are stored on Vercel’s infrastructure.

We use a minimal number of strictly necessary cookies and browser storage mechanisms to operate the Platform. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics tools.

We do not use Google Analytics, Meta Pixel, or any other third-party advertising, tracking, or analytics scripts that transmit your behavior to external parties. Any analytics we implement are self-hosted and do not share data with third-party analytics platforms.

We retain your data for as long as your account is active or as needed to provide the Platform. Specific retention periods:

• Account data (username, email, display name, profile settings): Retained for the lifetime of your account. Deleted within 30 days of account deletion.
• Uploaded media files (avatars, banners, backgrounds): Deleted from cloud storage when you replace or remove them, or within 30 days of account deletion.
• Connected account data: Deleted when you remove the linked account from your profile, or within 30 days of account deletion.
• Platform activity logs (page views, follows, reactions): Retained for up to 12 months for operational purposes, then deleted.
• Server logs and technical usage data: Retained for up to 90 days for security and infrastructure purposes, then deleted.
• Support and moderation communications: Retained for up to 2 years from the date of resolution for audit and safety purposes.
• Backups: Data may persist in encrypted backups for up to 90 days after deletion from active systems, after which it is permanently purged.

When you delete your account, your public profile becomes inaccessible immediately. Personal data is purged from active databases within 30 days. We may retain minimal data longer if required by a legal hold or law enforcement request.

Regardless of where you are located, you have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of any personal data that is inaccurate or incomplete.
• Deletion: Request deletion of your account and associated personal data. You can also do this directly from your account settings.
• Portability: Request an export of your profile data and connected account information in a machine-readable format (JSON).
• Restriction: Request that we restrict processing of your personal data in certain circumstances.
• Objection: Object to processing of your personal data for purposes not strictly necessary to provide the service.

To exercise any of these rights, email security@exclude.gg. We will acknowledge your request within 5 business days and respond substantively within 30 days.

We will not discriminate against you for exercising any of these rights.

We implement reasonable, industry-standard technical and organizational measures to protect your personal data:

• All connections to exclude.gg are encrypted using TLS (Transport Layer Security).
• Passwords are never stored in plain text. We use scrypt, a memory-hard key derivation function designed to resist brute-force attacks.
• Session tokens are randomly generated, cryptographically secure, and expire after 30 days of inactivity.
• Uploaded files are stored in cloud object storage with access control policies that prevent unauthorized public access beyond the CDN delivery endpoint.
• Our infrastructure is hosted on Vercel and Neon, which maintain industry-standard security certifications and compliance programs.
• Administrative access to user data is restricted to a small number of authorized personnel with a legitimate need.

No method of internet transmission or electronic storage is 100% secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security. In the event of a data breach that materially affects your personal data, we will notify you promptly via the email address associated with your account.

exclude.gg is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account or provided us with personal data, contact us immediately at security@exclude.gg and we will delete the data promptly.

If you are between 13 and 18, you represent that a parent or legal guardian has consented to your use of the Platform in accordance with our Terms of Service.

The Platform integrates with and links to third-party services and websites. This Privacy Policy applies only to exclude.gg. We are not responsible for the privacy practices of any third-party service, including:

• Third-party platforms you connect to your profile (Discord, Twitch, Spotify, GitHub, Steam, etc.).
• External websites linked from your profile or another user's profile.
• Authentication providers (Google OAuth).
• Infrastructure providers (Vercel, Neon, Vercel Blob) — while these providers process data on our behalf, their own service terms and privacy policies govern their independent services.

When you click a link that leaves the Platform, you are subject to the privacy practices of the destination site. We encourage you to review the privacy policies of any third-party service you use in connection with exclude.gg.

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we make material changes, we will notify you by email and post a notice on the Platform at least 7 days before changes take effect.

The “Last updated” date at the top of this page reflects the most recent revision. Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

For privacy questions, data access requests, or to report a concern regarding your personal data:

© 2026 exclude.gg — All rights reserved.