Privacy Policy

How JMS-Interactive Ltd (JMS RP) collects, uses, stores, and shares personal data when you use our website, control panel, and related community services.

This documentation describes our implementation towards compliance with UK GDPR and related privacy law. It is not legal advice and does not certify full regulatory compliance.

Who we are

JMS-Interactive Ltd operates JMS RP, including this website, the user control panel (UCP), and integrations with Discord, our forums (NodeBB), game infrastructure, and payment partners.

For privacy questions or to exercise your rights, contact us at [email protected].

Personal data we process

We process only what is needed to run the community, keep accounts secure, and respond to support and legal obligations. Categories include:

  • Account data: email address, website user ID, authentication session identifiers, OAuth linkage (e.g. Discord snowflake when you connect Discord).
  • Gameplay and community linkage: FiveM licence and citizen identifiers when linked through trusted flows; NodeBB UID when linked to your account.
  • Support and moderation: ticket transcripts, staff notes, and case metadata held in our overseer systems (not raw Discord message exports on this website).
  • Communications: contact form messages and privacy request details you submit.
  • Technical data: security logs, queue history, and staff audit events. We do not store raw IP addresses or user-agent strings in consent audit events.
  • Optional analytics: only after you opt in to analytics cookies (see Cookie policy).

Lawful bases

Depending on the processing activity, we rely on contract (providing the service you signed up for), legitimate interests (security, abuse prevention, community operations), legal obligation (records we must keep), or consent (optional analytics cookies).

Where we rely on legitimate interests, you may object where applicable — see Data subject requests.

How we use personal data

  • Authenticate you and maintain your account and UCP.
  • Operate whitelist, queue, store, and staff tooling.
  • Respond to support tickets, moderation appeals, and contact enquiries.
  • Process privacy requests (access, erasure, restriction, objection, correction, consent).
  • Detect abuse, enforce rules, and protect staff and members.
  • Meet legal and regulatory requirements and defend legitimate claims.

Processors and third parties

We use service providers for hosting, email, analytics (only if you opt in), Discord, forums, game servers, and payments. Each processor is engaged under appropriate terms.

We do not sell personal data. We may disclose data when required by law or to protect rights and safety.

  • Discord: community membership, OAuth, and ticket channels — governed by Discord's policies when you use their platform.
  • NodeBB forums: separate account and posts — see forum privacy notices.
  • Tebex / payment partners: purchase records — we do not control deletion timelines in their systems.
  • Google Tag Manager: loaded only after analytics consent on this website.

Your rights

UK GDPR provides rights including access, rectification, erasure, restriction, objection, and data portability where applicable. Submit requests via the signed-in Privacy area or as described on our Data subject requests page.

We verify identity before fulfilling requests. Erasure and export are not instant automated actions — staff review applies retention rules and manual-review categories.

How to submit a request

Retention

We keep data only as long as needed for the purposes above. Some categories require manual review before deletion (e.g. moderation cases, staff audit logs, privacy request records).

Backups may retain erased data until rotation completes; we use tombstone records to prevent reintroduction — see Retention schedule and internal backup procedures.

Retention schedule

Security

We apply technical and organisational measures including access controls, encryption in transit, staff RBAC, and audit logging. No online service is completely secure; report concerns to the contact above.

International transfers

Some of our processors are located outside the United Kingdom or European Economic Area, including in the United States (for example Google Tag Manager when you opt in to analytics, Discord, Tebex, and our hosting providers).

Where we transfer personal data internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), UK Addendum to EU Standard Contractual Clauses, or the processor's participation in recognised transfer frameworks, together with contractual protections.

For more information about international transfers, see the ICO guidance at https://ico.org.uk/for-organisations/advice-for-small-organisations/privacy-notices/make-it-meaningful/international-transfers/.

Personal data breaches

We maintain procedures to detect, investigate, and respond to personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office without undue delay and, where required, within 72 hours of becoming aware of the breach.

If a breach is likely to result in a high risk to you, we will also inform you without undue delay, describing the nature of the breach and the steps we are taking.

Complaints and supervisory authority

If you have concerns about how we handle your personal data, please contact us first at the email above so we can try to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). We encourage you to contact us before doing so, but you are not required to. You can find guidance and submit a complaint at https://ico.org.uk/make-a-complaint/.

Children

Our services are not directed at children under 13. If you believe we hold a child's data without appropriate consent, contact us and we will take appropriate steps.

Changes

We may update this policy. Material changes will be reflected on this page with an updated date. Continued use after changes constitutes acknowledgement of the updated policy where permitted by law.

Last updated: May 2026