GDPR Compliance
Your Rights Under the EU General Data Protection Regulation
Last Updated: May 14, 2026
This page summarizes how Pathway handles privacy requests for users in the European Union, European Economic Area, United Kingdom, and other regions with similar rights. Our full Privacy Policy provides more detail.
1. Data Controller
For GDPR purposes, the data controller is Pathway.
2. Legal Bases for Processing
Contract Performance
We process account, Discord, character, campaign, and command data when needed to provide the Pathway bot and web app.
Legitimate Interests
We process limited usage, security, analytics, and error data to keep Pathway reliable, secure, and useful during closed beta.
Consent
We rely on consent where required for optional cookies, feedback, beta communications, or voluntary data you choose to submit.
Legal Obligations
We may process and retain information when required to comply with law, respond to valid legal requests, or protect legal rights.
3. Categories of Data
- Discord identifiers, usernames, avatars, server IDs, channel IDs, and permission context
- Character sheets, Pathway JSON IDs, imported Pathbuilder data, feats, spells, skills, inventory, attacks, companions, notes, portraits, and related sheet data
- Server settings, active character preferences, initiative state, downtime data, calendar data, hunt and harvest data, homebrew entries, and campaign utilities
- Website session data, cookies, IP address, browser metadata, analytics, performance logs, and security logs
- Feedback, support requests, bug reports, and contact form submissions
4. Your Rights
Access
Request a copy of personal data associated with your Pathway account.
Portability
Request data in a commonly used format where technically feasible.
Correction
Ask us to correct inaccurate account or profile information.
Deletion
Ask us to delete personal data unless we must retain it for security, legal, backup, or abuse-prevention reasons.
You may also object to or restrict certain processing, and you may withdraw consent where processing is based on consent.
5. How to Make a Request
Email privacy@pathway.gg or contact us through the Pathway support server. To protect your data, we may ask you to verify control of the Discord account related to the request.
We aim to respond within 30 days where required by law. Complex requests or requests involving backups, abuse logs, or shared Discord server data may take longer.
6. International Transfers
Pathway is operated from the United States and uses service providers such as Discord, Supabase, hosting, analytics, and security providers. Your information may be processed outside your country. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent protections used by our service providers.
7. Retention
We keep personal data only as long as needed to provide Pathway, support closed beta testing, maintain security, resolve disputes, comply with legal obligations, and preserve backups. Deleted records may remain in backups or logs for a limited period before they expire.
8. Automated Decision-Making
Pathway does not use automated decision-making or profiling that produces legal or similarly significant effects. The bot does not use AI to run games or generate responses.
9. Contact
For privacy rights requests or GDPR questions:
Email: privacy@pathway.gg
Support Server: Join Pathway Support