Privacy Policy

This Privacy Policy explains how Okane (“we”, “us”) collects and processes personal data when you use the tools that help organizers sync Magic: The Gathering™ Eventlink results to Unity League, including the web app, the “Eventlink → Unity Sync Helper” browser extension, and related backend APIs (collectively, the “Service”).

If you do not agree with this Policy, please do not use the Service.

1) Summary

• No passwords. We do not ask for or store passwords for Eventlink or Unity.
• Access tokens only. With your permission, the browser extension reads your authenticated session (e.g., cookies or access tokens). An access token is sent over HTTPS to our backend solely to perform Unity API actions on your behalf (e.g., create/update an event, upload results).
• Transient processing. Tokens are used to fulfill your request and are not persistently stored. Aside from transient in-memory processing (and short-lived retry buffers if needed), tokens are discarded after the operation completes. Tokens are not written to logs.
• Minimal logs/metrics. We keep non-sensitive operational logs (e.g., timestamps, event IDs, success/failure) to operate and improve the Service.

2) What data we process

• Eventlink data you select: standings, player names/usernames as shown to organizers, match results, event metadata (date, time, format).
• Unity event data: event name/date/time/format/category, participant identifiers, upload status, and Unity event IDs created/updated by the Service.
• Auth artifacts: access tokens and session cookies from Eventlink and/or Unity, obtained from your active browser session via the extension (not passwords).
• Operational metadata: timestamps, request IDs, non-sensitive status/error messages.
• Device/technical data: basic browser info and IP address as part of normal HTTPS requests.

3) How we obtain data

• From you, when you use the Service and choose an Eventlink event to sync.
• From your browser session via the Helper extension (with your permission) to read session cookies/access tokens.
• From Unity’s APIs, when creating/updating events or uploading results as instructed by you.

4) Purposes of processing

• To read Eventlink data you select and prepare it for Unity.
• To call Unity APIs (using your access token) to create/update events and upload results.
• To operate, secure, and improve the Service (logging, debugging, abuse prevention).
• To communicate with you about the Service (support and updates).

5) Legal bases (GDPR)

• Performance of a contract (Art. 6(1)(b)): providing the functionality you requested (syncing data to Unity).
• Legitimate interests (Art. 6(1)(f)): operating, securing, and improving the Service; preventing abuse; troubleshooting.
• Consent (Art. 6(1)(a)): where required (e.g., optional cookies or optional diagnostics, if enabled).

6) Retention

• Access tokens & session cookies: processed transiently to complete your request and not persistently stored. Tokens are not written to logs.
• Operational logs/metrics: kept for a limited period necessary for operations and security (e.g., diagnosing issues, preventing abuse), then deleted or anonymized.
• Unity event identifiers & audit fields: retained as part of normal operation records.

7) Sharing & processors

We do not sell your data. We may use standard infrastructure/service providers (e.g., hosting, monitoring) as processors acting on our instructions and bound by appropriate data processing terms. We share data with Unity only to perform the actions you request (e.g., create/update an event, upload results).

8) International transfers

If data is transferred outside the EEA, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) or adequacy decisions, where applicable.

9) Security

• Transport encryption (HTTPS) for data in transit.
• Principle of least privilege for service components.
• No persistent storage of access tokens; tokens are not written to logs.
• Operational monitoring and rate limiting to mitigate abuse.

10) Your rights (GDPR)

Depending on your location, you may have rights to access, rectify, erase, restrict, or object to processing, and to data portability. You also have the right to lodge a complaint with Datatilsynet (Norway).

To exercise your rights, contact us at post@okane.no.

11) Cookies & local storage

We use a minimal set of cookies/local storage items to operate the Service:

• Cookies that records that you accepted our Terms (expires ~1 year).

The Helper extension may read Eventlink session cookies in your browser (with your permission) to obtain an access token needed to perform Unity actions; this does not store passwords and is limited to fulfilling your request.

12) Children

The Service is intended for organizers and is not directed to children. If you believe we have collected personal data from a child, contact us and we will take appropriate action.

13) Changes to this Policy

We may update this Policy from time to time. We will post the updated version here and, if changes are material, provide an in-product notice. Continued use of the Service after an update means you accept the changes.

14) Contact

Questions or requests regarding this Policy? Contact us at post@okane.no.