Privacy Policy
1. Controller and Contact Details
The data controller responsible for processing your personal data is:
Oasis WorldE-mail: support@oasisworld.net
Website: https://verify.oasisworld.net
Data Protection Contact: support@oasisworld.net
2. Purpose and Legal Basis
We operate this verification gateway for the sole purpose of maintaining security, preventing fraud, and enforcing active access restrictions (such as bans) within the OasisWorld ecosystem.
The legal basis for processing is GDPR Art. 6(1)(f) – Legitimate Interest. Our legitimate interest is securing our infrastructure and protecting our community from automated attacks, spam, harassment, and intentional circumvention of operational bans.
Where you explicitly provide consent during the process, the legal basis is additionally GDPR Art. 6(1)(a). You may withdraw this consent at any time, which does not affect the lawfulness of processing based on consent before its withdrawal.
3. Data We Collect
The following categories of data are processed during the verification procedure:
| Category | Description / Scope | Source | Purpose |
|---|---|---|---|
| Account Data | Discord account identifiers, display profile data, email address, email verification state, account age derived from the Discord user ID, and basic account metadata. | Discord OAuth2 API | To identify the verifying account, check account integrity, and link authorization status. |
| Discord Footprint Signals | Discord server count, server names, server IDs, and owner flag returned by the authorized guilds scope, plus counts, service categories, display names, account IDs, and selected link metadata for verified linked accounts returned by the authorized connections scope. Permission values, server icons, server feature lists, friend-sync flags, and activity-sharing flags are not stored by this gateway. | Discord OAuth2 API | To detect low-trust or throwaway-account patterns and support manual review of suspicious verification attempts. |
| Discord Server Join Authorization | A temporary OAuth access token with the authorized guilds.join scope, held only in the secure server session until verification reaches a terminal result. | Discord OAuth2 API | To add approved accounts to the OasisWorld Discord server before verified role assignment or restoration is completed. |
| Network Logs | IP address (processed and pseudonymized) and derived generalized geographic region. | Web Request | To detect the use of anonymization tools and prevent platform abuse. |
| Technical Telemetry | Anonymized threat intelligence markers (identifying commercial hosting, proxies, or VPN networks). | External Security API | To evaluate infrastructure risks and prevent ban evasion. |
| Device Metadata | A unique, technical identifier generated from standard, non-reversible browser environment variables. | Browser Client | To identify recurring clients associated with active security restrictions. |
| Consent Record | Timestamp of acceptance. | Verification Form | To maintain an audit trail for legal compliance. |
Device Analysis and Telemetry Details
To ensure system integrity, the Service processes technical configurations sent by your browser. These variables are compressed via a one-way cryptographic hash function instantly upon collection.
We do not store raw, readable hardware profiles. The resulting hash functions strictly as a pseudonymized identifier to detect maliciously automated systems and cannot be reversed by us or third parties to track your device across unrelated networks.
4. IP Address Handling
IP addresses are classified as personal data and are treated with strict confidentiality:
- Your IP address is transmitted securely to our threat intelligence provider (see §7) to verify network integrity.
- We do not store raw, clear-text IP addresses long-term. All network identifiers are converted into secure, keyed cryptographic hashes immediately after processing.
5. Data Retention
| Record Type | Retention Period | Basis |
|---|---|---|
| Approved verification states | 90 days | To maintain authorized access and prevent immediate re-processing loops. |
| Flagged / security-restricted records | Indefinite | Overriding legitimate security interest to enforce active platform exclusions. |
| Audit and transactional logs | 1 year | Traceability and response during active security incidents. |
| Compliance records | 3 years | Statutory limitation periods and legal accountability. |
6. Your Rights under GDPR / DSGVO
You can exercise your legal rights at any time by contacting support@oasisworld.net:
- Right of access (Art. 15) – Request information about and a copy of your processed records.
- Right to rectification (Art. 16) – Request correction of inaccurate metadata.
- Right to erasure (Art. 17) – Request deletion of data, subject to legal exceptions (such as our ongoing legitimate interest in maintaining system bans).
- Right to restriction (Art. 18) and Data Portability (Art. 20) – Request processing limitations or structured data delivery.
- Right to object (Art. 21) – Object to processing based on legitimate interest. We will cease processing unless compelling, verifiable security grounds override your request.
- Right to lodge a complaint – You have the right to contact a supervisory authority, such as the German BfDI (www.bfdi.bund.de).
7. Third-Party Data Processors
Discord, Inc.
The OAuth2 interface is managed entirely by Discord under their own data policies. We request the scopes
identify, email, guilds, guilds.join, and connections. These allow us to read your basic Discord profile, email verification state, server-list footprint, and linked-account footprint for the verification checks described in this policy, and to add approved accounts to our Discord server.
Data transfers are covered by appropriate cross-border frameworks and Standard Contractual Clauses (SCCs).
Privacy Policy: discord.com/privacy
proxycheck.io
Network routing data is analyzed by proxycheck.io to detect automated proxy infrastructure. This provider processes data strictly under
contractual compliance rules and does not retain your network address beyond the execution of the real-time security check.
Privacy Policy: proxycheck.io/privacy/
Cloudflare, Inc.
Before a verification request is submitted, Cloudflare may process limited challenge telemetry to distinguish legitimate visitors from automated abuse.
This check is used only as a protective security measure for the verification gateway.
Privacy Policy: cloudflare.com/privacypolicy/
8. International Transfers
Core data processing takes place within the European Union / European Economic Area. For integrated third-party operations (e.g., Discord API routing), data protection is legally guaranteed through compliance under the EU-US Data Privacy Framework or valid Standard Contractual Clauses (SCCs).
9. Data Security
We enforce appropriate technical and organizational measures (TOMs) to secure data streams, including:
- Enforced transport layer encryption (TLS 1.2 or higher) for all entry points.
- Instant, non-reversible cryptographic obfuscation of network and hardware attributes.
- Strict access-control layers limiting access to infrastructure logs to verified security administrators.
- Defensive configuration patterns to protect web routing endpoints against denial-of-service and integrity attacks.
10. Automated Decision-Making
Access evaluations (automatic approval, flagging for review, or denial) are assisted by automated risk scoring based on account integrity, account age, Discord footprint signals, network attributes, and device metadata. This constitutes automated decision-making under GDPR Art. 22.
You have the explicit right to request human intervention. If you contest an automated decision, you can contact support@oasisworld.net to have an administrator manually assess your verification state.
11. Cookies and Local Storage
The Service deploys a single state cookie (OW_VERIFY) strictly necessary for functional routing and session safety.
It utilizes HttpOnly, SameSite=Lax, and Secure flags. During an active verification, the server-side session may temporarily hold the Discord OAuth access token needed for the approved-account server join. No marketing or cross-site tracking systems are used.
12. Children's Privacy
The Service is not intended for use by individuals below the age of 13 (or 16 where required by regional regulations without parental consent). Inquiries regarding unauthorized entries can be sent to support@oasisworld.net.
13. Changes to This Policy
Modifications to this privacy infrastructure will be logged here and communicated through our Discord system.
14. Contact & Rights Enforcement
For data disclosure or structural inquiries, contact:
Oasis WorldData Protection / Security Operations: support@oasisworld.net
General Operations: support@oasisworld.net