Privacy first. Integrity second.

When you use any Tennessee Roleplay surface — this website, our Discord bot, or our private ER:LC server — we become a data controller for the information you give us or that we generate about you. This page is your map to that data. It is written to satisfy the GDPR transparency requirements (Articles 13–14), Discord's Developer Policy, and Roblox's Creator Third-Party App Policy, while still being readable by a teenager. If it ever fails to be readable by a teenager, tell us and we will fix it.

Tennessee Roleplay(“TNRP”, “Tennessee State Roleplay”, “we”, “us”) is a community-run Tennessee State Roleplay server operated on Roblox's Emergency Response: Liberty County (ER:LC) experience, hosted on a private server provided by Police Roleplay Community (PRC). Tennessee Roleplay is operated from Norway by the named members of the staff team. We are a hobby project, not a registered company.

For the purposes of the EU/EEA General Data Protection Regulation (GDPR), the head of staff is the controller of the personal data described in this policy. The lawful basis for each processing activity is given inline below.

We do not currently maintain a generic privacy inbox. To contact us about anything privacy-related — to ask what we hold about you, correct something, or ask us to delete it — open a ticket in our Discord server. See §16 — Contact us for the exact path. We respond within thirty (30) days, the same window the GDPR sets.

This policy covers all the data we touch as Tennessee Roleplay:

• The website at tnrp.net and any subdomain we run, including the dashboard, leaderboard, verification flow, and any backend API the website calls.
• Our Discord bot and the Discord servers it lives in (the community guild and any sister server you join through us).
• Our private ER:LC server, but only for the data the PRC API sends us about what happens inside it.

This policy does not cover what Discord, Roblox, or PRC do with the data you give them directly. They are separate controllers and their own policies apply to that data. We summarise the parts of their terms that matter to you in §15 — Discord, Roblox & PRC.

We deliberately collect as little as we can get away with. The categories below are everything — if it is not on this list, we are not collecting it.

3.1 — When you visit the website

Our hosting provider receives standard request data (IP address, user-agent, requested path, timestamp, referer) the same way every web server on the internet does. We do not run any analytics tracker, advertising pixel, fingerprint script, or third-party font loader. The website does not set any cookie at all unless you sign in. See §5 — Cookies & local storage.

Lawful basis: Article 6(1)(f) GDPR — legitimate interest in operating, debugging, and securing the site.

3.2 — When you link your Discord account

To sign in to tnrp.net or to verify with our bot, we send you through the official Discord OAuth flow. We ask Discord for the minimum scopes that make verification and sister-server access work: identify always, and guilds.join when we may need to place you in a sister server. Discord sends us back:

We do not request your email, phone number, payment information, or full guilds list. We do not see your Discord messages outside of channels our bot is in.

Lawful basis: Article 6(1)(b) — performance of the community membership you asked us for — for the identity link. Article 6(1)(f) — legitimate interest in moderation and account integrity — for the use of these identifiers in staff tooling.

3.3 — When you link your Roblox account

Verification finishes by sending you through the official Roblox OAuth flow. We ask for openid and profile only. Roblox sends us back:

We do not request your Roblox email, age, friend list, item inventory, group memberships, or premium status. We do not read your Roblox messages or your purchases. We do not call any Roblox endpoint that returns those.

Lawful basis: Article 6(1)(b) for the identity link itself, Article 6(1)(f) for keeping the username fresh.

3.4 — While you play on the ER:LC server

When you are inside our private ER:LC server, the server owner authorises us to retrieve game state through the PRC API. We poll that API every few seconds. Each poll can give us:

• Who is currently in the server: Roblox username, Roblox user ID, in-game team and callsign, permission level, wanted level.
• Join and leave events with timestamps, so we can keep visit counts and session lengths.
• The queue of players waiting to join.
• Kill logs (who was killed, by whom, when) and command logs (commands moderators ran) used to investigate disputes.
• Mod-call and emergency-call records, including the in-game position of the caller, so PD/Fire/EMS can dispatch correctly.
• Vehicles you spawn: model name, plate, colours, and texture, so staff can match an incident to the right driver.

