Version3.0is live —4.0 coming soon

Privacy Policy

Last updated: 20 May 2026

This Privacy Policy describes how Royal Arena (https://royal-arena.net), operated by Yael Brinkert (SIRET 93255081700013, France), collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and French law (Loi Informatique et Libertés).

1. Data Controller

Yael Brinkert — 23 rue de Bâle, 68440 Zimmersheim, France
Email: [email protected]

2. Data We Collect

We collect the following personal data when you use Royal Arena:

  • Account data (Discord OAuth): Discord user ID, username, avatar, and email address (if provided by Discord).
  • Epic Games account (optional, user-initiated): Epic account ID and display name, linked via Epic Games device authorisation.
  • Uploaded replay files: Fortnite .replay files submitted for coaching analysis, stored temporarily on Cloudflare R2.
  • Coaching session data: Notes you provide with your submission, and the delivered coaching video.
  • Token balance & transaction history: Number of tokens purchased and used, timestamps.
  • Payment data: Processed exclusively by Stripe. Royal Arena does not receive or store your card number. We receive a confirmation of payment and the email address to which Stripe sends the receipt.
  • Usage data: Pages visited, actions performed, anonymised analytics via Umami (self-hosted, no cross-site tracking).
  • Authentication tokens: JWT access and refresh tokens stored in your browser's localStorage for session management.

3. Purpose & Legal Basis

PurposeLegal basis
Account creation & authenticationContract performance (Art. 6(1)(b) GDPR)
Delivering the coaching serviceContract performance
Processing token purchasesContract performance
Sending payment receipts via StripeLegal obligation / contract performance
Improving the platformLegitimate interest (Art. 6(1)(f) GDPR)
Security & fraud preventionLegitimate interest
Compliance with legal obligationsLegal obligation (Art. 6(1)(c) GDPR)

4. Data Retention

  • Account data: Retained for as long as your account is active. Deleted upon account deletion request.
  • Replay files: Deleted from Cloudflare R2 once the coaching video is delivered and confirmed accessible.
  • Coaching videos: Stored on Cloudflare R2 and accessible in your dashboard. Deleted upon account deletion or on request.
  • Transaction records: Retained for 10 years as required by French accounting law (Article L123-22 du Code de commerce).
  • Authentication tokens: Refresh tokens expire after 30 days; access tokens after 60 minutes.

5. Data Storage & Hosting

  • Database & application server: Hosted on Hostinger VPS (61 Lordou Vironos Street, 6023 Larnaca, Cyprus).
  • Replay files & coaching videos: Stored on Cloudflare R2 object storage (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA). Data transfers to the USA are covered by Cloudflare's Standard Contractual Clauses.
  • Payment processing: Stripe, Inc. (510 Townsend St., San Francisco, CA 94103, USA). Stripe's processing is covered by appropriate data transfer mechanisms.

6. Third-Party Services

  • Discord: Used for authentication. Discord's privacy policy applies to their platform: discord.com/privacy.
  • Epic Games (optional): Used for linking your Fortnite account. Epic's privacy policy applies: epicgames.com.
  • Stripe: Handles all payment processing. We receive only a payment confirmation and your email. stripe.com/privacy.
  • Google AdSense: May use cookies to serve contextual ads. You can opt out via Google Ad Settings.
  • Umami Analytics: Self-hosted, privacy-friendly analytics. No cross-site tracking, no personal data sent to third parties.
  • api-fortnite.com: Used for Fortnite competitive data (display names, tournament results). No personal account credentials are shared.

7. Cookies & Local Storage

  • LocalStorage: Used to store your session tokens (JWT) and user preferences. This is required for the service to function.
  • Cookies: Used by Google AdSense for ad serving. No advertising cookies are set by Royal Arena directly.
  • We do not use tracking cookies for profiling or retargeting purposes.

8. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — obtain a copy of your data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure — request deletion of your account and associated data (subject to legal retention obligations).
  • Right to restriction — request that processing be limited in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interest.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include HTTPS encryption, JWT authentication with short-lived access tokens, and access controls on our infrastructure. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified on the site. The date at the top of this page reflects the latest revision.

Contact: [email protected]