Privacy Policy
Last updated: 29 June 2026
This Privacy Policy explains which data we process when operating dev1l.de, Discord login, Premium features and the community bots.
1. General information
We take the protection of your personal data seriously. This Privacy Policy explains what data we process on dev1l.de and through bot operations, for what purpose, on what legal basis — and what rights you have.
2. Hosting and server log files
The website is hosted on a VPS (provider: netcup GmbH). When you visit the website, the following technically necessary access data may be processed:
- IP address
- Date and time of access
- Requested URL
- HTTP method and status code
- Referrer URL
- Browser user agent
- Amount of data transferred
This data is processed to provide the website securely and stably, and to detect and prevent misuse. The legal basis is Art. 6(1)(f) GDPR (legitimate interests).
3. Discord login (OAuth)
On dev1l.de you can log in with your Discord account. Authentication is handled via Discord OAuth 2.0 (scope: identify) in combination with NextAuth.js. Email addresses are explicitly not requested or processed.
During the login process, the following data is received from Discord and stored server-side in an encrypted JWT session cookie:
- Discord user ID
- Display name / username (global_name or username)
This data is used to:
- manage your login session on the website
- link Premium purchases and keys to the correct Discord account
- populate the "My Keys" account page
The legal basis is Art. 6(1)(b) GDPR (contract performance / pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interests in securely linking purchases to accounts).
Discord processes its own data in the course of the OAuth flow in accordance with its own privacy policy. We have no influence over Discord's data processing.
4. Data processing by community bots
The DEV1LSCLUB bots (Azazel / DevilGambling, Lilith / DevilGuard) process certain Discord-related data in their own databases on the hosting server (VPS, provider: netcup GmbH) as part of their community functions.
Only the following categories of data are stored:
- Discord user ID
- DevilCoin balance (internal virtual community currency)
- Game-dependent data, for example game state, round and bet history for DEV1LBlackjack and DEV1LPrincess, as well as activity and level values
- Server and role assignments (guild-related data)
No personal data such as names, email addresses, IP addresses or message content is stored by the bots.
This data is processed solely to:
- operate the community games DEV1LBlackjack and DEV1LPrincess
- run the internal DevilCoin economy system
- assign community activity, roles and access server-internally
- detect and prevent misuse and manipulation of bot functions
The legal basis is Art. 6(1)(f) GDPR (legitimate interests in the stable and abuse-free operation of the community).
Data is retained for as long as the corresponding Discord account is a member of the community. You may request deletion of your bot-related data at any time by emailing admin@dev1l.de, unless compelling operational reasons prevent deletion.
5. Premium purchases and keys
When you purchase Premium access on this website, the following data is stored in our database after successful payment:
- Premium key code
- Plan ID and description
- Duration in days
- Price label at time of purchase
- Key status (active, redeemed, revoked/refunded)
- Creation date and time
- Discord user ID of the purchaser
- Stripe session ID and Stripe event ID (for deduplication and accounting)
In addition, a legal consent record is stored before checkout, containing: Discord user ID, plan ID, accepted versions of Terms, Privacy Policy and withdrawal notice, and a timestamp.
This data is processed to:
- provide the purchased Premium access
- prevent duplicate processing of payment events
- maintain records for accounting, customer support and dispute resolution
- detect and prevent fraud and abuse
The legal basis is Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(c) GDPR (legal retention obligations) and Art. 6(1)(f) GDPR (security, fraud prevention).
6. Payment processing via Stripe
Payments are processed via Stripe. The provider is Stripe Payments Europe, Ltd. or, depending on the region, an affiliated Stripe entity.
Stripe processes payment, billing and security data under its own responsibility. We receive from Stripe only the information required to match and confirm your purchase:
- Payment status
- Amount and currency
- Stripe session ID and Stripe event ID
- Email address, if provided at Stripe checkout
- Name, if provided at Stripe checkout
Full card details are never stored on our servers.
The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (legal obligations).
7. Cookies and session storage
The website uses only technically necessary cookies and local storage. The following cookies are currently set:
- next-auth.session-token — encrypted JWT cookie containing session data (Discord ID, display name, expiry). Required for authentication on the website.
- next-auth.csrf-token — CSRF protection token for secure form submissions during the login flow.
- next-auth.callback-url — stores the target URL after login so you are redirected to the correct page after authentication.
These cookies are necessary for the technical operation of the website and cannot be disabled without affecting functionality. The legal basis is Art. 6(1)(f) GDPR.
If a language preference is stored in browser local storage, this serves solely for technical navigation and contains no personal data.
8. Controller
The controller responsible for data processing on this website is the operator of DEV1LSCLUB: Dennis Bertram, c/o MDC#899, Welserstraße 3, 87463 Dietmannsried, Germany. Full contact details are available in the Imprint. Contact: admin@dev1l.de
9. No analytics, tracking or marketing cookies
We do not currently use analytics, tracking, advertising or marketing cookies and do not use any such services (e.g. Google Analytics, Meta Pixel). No cookie consent banner is therefore required at this time.
If we introduce such services in the future, this Privacy Policy will be updated accordingly and, where required, your consent will be obtained.
10. Recipients of data
Personal data may be shared with the following recipients:
- Hosting provider (VPS operator)
- Payment provider Stripe
- Discord Inc. (in the course of the OAuth login flow)
- Technical service providers where necessary for operations
- Tax advisors, authorities or other bodies where required by law
Data is shared only where necessary to provide services, fulfil contracts, comply with legal obligations or pursue legitimate interests.
11. International transfers
When using Discord or Stripe, personal data may be processed outside the European Economic Area (EEA). Such transfers are made on the basis of appropriate safeguards, e.g. adequacy decisions or EU standard contractual clauses.
12. Retention periods
- Server log files: stored only for a short period unless required for security measures or abuse investigation.
- Session cookies: lifetime per technical configuration (typically until the browser session ends or a defined expiry date).
- Bot data (Discord user ID, DevilCoin balance, game and activity data): retained for as long as the account is active in the community. Data is deleted upon request unless compelling operational reasons prevent deletion.
- Premium purchase and key data: retained for the duration of service provision and for accounting, support and evidential purposes. Statutory retention obligations (e.g. tax law) take precedence.
- Legal consent records: retained for the duration of applicable statutory retention obligations.
- Support requests: deleted once no longer needed, unless statutory retention obligations apply.
13. Your rights
Under the GDPR you have in particular the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to certain types of processing (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
To exercise your rights, please contact: admin@dev1l.de
14. No direct marketing
We do not use your data for direct marketing. If we introduce newsletters or marketing emails in the future, this will only be done with your separate consent or on another permitted legal basis.
15. Changes to this Privacy Policy
We may update this Privacy Policy when the technical setup, services used or legal requirements change. The current version is always available on this page.