Lawful basis: Article 6(1)(f) — legitimate interest in operating the community, performing moderation, and producing the live status that the website shows.

3.5 — When you use the bot in Discord

Inside Discord, the bot logs the events you would expect a moderation bot to log: moderation actions taken against you (warnings, kicks, bans, timeouts, mutes), ticket conversations you opened or that were opened about you (including the message content inside the ticket and any attachments), poll votes you cast, ban appeals you submitted, and configuration changes made by staff. Our log channel kinds (message, voice, ticket, moderation, access, automod, security, etc.) are listed in the bot's source.

We do not store the content of normal channel messages, voice audio, direct messages with the bot beyond what you explicitly send to it, or anything from other Discord servers.

Lawful basis: Article 6(1)(f) — legitimate interest in moderation, dispute resolution, and a community-safety audit trail; combined with your acceptance of our Terms of Service.

3.6 — Information we generate about you

Once you are a member, we generate and store records that exist because of you, not from a platform feed. These are personal data and we own creating them:

• Your in-game character profile — first name, last name, date of birth, gender, optional height, optional address, optional bio, an auto-generated 555-prefixed phone number, and your registered vehicle plate. This is the information you supply with /character create. You can edit or delete it from the bot.
• Your civic record — citations, arrests, medical-incident notes, fire-incident notes, and general staff/department notes attached to your character. These are written by staff or by your fellow players on duty.
• Your licenses — driver, gun, fishing, hunting, medical, with issue dates, optional expiry, optional revocation, and the in-game price you paid.
• Your economy data — wallet balance, lifetime earnings, jobs completed, daily-claim streak, the last few hundred transactions, your vehicle purchases, and your stock holdings and trades. None of this is real money.
• Your duty history — shifts started, shifts ended, total minutes worked, and the in-game pay you earned per department.
• Your moderation history — every warn, kick, ban, timeout, unban, untimeout, and note, with the moderator who issued it, the reason, the duration, and any revocation.
• Your bounties — bounties you placed and bounties placed on you.

You can see most of this yourself on your dashboard.

Lawful basis: Article 6(1)(b) — necessary for the community service you are using — combined with Article 6(1)(f) for the audit-trail aspect of moderation records.

OAuth tokens are the most sensitive thing we hold. If they leaked, someone could impersonate you on Discord or Roblox to the limited extent the scopes allow. We treat them accordingly:

• We encrypt every access token and refresh token at rest using AES-256-GCM. The key is derived using HKDF from a secret that lives only in our environment and is never committed to source control.
• Tokens are stored only in our verification table, never in logs, error reports, or backups that leave the production environment.
• We only use a token to call the platform it came from, only for the scope you granted, and only in the immediate course of operating the community.
• When you run /unverify, when an admin revokes your verification, or when you ask us to delete your account, we delete the token rows entirely — not just blank them.

You can independently revoke our access at any time from your Discord and Roblox account settings, even without going through us. We recommend doing both if you are concerned.

We use exactly one cookie today: a signed-in-session cookie named tnrp_session. It is set on the.tnrp.net domain, marked HttpOnly and Secure, and contains a JWT with your Discord user ID, username, avatar, and an expiry. It is strictly necessary for the dashboard to know who you are; it does not track you across sites.

We do not use third-party advertising cookies, cross-site tracking pixels, or session-replay tooling. We never will.

