Eorzea Estates

Privacy Policy

Last updated: March 10, 2026

1. Who We Are

Eorzea Estates is a fan-made housing directory for Final Fantasy XIV players. For privacy inquiries, contact us at privacy@eorzeaestates.com.

2. Data We Collect

  • Account data: Discord OAuth profile (user ID, username, avatar, email address)
  • Character data: FFXIV character name, server, and profile information fetched from the Lodestone
  • Lodestone character data: When you choose to verify a character, we fetch publicly available data (character name, server, Free Company, avatar, etc.) from the FFXIV Lodestone. This data is collected only at your explicit request and is not shared with third parties.
  • User content: Estate listings, comments, likes, uploaded images
  • Technical data: Session tokens (JWT), timestamps of account creation and activity

3. Purpose of Processing

  • Providing the estate directory and related services
  • Authenticating your identity
  • Displaying character and estate profiles to other users
  • Sending transactional notifications about account activity (e.g. FC estate ownership changes)

4. We Do Not Sell Your Data

Eorzea Estates does not sell, rent, trade, or otherwise share your personal information with third parties for their commercial purposes. This applies to all users, including California residents under the California Consumer Privacy Act (CCPA/CPRA).

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data (profile, listings, comments, likes) will be permanently removed within 30 days. Anonymized, aggregated data may be retained for service improvement.

6. Your Privacy Rights

Depending on your location, you may have rights including:

  • Access — Request a copy of all personal data we hold about you
  • Correction — Correct inaccurate or incomplete data
  • Deletion — Request deletion of your personal data
  • Portability — Receive your data in a structured, machine-readable format
  • Opt-out of sale — We do not sell data, so this right is already satisfied

California residents (CCPA/CPRA): You have the right to know what personal information is collected, to delete it, to correct it, and to opt out of its sale (we do not sell it). To exercise your rights, email privacy@eorzeaestates.com. We will respond within 45 days as required by law.

EU/EEA residents (GDPR): Legal basis for processing is consent (account creation), contract performance, and legitimate interest (service operation) per GDPR Art. 6. You also have the right to lodge a complaint with your local supervisory authority.

For all other requests, email privacy@eorzeaestates.com.

7. Cookies

Eorzea Estates uses only essential session cookies required for authentication (Auth.js). We do not use analytics, tracking, or advertising cookies. See our Cookie Policy for details.

8. Third-Party Services

We use the following third-party services to operate this site. Each has access only to the data necessary to perform their function:

  • Discord OAuth (Discord Inc.): Used for sign-in. We receive your Discord user ID, username, avatar, and email. See Discord's Privacy Policy.
  • FFXIV Lodestone (Square Enix): When you verify a character, we access publicly available Lodestone profile pages. No private Square Enix data is accessed.
  • Cloudinary (Cloudinary Ltd.): Used to store and serve estate listing images you upload. Images are stored on Cloudinary's servers. See Cloudinary's Privacy Policy.
  • Resend (Resend Inc.): Used to send transactional emails (e.g. estate transfer notifications). Your email address is transmitted to Resend solely to deliver these messages. See Resend's Privacy Policy.
  • Supabase (Supabase Inc.): Provides the PostgreSQL database where your account and estate data is stored. See Supabase's Privacy Policy.
  • Vercel (Vercel Inc.): Hosts and serves the application. Vercel may process request metadata (IP address, browser agent) as part of normal web hosting. See Vercel's Privacy Policy.

9. Data Security

We use HTTPS encryption in transit, OAuth authentication, and JWT-based sessions. Access to the database is restricted to authorized personnel only. In the event of a data breach that affects your personal information, we will notify affected users as required by applicable U.S. state law.

10. Children's Privacy (COPPA)

Eorzea Estates is not directed to children under 13 years of age and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@eorzeaestates.com and we will promptly delete the information. The service requires users to be at least 18 years old.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via the platform. The "last updated" date at the top of this page reflects the most recent revision. Continued use after changes constitutes acceptance.

12. Contact

For any privacy-related questions or requests, contact us at privacy@eorzeaestates.com.