flye.win — privacy_policy.log

Privacy Policy

Effective Date: June 11, 2026

1. Introduction & Zero-Trust Philosophy

At flye.win, we prioritize the protection and security of your personal data. We operate under a **Zero-Trust** security architecture and a minimal-collection approach. We only collect details that are strictly required to operate the subscription validation pipelines and loader interfaces.

2. Discord Authentication (OAuth2) & Permissions

To prevent password database breaches and streamline access, we use Discord OAuth2 as our exclusive sign-on method. When logging in, the Discord bot requests the following specific permissions:

  • identify: Allows us to retrieve your public Discord identifier, username, and avatar image. This is necessary to create your dashboard profile and present your identity in the web interface.
  • email: Grants access to your Discord email address. We use this for security audit notifications, important billing announcements, and account verification checks.
  • guilds.join: Authorizes our Discord bot to automatically join your account to our official support and announcement guild if you are not already a member. This guarantees you are connected to the customer support desk and receive live software status alerts.

3. What Data We Collect & How We Use It

We collect and process the following specific information during your interactions with our website and application loader:

  • Discord Profile Data: Your Discord ID (which acts as the database primary key to link your active product licenses), username, avatar URL, and email address.
  • Hardware Identifier (HWID): A unique machine fingerprint generated by the client loader when it runs on your system. This fingerprint is captured exclusively to lock your active subscription to a single computer, preventing key-sharing abuse and account piracy.
  • IP Address & Network Metadata: We record your client IP and API query frequencies for rate-limiting, server firewall diagnostics, anti-DDoS mitigation, and anti-fraud monitoring.
  • User Configurations: Custom settings profile mapping layout positions or configuration variables that you deliberately save on our server to coordinate your preferences across sessions.

4. Cryptography & Storage (The Vault)

We secure your data like a vault. Sensitive user records are isolated and protected using industry-standard cryptographic techniques:

  • Zero-Trust Session JWT: User login sessions are authenticated using signed JSON Web Tokens (JWT) issued strictly inside HttpOnly and Secure cookie wrappers. This structure features Lax SameSite cookie flags to prevent Cross-Site Request Forgery (CSRF) and browser cookie sniffing.
  • Transport Security (TLS): All communications between the dashboard, database, and client loader are fully encrypted in transit using strict SSL/TLS protocols.

5. Data Sharing & Third-Parties

We do not sell, rent, lease, or distribute your information to any third parties. All collected profiles are utilized solely for user authorization on flye.win. However, logs of system abuse (e.g., attempts to crack, reverse-engineer, or DDOS server assets) may be documented and shared with firewall partners to mitigate wider threat intelligence vectors.

6. User Rights & Data Deletion

You have the right to request a copy of the data associated with your Discord ID or request the complete erasure of your record from our databases. To initiate a deletion request, please submit a ticket in our official Discord community. Note that deleting your user record will permanently destroy your subscription access, key activations, and config profiles without a refund option.

If you have questions regarding this privacy policy or our data security procedures, please contact us via Discord.