πŸ‘€ You're viewing a live demo of PitBox β€” explore every section freely; changes aren't saved. Start your league β†’
Privacy Policy

Last updated: June 20, 2026

1. Who We Are

PitBox is operated by BrockDev (brockdev.co). This policy explains what data we collect, how we use it, and your rights regarding it.

2. Data We Collect

We collect only what is necessary to run the service:

  • Discord account data β€” When you sign in via Discord OAuth2, we receive and store your Discord user ID, username, and avatar hash. We do not receive your email address, phone number, or any other Discord data beyond what the identify scope provides.
  • League data you enter β€” Race results, schedules, driver names and gamertags, car numbers, and any other information you or your league admins input into the panel.
  • Session data β€” A standard PHP session cookie is set on login to keep you authenticated. It contains no personal information beyond a session identifier and expires when you sign out or after 24 hours of inactivity.
  • Billing information β€” Subscription and invoice records (plan, amount, status, PayPal subscription/invoice IDs). We do not store card numbers, bank details, or any payment credentials β€” all payment processing is handled directly by PayPal.
  • Webhook events β€” PayPal sends signed event notifications to our server (subscription activated, payment received, etc.). We log these for idempotency and audit purposes.
  • Privacy-friendly usage analytics β€” On public pages (your league's landing page and standings pages) we record anonymous, aggregated engagement counts: page views, unique visitors per day, and how visitors arrived (e.g. a QR code or a Discord link). No cookies are used and no personal data is stored β€” visitors are counted with a one-way daily hash that cannot identify anyone or track them across days, and the browser's Do-Not-Track signal is respected.
3. How We Use Your Data
  • Authenticate you and maintain your session.
  • Display standings, race results, and driver stats within your league's panel and public landing page.
  • Post automated results, standings, and reminders to your league's Discord server via the bot.
  • Process and track subscription payments and invoice status.
  • Enforce plan limits (series count, active driver count) and apply the correct feature set to your league.
  • Notify you of service updates, billing changes, or account issues.
4. Third-Party Services
  • Discord β€” Authentication and bot integration use Discord's API. Discord's own Privacy Policy governs how Discord handles your data on their end.
  • PayPal β€” All payment processing (subscriptions and invoices) runs through PayPal's servers. We never see or store your payment credentials. PayPal's Privacy Policy governs data PayPal collects during checkout.
  • OVH β€” PitBox is hosted on OVH cloud infrastructure. Server-level access logs may be retained by the hosting provider under their own policies.
5. Data Sharing

BrockDev does not sell, rent, or share your personal data or league data with any third party for marketing or advertising purposes. Data is only disclosed when required by law or to operate the services listed above (Discord API calls, PayPal payment processing).

6. Data Retention

Your league data is retained for as long as your subscription is active. If your account is suspended for non-payment or you cancel, your data is retained for 30 days to allow reactivation with full data recovery. After that window, the league database may be permanently deleted. Discord session data is cleared on sign-out. Webhook event logs are retained for 90 days for audit and idempotency purposes.

7. Security

Each league's data is stored in an isolated MySQL database. All connections are served over HTTPS. Discord OAuth tokens are exchanged server-side and never exposed to the browser. PayPal webhook requests are verified using PayPal's cryptographic signature scheme before any state changes are applied. We apply reasonable technical safeguards, but no system is 100% breach-proof β€” if we become aware of a breach affecting your data, we will notify you promptly.

8. Your Rights

You may request a copy of the data we hold about you, request correction of inaccurate data, or request deletion of your account and associated data (subject to any outstanding billing obligations). To exercise these rights, contact us at the address below. We will respond within 30 days.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to active subscribers. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

Privacy questions or data requests? Reach out on Discord or via brockdev.co.