Privacy Policy

How JMS-Interactive Ltd (JMS RP) collects, uses, stores, and shares personal data when you use our website, control panel, and related community services.

This documentation describes our implementation towards compliance with UK GDPR and related privacy law. It is not legal advice and does not certify full regulatory compliance.

Who we are

JMS-Interactive Ltd operates JMS RP, including this website, the user control panel (UCP), and integrations with Discord, our forums (NodeBB), game infrastructure, and payment partners.

For privacy questions or to exercise your rights, contact us at [email protected].

Personal data we process

We process only what is needed to run the community, keep accounts secure, and respond to support and legal obligations. Categories include:

Account data: email address, website user ID, authentication session identifiers, OAuth linkage (e.g. Discord snowflake when you connect Discord).
Gameplay and community linkage: FiveM licence and citizen identifiers when linked through trusted flows; NodeBB UID when linked to your account.
Support and moderation: ticket transcripts, staff notes, and case metadata held in our overseer systems (not raw Discord message exports on this website).
Communications: contact form messages and privacy request details you submit.
Technical data: security logs, queue history, and staff audit events. We do not store raw IP addresses or user-agent strings in consent audit events.
Optional analytics: only after you opt in to analytics cookies (see Cookie policy).

Lawful bases

Depending on the processing activity, we rely on contract (providing the service you signed up for), legitimate interests (security, abuse prevention, community operations), legal obligation (records we must keep), or consent (optional analytics cookies).

Where we rely on legitimate interests, you may object where applicable — see Data subject requests.

How we use personal data

Authenticate you and maintain your account and UCP.
Operate whitelist, queue, store, and staff tooling.
Respond to support tickets, moderation appeals, and contact enquiries.
Process privacy requests (access, erasure, restriction, objection, correction, consent).
Detect abuse, enforce rules, and protect staff and members.
Meet legal and regulatory requirements and defend legitimate claims.

Your rights

UK GDPR provides rights including access, rectification, erasure, restriction, objection, and data portability where applicable. Submit requests via the signed-in Privacy area or as described on our Data subject requests page.

We verify identity before fulfilling requests. Erasure and export are not instant automated actions — staff review applies retention rules and manual-review categories.

How to submit a request

Retention

We keep data only as long as needed for the purposes above. Some categories require manual review before deletion (e.g. moderation cases, staff audit logs, privacy request records).

Backups may retain erased data until rotation completes; we use tombstone records to prevent reintroduction — see Retention schedule and internal backup procedures.

Retention schedule

Security

We apply technical and organisational measures including access controls, encryption in transit, staff RBAC, and audit logging. No online service is completely secure; report concerns to the contact above.

Children

Our services are not directed at children under 13. If you believe we hold a child's data without appropriate consent, contact us and we will take appropriate steps.

Changes

We may update this policy. Material changes will be reflected on this page with an updated date. Continued use after changes constitutes acknowledgement of the updated policy where permitted by law.

Last updated: May 2026