Personal Data Processing

1. Operator and contact

Personal data is processed within the Relict Pro platform and the Relict ID access service. All requests regarding personal data, account data, access restrictions, or security events must be sent only to web@relict.pro. No other public contact channel, support deadline, or response format is guaranteed.

2. Data categories

The platform may process e-mail address, display name, account identifier, account status, password hash, two-factor authentication status, anti-phishing phrase, security settings, roles, permissions, ACL rules, application consents, OAuth/OIDC scopes, session metadata, device name, user agent, technical request metadata, timestamps, audit events, token metadata, and cryptographic token hashes.

3. Processing purposes

Data is processed for registration, sign-in, authentication, authorization, profile management, session control, application access, consent management, role and permission management, security monitoring, abuse prevention, incident analysis, audit, technical diagnostics, administration, and protection of connected systems.

4. Basis of processing

Processing may be based on the user’s consent, acceptance of the Terms, technical necessity for account operation, security necessity, legitimate administrative interests, or mandatory legal requirements where applicable. If a specific legal basis is required by mandatory law, processing is limited to the basis that applies to the actual scenario.

5. Storage and retention

Data is stored only while it is technically, administratively, or legally relevant for account operation, security, access management, audit, anti-abuse measures, or connected application support. Relict Pro may delete, anonymize, aggregate, restrict, or retain records where required for security, audit, legal protection, or technical integrity. Expired or revoked tokens are not stored as plaintext values.

6. Security

Relict Pro may use password hashing, token hashing, session revocation, two-factor authentication, CSRF protection, redirect URI validation, trusted host checks, audit logs, rate limiting, administrative permissions, and other technical controls. No technical or organizational measure can guarantee absolute protection, uninterrupted availability, or complete absence of unauthorized actions.

7. Connected applications and third parties

Connected applications may receive account attributes, technical identifiers, scopes, roles, permissions, and consented profile data required for authorization. Relict Pro is not responsible for independent processing performed by external applications, external administrators, service owners, hosting providers, user devices, browsers, networks, or third-party infrastructure outside the Relict Pro control perimeter.

8. User requests

The user may send a request to access, update, restrict, or delete account data to web@relict.pro. Relict Pro may request additional identification and may refuse, limit, or postpone a request where this is required or permitted by law, security, audit preservation, abuse prevention, technical feasibility, or protection of other users and connected systems.

9. No guarantee of result

Sending a request does not guarantee immediate processing, full deletion, restoration of access, preservation of data, correction of third-party records, compensation, or a specific technical outcome. Mandatory legal rights, where applicable, are respected only within the limits and procedures required by mandatory law.

10. Changes

This page may be updated when the platform, security model, connected applications, storage logic, or mandatory rules change. Continued use of Relict ID means acceptance of the current version of this page and the current Terms.