For each purpose, the data and the lawful basis:

• Letting you sign in — Discord ID and session cookie. Basis: contract (6(1)(b)).
• Linking your Discord and Roblox identities — the OAuth flow above. Basis: contract.
• Operating the in-game community — PRC API poll, character data, economy, duty, licenses, civic records. Basis: contract for the parts you opt in to (creating a character, taking jobs), legitimate interest for the parts that keep the community working (moderation logs, audit trail).
• Moderation, dispute resolution, and ban appeals — moderation history, ticket transcripts, PRC kill/command logs. Basis: legitimate interest in a safe, fair community.
• Showing public stats — the live server status and the leaderboard. Basis: legitimate interest. We never show anything more identifying than the username you have already chosen to use publicly on Discord and Roblox.
• Account integrity and alt-account detection — see the next section. Basis: legitimate interest in community safety, with a documented Legitimate Interest Assessment we will share on request.

We do not use your data to advertise to you, to sell you anything, to enrich third-party profiles about you, or to train AI or machine-learning models — not ours, not anyone's.

To detect and stop attempts to evade bans, we may process the following signals. Not all of these are collected today, but we are listing them all so we never quietly grow into something you have not been told about:

• Your Discord user ID and account creation date, and your Roblox user ID and account creation date.
• The history of which Discord IDs have been linked to which Roblox IDs and when — including past revocations.
• IP addresses observed at OAuth callback or login. Held short-term for ordinary sign-ins, retained longer when specifically tied to a confirmed ban.
• Browser characteristics we passively receive — user-agent string, accepted languages, time zone offset — when they help us distinguish a returning banned user from a genuine new member.
• Behavioural signals inside the game and the bot: time-of-day patterns, who you join the server with, whether you immediately display the speech tics of a known banned user.
• Cross-references against the Roblox and Discord IDs of confirmed banned users, including alternate accounts those users themselves have admitted to.

How decisions get made: a human staff member reviews any flag before it produces a consequence. We do not ban you because a computer told us to. Article 22 GDPR (decisions based solely on automated processing) does not apply because there is always a person in the loop.

Retention here is different. Where you are an active member in good standing, integrity signals are deleted on a short schedule. Where you have been confirmed banned, we may retain the minimum identifiers needed to recognise you on a new account for up to five (5) years from the date of the ban, after which we re-evaluate or delete. We do this for the safety of the community, and especially of minors in it.

Your rights are intact. Under Article 21 GDPR you have the right to object to legitimate-interest processing, including this. We will continue only where we can show compelling legitimate grounds, which for community-safety processing involving minors is the typical outcome. You can always lodge a complaint with your supervisory authority — for Norway, that is Datatilsynet.

What we will never do. We will not sell any of this. We will not share it with advertisers or data brokers. We will not use it to train AI/ML models. We will not share it with other communities unless they are part of an explicit ban-sharing agreement we tell you about in this policy first.

We share personal data with the following categories of third parties. Where someone acts on our instructions (a processor), they are bound by data-processing terms with their upstream provider.

We do not sell personal data, and we do not share it for any third party's independent marketing, advertising, profiling, or AI-training purposes.

We will hand over data when we are legally required to (a valid subpoena, court order, or equivalent under Norwegian law), and when we believe in good faith that disclosure is necessary to prevent imminent harm. If we ever do, we will note it in our transparency log.

Our operator is in Norway (EEA). Discord, Roblox, PRC, and our hosting provider may process data in the United States or other countries outside the EEA. Where they do, transfers rely on the EU–US Data Privacy Framework adequacy decision (for participating US-based recipients) and/or the European Commission's Standard Contractual Clauses, plus our own technical safeguards (encryption in transit and at rest for tokens, minimised scopes).

Where you ask us to delete you and we are not under a legal obligation to retain, we will delete within thirty (30) days. For banned-user identifiers specifically, see §07 for the exception.

Under the GDPR, the UK GDPR, the California CCPA/CPRA, and most comparable privacy laws, you have a set of rights over your personal data. We honour them regardless of where you live — treating non-EEA users worse would be both petty and unmaintainable.

