Data Security & Privacy

Learn how we protect your data and ensure your privacy on our platform

Security Overview

At Univer, we take your data security and privacy seriously. We implement industry-standard security measures and follow best practices to protect your information.

Data Protection

Your data is encrypted and stored securely with minimal collection practices

Encryption

All sensitive data is encrypted using modern cryptographic standards

Infrastructure

Secure servers with regular updates and monitoring

Security Measures

Account Security

  • Passwords encrypted with bcrypt (industry standard)
  • Secure session management with HttpOnly cookies
  • Secure remember me tokens with expiration
  • Optional Discord OAuth2 integration

Data Protection

  • All sensitive data encrypted at rest
  • We collect only essential information
  • Regular encrypted backups with secure storage
  • Automatic cleanup of expired data

Technical Security

  • HTTPS encryption for all communications
  • CSRF protection against cross-site attacks
  • Rate limiting to prevent abuse
  • Comprehensive input validation and sanitization
  • Security headers to prevent XSS and clickjacking

Data Collection Transparency

What We Collect

  • Username (no real names required)
  • Encrypted password (never stored in plain text)
  • Discord ID (only if you link your account)
  • Last login IP (for security monitoring)
  • Purchase history (for account management)

What We DON'T Collect

  • Real names or personal identification
  • Email addresses (not required)
  • Phone numbers or contact information
  • Personal files or documents
  • Browsing history or tracking cookies

Your Rights

Access Your Data

View all data we have about your account at any time

Modify Your Data

Update or correct your account information

Delete Your Data

Request complete account and data deletion

Export Your Data

Download your data in a portable format

Security Technologies

Encryption & Authentication

bcrypt password hashing (cost factor 12)
AES-256 encryption for sensitive data
RSA-2048 for secure key exchange
Secure, HttpOnly, SameSite cookies

Attack Prevention

CSRF tokens on all state-changing operations
Rate limiting on authentication endpoints
Input validation and XSS prevention
Prepared statements prevent SQL injection

Contact & Support

Security Concerns

If you discover a security vulnerability or have concerns about data protection, please contact us immediately.

Security Contact: Discord Contact

Data Requests

For data access, modification, or deletion requests, please use our support system.

Support System: Support System

Last updated: October 2, 2025