Privacy Policy
Last updated: February 23, 2026
1. Introduction
Welcome to UNIVERSEsigna (DOT) com ("we", "our", "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.
This privacy policy explains how we collect, use, and protect your information when you use our verification platform at https://universesigna.com.
2. Data Controller
The data controller responsible for your personal data is:
Blumentorstraße 16
D-76227 Karlsruhe
Germany
Phone: +49 178-399 35 75
Email: imprint@warmupserver.net
VAT ID: DE336380299
HRB: HRB738338, Amtsgericht Mannheim
Data Protection Officer: Berno Wiegel
DPO Contact: privacy@universesigna.com
3. Data We Collect
We collect the following categories of personal data:
3.1 Data from Steam
- Steam ID (unique identifier)
- Display name (persona name)
- Profile avatar URL
- Country code (if public)
3.2 Data from Discord (optional)
- Discord user ID
- Username
- Email address (if provided)
- Avatar URL
3.3 Data from X/Twitter (optional)
- X user ID
- Username
3.4 Data from Facebook (optional)
- Facebook user ID
- Username
3.5 Data You Provide
- Email address (if you choose to add one)
3.6 Automatically Collected Data
- Login timestamps
- Session tokens (encrypted)
- IP address (for security purposes, retained for 30 days)
- Browser/device information (user agent string, for security monitoring)
4. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| User authentication and account management | Contract performance (Art. 6(1)(b)) |
| Calculate and display trust level | Contract performance (Art. 6(1)(b)) |
| Verify X/Twitter account ownership (identity confirmation) | Contract performance (Art. 6(1)(b)) |
| Provide trust verification to WarmupServer | Consent (Art. 6(1)(a)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Website analytics (if you consent) | Consent (Art. 6(1)(a)) |
5. Data Sharing
We share your data with the following parties:
5.1 WarmupServer.net
When WarmupServer queries our API, we share: your Steam ID, trust level, and connected account status (but not your personal details like username or email).
5.2 Third-Party Services
- Steam - For authentication (their privacy policy applies)
- Discord - For optional account linking (their privacy policy applies)
- X (Twitter) - For optional account linking (their privacy policy applies)
- Facebook - For optional account linking (their privacy policy applies)
- Google Analytics - For website analytics (only if you consent)
6. Data Retention
We retain your data for the following periods:
- Account data: Until you delete your account. Upon deletion, your data is flagged for removal and your account is deactivated.
- Account recovery: As a protection against unauthorized account deletion, your account can be restored by logging in again within 90 days. After this period, personal data is permanently removed by automated cleanup.
- Session tokens: Maximum 1 year, or until logout.
- Security logs: 30 days.
- Security records: Ban history, administrative flags, and related security records are retained indefinitely as required for the safe operation of our platform (Art. 6(1)(f) — legitimate interest). This is comparable to a business's right to maintain a prohibition of entry list.
- Platform identifiers: Steam IDs linked to security records are retained as part of those records.
- Legal obligations: Data required by law (e.g. tax records under AO §147) is retained as legally required.
7. Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access
Request a copy of your personal data. View it on your profile page.
Right to Rectification
Update your data in settings or re-authenticate with corrected info.
Right to Erasure
Delete your account in settings. Your account will be deactivated and personal data removed after a retention period. Security records required for platform operations are retained per Section 6.
Right to Data Portability
Request your data in machine-readable format. Contact us at headadmin@universesigna.com.
Right to Object
Object to processing based on legitimate interest. Contact us to discuss.
Right to Withdraw Consent
Withdraw consent anytime by disconnecting accounts or deleting your account.
8. Cookies
We use the following cookies:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| universesigna_session | Session management | Session | Essential |
| remember_token | "Remember me" login | 7d - 1 year | Essential |
| cookie_consent | Store your cookie preference | 1 year | Essential |
| _ga, _gid | Google Analytics | 2 years | Analytics (consent required) |
You can manage cookie preferences in your settings or browser settings.
9. Security
We implement the following security measures:
- HTTPS encryption for all data transmission
- Secure, HttpOnly, SameSite cookies
- Hashed session tokens (SHA-256)
- Prepared SQL statements (prevents injection attacks)
- CSRF protection on all forms
- OAuth 2.0 / OpenID for authentication (no passwords stored)
10. International Data Transfers
Our servers are located in Germany (Hetzner). When you authenticate with Steam, Discord, X, or Facebook, your data may be processed in the United States by those services. These transfers are covered by their respective privacy policies and data protection agreements.
11. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact Us
If you have questions about this privacy policy or wish to exercise your rights, contact us:
Discord: WarmupServer Discord
You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
Supervisory Authority (Germany): Contact your state's data protection authority. A list of authorities is available at: www.bfdi.bund.de