• Access — you can ask us for a copy of the personal data we hold about you.
• Rectification — if something we hold is wrong, we will correct it. Most fields are editable from the dashboard or via bot commands; the rest we will fix on request.
• Erasure(“right to be forgotten”) — you can ask us to delete your data. Subject to §07 (banned users) and any legal obligation to retain, we will. Running /unverify deletes the OAuth-token link immediately; a full erasure removes the rest.
• Restriction — you can ask us to pause certain processing while a dispute is resolved.
• Portability — for the data you gave us under contract or consent, we will export it in a machine-readable format (JSON).
• Objection — you can object to processing based on legitimate interest, including the integrity processing in §07.
• Withdraw consent — where we relied on consent (we mostly do not), you can withdraw it at any time.
• Complaint — you can lodge a complaint with your supervisory authority. In Norway, Datatilsynet. In the UK, the ICO. Other EEA states have their own — we will not hold it against you.

To exercise any of these, open a ticket as described in §16. We will not charge you a fee unless your request is manifestly unfounded or repetitive (it almost never is). We aim to answer inside thirty (30) days and will tell you if we need longer.

For California residents:we do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA. You have the right to know what we collect, to delete it, to correct it, and to limit use of sensitive personal information. To exercise these, follow the same path as above.

You must be at least 13 years oldto use Tennessee Roleplay, in any of its forms. That matches Discord's minimum age and Norway's implementation of GDPR Article 8 (age of digital consent). In jurisdictions where the legal minimum is higher (some EU member states set it at 14, 15, or 16), the higher age applies to you.

Roblox separately classifies certain accounts as belonging to users under 13 and applies its own restrictions. We honour Roblox's classification: where Roblox tells us a linking account is under 13, the link will fail.

Tennessee Roleplay is not directed at children under 13. We do not knowingly collect personal data from a child under 13. If you are a parent or guardian and you believe your child has provided personal data to us, contact us via the path in §16 and we will delete it without delay.

We take security seriously, and we accept that we are not a professional security operation. The measures in place today include:

• TLS everywhere — HTTPS to the website and the bot API.
• AES-256-GCM encryption at rest for OAuth access and refresh tokens, with a key derived via HKDF from a secret held only in our environment.
• HMAC-signed and timestamped requests between the website and the bot, with a 5-minute clock skew window.
• Single-use nonces on inbound webhooks to prevent replay.
• Short-lived staff tokens (7 days) with a per-staff sign-out-everywhere watermark and an extra role check on every privileged call.
• Permission-bounded scopes — we ask Discord and Roblox for the minimum they support, and nothing more.

We will tell you, and the supervisory authority, if we ever suffer a personal-data breach that is likely to result in a risk to your rights and freedoms. The GDPR requires we tell the authority within 72 hours; we will tell affected users as quickly as we can verify the scope.

We will update this page as the service evolves. The version string and “last updated” date at the top of the page track changes. For anything material — new categories of data, new third parties, new retention windows — we will announce it in our Discord and pin a notice on the dashboard for at least fourteen (14) days before it takes effect.

We will not silently broaden what we collect about you. Quiet erosion of a privacy policy is the most common dark pattern in our industry; we are committing here not to do it. If we breach this commitment, you have a public document to call us on.

Verifying with Tennessee Roleplay means signing in to Discord and Roblox. Playing on our server means accepting the PRC ER:LC experience terms. Below is the short version of each — read the long versions on their own sites; this is a summary in good faith, not legal advice.

The fastest and most reliable way to reach us about anything covered by this policy is through our Discord server:

• Open a Privacy ticket — run /ticket in our community guild and choose the Privacy / Data category. If no Privacy category exists yet, choose Supportand write “privacy request” as the first line; ticket staff will route it.
• If you cannot reach our Discord — for example, because you have been banned and need to make a data-subject request — reply to the ban DM you received, or contact a staff member on Roblox using the Roblox username listed in your verified profile. We are working on a non-Discord intake; this page will be updated when it is live.

You can also go directly to the source: revoke our access from your Discord authorised apps and your Roblox account's connected apps settings. Doing so stops new data from flowing to us. To delete what we already hold, you still need to contact us.