1. Introduction
420 & Games Friends (“we,” “our,” or “us”) operates the Friends platform accessible at this domain. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data. By creating an account or using the platform you agree to the practices described here.
This platform is intended exclusively for adults aged 18 and older. If you are under 18, you may not use this platform.
2. Data We Collect
2.1 Account Data
When you register, we collect your email address, chosen username, display name, and a hashed representation of your password. We never store your plaintext password.
2.2 Profile & Creator Data
Creators who opt into monetization provide a Paxum account email, bio, and optional social links. This information is stored securely and used solely to process payouts and display your public creator profile.
2.3 Network & Device Information
For every authenticated request, our servers automatically record:
- Your IP address (including values passed via
X-Forwarded-Forfrom reverse proxies) - Your browser’s User-Agent string
- Derived device category, operating system, and browser name parsed from the User-Agent
- Session identifier linking related requests
- Timestamp (UTC) of each request
- Request path and HTTP method
This data forms a forensic request log that we maintain for legal compliance, fraud prevention, and platform security. By using the platform you consent to this collection.
2.4 Chat & Communication Logs
All messages sent in live-stream chat rooms are stored. In addition to message content, each record includes:
- Sender user ID and stream ID
- A SHA-256 content hash of the message
- A tamper-evident chain hash linking to the previous audit record
- The IP address and User-Agent of the sender at time of sending
- Timestamp (UTC)
You should have no expectation of privacy in live chat rooms. Chat messages are visible to all viewers in the room and are permanently stored for moderation, safety, and legal compliance purposes.
2.5 Payment & Transaction Data
We record coin purchases, subscription payments, and tips. Financial instrument details (card numbers, bank account numbers) are handled entirely by our payment processor (Paxum) and are never stored on our servers. We retain transaction identifiers, amounts, and timestamps.
2.6 Usage Data
We may record which streams you viewed, content you unlocked, and platform features you used to improve the service and administer your account.
3. How We Use Your Data
- To authenticate you and maintain the security of your account
- To process payments and deliver purchased content or subscriptions
- To moderate the platform and enforce our Terms of Service
- To detect and prevent fraud, abuse, and illegal activity
- To respond to lawful legal process, including court orders and subpoenas
- To maintain tamper-evident audit trails for legal compliance
- To send transactional notifications (subscription renewals, tip receipts, etc.)
We do not sell your personal information to third parties. We do not use your data for advertising profiling outside this platform.
4. Legal Disclosure & Law Enforcement
We may disclose account information, request forensic logs, chat audit records, and any other stored data to law enforcement agencies, courts, or other government authorities when:
- Required by a valid court order, subpoena, or warrant
- Required by applicable law or regulation
- Necessary to protect the safety of any person
- Necessary to prevent or investigate suspected illegal activity, including CSAM
We maintain structured, tamper-evident forensic logs specifically to facilitate accurate and complete responses to lawful legal process. All exports generated in response to subpoenas are themselves logged (who generated the export, when, and the scope of the request).
Law enforcement agencies or legal representatives may contact us at the address in Section 9.
5. Data Retention
| Category | Retention Period |
|---|---|
| Account data | Duration of account + 7 years after closure |
| Request forensic logs | 2 years |
| Chat audit logs | 7 years |
| Transaction records | 7 years (financial regulation) |
| Media content | Until deleted by creator or account closure |
| Subpoena export audit | Permanent |
6. Data Security
All data is stored in encrypted PostgreSQL databases hosted on Railway’s infrastructure. Connections require TLS. Passwords are hashed using a strong one-way algorithm. Stream keys are hashed before storage. Chat audit records use SHA-256 hash chaining to detect any tampering. We conduct regular security reviews.
Despite these measures, no system is 100% secure. If you believe your account has been compromised, contact us immediately.
7. Cookies & Tracking
We use HTTP-only cookies to store your session refresh token. We do not use third-party advertising cookies or tracking pixels. We do not use Google Analytics or similar surveillance-based analytics. Session data is stored server-side.
8. Your Rights
You may request:
- Access — a copy of the personal data we hold about you
- Correction — correction of inaccurate data
- Deletion — deletion of your account and associated personal data, subject to legal retention requirements (financial records, audit logs required for legal compliance cannot be purged early)
- Portability — export of your data in a machine-readable format
To exercise these rights, contact us using the details in Section 9. We will respond within 30 days. Note that deletion requests cannot override statutory or regulatory retention obligations.
9. Contact
For privacy inquiries, data requests, or law enforcement legal process contact:
420 & Games Friends — Privacy
Email: privacy@420andgames.com
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on the platform. Continued use after the updated policy’s effective date constitutes acceptance.