Star Citizen Org Tools

SC Org.Tools ("we", "us", "our") is a suite of community tools for Star Citizen organisations and players. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

When you sign in, we store the following information linked to your account:

• Authentication data — your Google or Discord account identifier, used solely for sign-in.
• RSI handle — your in-game name, provided during registration or verification.
• Fleet data — ships you manually add or import from CCU Game.
• Org membership — which organisation you belong to and your roles within it.
• Mining & operations data — data you create when using the mining calculator or ops tools.
• Contracts & ratings — contracts you create or accept, and associated ratings and comments.

We use only functional cookies that are strictly necessary for the site to operate:

• Session cookie — maintains your login session. Expires when you close your browser or after 7 days of inactivity.
• Cookie notice cookie — remembers that you dismissed the cookie notice. Expires after 1 year.

We do not use any analytics, tracking, or advertising cookies. No third-party tracking scripts are loaded.

Your data is used exclusively to provide the features of this site — fleet management, org management, mining tools, contracts, and related functionality. We use your data to:

• Display your fleet and org information to you and (where applicable) your org managers.
• Operate contracts, ratings, and ops tools.
• Generate completely anonymised, aggregated statistics (e.g., the public Ship Stats page). Individual user data cannot be identified from these statistics.

We do not sell, trade, or share your personal data with any third parties.

Your fleet data may be visible to your org managers if you have chosen to share it (configurable in your fleet settings). Public contracts are visible to other logged-in users by design.

If AI-powered content moderation is enabled (see below), the text of user-submitted content may be sent to OpenAI for safety screening. No personal identifiers (name, email, account ID) are included in these requests — only the content text itself. See the Content Moderation section below for details.

We use HTTPS encryption for all connections, secure and HTTP-only session cookies, and prepared database statements to protect your data. Access to the database and server is restricted to site administrators.

To maintain a safe and welcoming community, user-submitted content (such as contracts, comments, and in-game names) is automatically screened for harmful material including hate speech, harassment, threats, and other policy violations.

Local filtering — all submitted text is checked against keyword and pattern-based filters that run entirely on our servers. No data leaves our infrastructure for this step.

AI-powered moderation — an additional AI safety layer powered by OpenAI's Moderation API. When enabled:

• The text content only of user submissions is sent to OpenAI for classification. No usernames, email addresses, account IDs, or other personal identifiers are included in the request.
• OpenAI's Moderation endpoint is a free, purpose-built safety tool — it does not use submitted content for model training. See OpenAI's usage policies for details.
• Content is queued and processed asynchronously — it does not delay your submissions.
• If the AI flags content as potentially harmful, it is routed for human review by site moderators. No automated action is taken without administrator oversight.

Moderation results (flagged categories and confidence scores) are retained for up to 30 days for review purposes and then automatically purged. The original submitted text stored in the moderation queue is deleted during the same cleanup cycle.

Your data is retained as long as your account exists. If you wish to have your account and all associated data deleted, please contact us via our Discord server and we will process your request.

Under the GDPR and similar regulations, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to processing of your data.

To exercise any of these rights, please contact us via Discord.

We may update this policy from time to time. Changes will be reflected by the "last updated" date at the top of this page.