Privacy Policy

1. Introduction and Service Nature

MirrorMyst is a community-driven marketplace for World of Warcraft transmog items. Please understand:

• This service is provided "as is" without warranties
• No commercial purpose - purely for community benefit
• Operated as a personal hobby project by an individual
• GDPR compliant within legal requirements for EU data processing
• Operated by an individual, not a company or organization

2. Information We Collect

2.1 Account Information

When you create an account via Battle.net OAuth, we collect:

• Battle.net username and basic account information
• Email address (if provided by Battle.net)
• WoW character name and realm selection
• Optional Discord account information (if you choose to link it)

2.2 Usage and Service Data

• Transmog listings you create
• Messages and communications with other users
• Search queries and browsing preferences
• IP address and geographic region (for WoW region detection)
• Technical logs and error reports

3. How We Use Your Information

We use collected information solely to:

• Provide and maintain the marketplace functionality
• Facilitate communication between buyers and sellers
• Send important service-related notifications
• Improve and optimize the user experience
• Prevent abuse, fraud, and violations of terms
• Comply with legal obligations under GDPR and Czech law

Legal Basis (GDPR): Processing is based on: (a) Your consent when creating an account, (b) Contractual necessity to provide the service, (c) Legitimate interest in operating and improving the platform, (d) Legal obligation compliance.

4. Information Sharing and Disclosure

4.1 Public Information Shared with Other Users

As part of the marketplace functionality, other users can see:

• Your Battle.net username and selected WoW character information
• Your transmog listings, prices, and descriptions
• Messages you send through the platform messaging system

4.2 Third-Party Services

• Battle.net OAuth: For authentication only (privacy policy: battle.net/legal)
• Discord OAuth: Optional - for authentication only (privacy policy: discord.com/privacy)
• Hosting: Data stored on hosting infrastructure (GDPR compliant providers)
• Wowhead: For item tooltip display only (privacy policy: wowhead.com/privacy-policy)

4.3 Legal Requirements

We may disclose information if required by law, legal process, or to protect rights, safety, or property. This includes responding to government requests within EU/Czech legal framework.

5. Data Security

We implement reasonable security measures within our capabilities as an individual operator:

• HTTPS encryption for all data transmission
• Password hashing (via Laravel framework)
• Access control and authentication systems
• Basic security monitoring and logging

Important: While we take reasonable precautions, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Cookies and Tracking Technologies

6.1 Essential Cookies (Required)

These cookies are necessary for the website to function:

• laravel_session: Maintains your login session
• XSRF-TOKEN: Prevents cross-site request forgery attacks
• laravel_cookie_consent: Remembers your cookie consent preferences

6.2 Functional Cookies (Optional)

These cookies enhance your experience:

• region: Stores your WoW region preference (30 days)
• darkMode: Remembers your dark/light theme preference

6.3 Analytics Cookies

Currently NOT implemented. If implemented in future, you will be asked for consent.

7. Your GDPR Rights

Under GDPR, you have the following rights:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data (subject to legal obligations)
• Right to Data Portability: Receive your data in machine-readable format (JSON export)
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (by deleting your account)

To exercise any of these rights, please contact us at filip@digihood.cz. We will respond within 30 days as required by GDPR.

8. Data Retention

We retain your data only as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days, except: (a) Transaction logs required for dispute resolution (retained for 90 days), (b) Data required by law to retain.

9. International Data Transfers

Data is primarily stored within EU. If transferred outside EU, we ensure adequate safeguards (e.g., Standard Contractual Clauses) are in place.

10. Children's Privacy

This service is not intended for users under 13 years old. We do not knowingly collect data from children under 13. If you believe a child has provided personal data, please contact us immediately.

11. Third-Party Links

Our service links to external sites (Wowhead, Battle.net, etc.). We are NOT responsible for their privacy practices. Please review their respective privacy policies.

12. Changes to Privacy Policy

We may update this policy. Significant changes will be announced via email or site notification. Continued use after changes constitutes acceptance.

13. Contact Information

For privacy-related questions, GDPR requests, or concerns:

• Contact page: https://mirrormyst.com/contact
• Email: filip@digihood.cz

14. Supervisory Authority

If you believe we are not complying with GDPR, you have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů - ÚOOÚ) at: uoou.cz