NOTICE. You are currently visiting the staging environment intended for development and testing purposes only.

NOTICE. You are currently visiting the staging environment intended for development and testing purposes only.

An unhandled error has occurred. Reload 🗙

Privacy Policy

2026-06-01 (updated 2026-05-22)

Updated: 2026-05-22

Effective from: 2026-06-01

Controller / operator: Daniel Dolejška
Registered office / mailing address: Citizen iD is operated as a fully online informal project and does not publish a separate physical office address. Contact us electronically using the addresses below.
Privacy, legal, support, content, and copyright contact: hi@citizenid.space
Security contact: admin@citizenid.space
Official support Discord: https://discord.citizenid.space — dedicated community server ID 1401938319843004416
Main establishment: Czech Republic.
Data Protection Officer: No Data Protection Officer has been appointed.
EU representative: Not required because the operator is established in the European Union.
UK representative: Not appointed. UK users may contact the operator directly at hi@citizenid.space.

Citizen iD is a Star Citizen community identity platform and federated OAuth2/OpenID Connect identity provider. This Policy explains how we collect, use, disclose, retain, and protect personal data when you use Citizen iD.

Citizen iD is not operated by, endorsed by, sponsored by, or affiliated with Cloud Imperium Games, Roberts Space Industries, Star Citizen, Discord, Google, Twitch, or any other third-party provider unless that provider expressly states otherwise.

1. Scope

This Policy applies to:

  • visitors to the Citizen iD website;
  • people who create or use a Citizen iD account;
  • people who verify an RSI account through Citizen iD;
  • people who authorize an OAuth/OIDC application to receive Citizen iD identity claims;
  • community staff, developers, integrators, moderators, and administrators using Citizen iD community or developer features;
  • people who interact with the Citizen iD Discord bot, Discord linked-role integration, role sync, or nickname features;
  • people who contact us for support, security, moderation, copyright, privacy, or legal matters.

Third-party services, Discord servers, OAuth client applications, RSI/Spectrum pages, community websites, and external asset hosts are not controlled by Citizen iD. Their own privacy policies and terms apply.

2. Plain-language summary

Citizen iD uses personal data to let you sign in, verify that you control a Star Citizen RSI account, share selected identity claims with applications you authorize, operate Discord integrations, support communities, secure the service, and respond to support or legal requests.

Citizen iD does not collect government identity documents, payment-card data, biometric templates, face scans, liveness videos, KYC/AML data, sanctions-screening data, criminal-history data, or AI prompts/outputs under the current service design.

Citizen iD does not sell personal data, does not share personal data for cross-context behavioral advertising, and does not use advertising pixels or retargeting tools.

3. Data we collect

3.1 Account and sign-in data

When you sign in or create an account, we may process:

  • internal account ID;
  • username and display name;
  • email address, if provided by a linked provider and usable for your account;
  • linked provider identifiers, account claims, profile claims, and avatar/profile data from Discord, Google, Twitch, Citizen iD federation, RSI/Spectrum, or similar configured providers;
  • authentication, authorization, session, token, and security metadata;
  • account roles and statuses, such as Citizen, Verified, Integrator, Partner, Moderator, Admin, SuperAdmin, Banned, or similar service roles.

Citizen iD currently relies on external sign-in providers and application cookies. It does not operate a local password sign-in flow.

3.2 RSI verification and Star Citizen profile data

If you verify an RSI account, we ask you to provide your RSI handle or username and place a generated verification string into your RSI profile bio or another public RSI/Spectrum profile field. We check that public profile to confirm that you control the RSI account.

We may collect, store, and periodically refresh public RSI/Spectrum information, including:

  • RSI handle, username, Spectrum ID, citizen ID, community moniker, title, avatar URL, website, profile bio, location text, languages, joined date, updated date, and related profile visibility signals;
  • primary organization and organization memberships, ranks, visibility/redaction status, and related public organization data;
  • verification status and the relationship between your Citizen iD account and your RSI account.

RSI verification is a trusted game-account ownership check. It is not legal identity verification, age verification, government-ID verification, biometric verification, KYC, AML, sanctions screening, or criminal-record screening.

Do not place sensitive personal data in your RSI profile bio, location field, community metadata, OAuth application metadata, Discord nickname, or branding asset descriptions. Those fields may be copied from public sources or shown to other users, communities, Discord integrations, or authorized applications depending on your settings and the feature used.

3.3 Profile and privacy settings

You may provide or change:

  • display name;
  • username;
  • profile discovery settings;
  • Discord discovery settings;
  • settings affecting what other users, communities, Discord integrations, or authorized applications can see.

Public profile discovery controls unauthenticated public profile and public avatar visibility. Authorized OAuth/OIDC applications may still receive profile, avatar, RSI, Discord, or other scoped claims when you authorize those scopes, even if public profile discovery is disabled.

3.4 OAuth/OIDC authorization data

When you authorize an application, we process:

  • the client application identity;
  • requested scopes and claims;
  • your consent decision;
  • authorization, access-token, ID-token, and refresh-token metadata;
  • claims disclosed to the authorized application, which may include account, profile, email, role, provider, Discord, RSI, and community-related claims depending on the requested scope and your consent.

You should authorize only applications you trust. After an application receives data at your direction, that application’s own privacy practices apply to its use of that data.

3.5 Community, developer, and branding data

Community staff, developers, and integrators may provide:

  • community name, slug, homepage URL, Discord server ID, description, relationship metadata, and staff membership data;
  • OAuth application metadata, including app name, client ID, redirect URIs, post-logout URIs, application type, consent type, scopes, roles, and requirements;
  • branding asset URLs, titles, descriptions, alt text, content hash, dimensions, moderation status, and staff review notes.

3.6 Discord integration data

If you link Discord or interact with the Citizen iD Discord bot, we may process:

  • Discord user ID, username, avatar, OAuth tokens/scopes, guild IDs, member IDs, role IDs, nickname preferences, linked-role metadata, and role-sync settings;
  • account status signals such as whether your Citizen iD account is active, public, banned, or verified;
  • public RSI username or verified status, depending on your privacy settings and the configuration of the participating Discord server.

Participating Discord servers may enforce their own rules and may automatically change Discord roles or server nicknames based on their configuration. Those decisions are under the discretion of the relevant Discord server owners and moderators.

3.7 Analytics, telemetry, cookies, and logs

We use technical cookies and similar technologies for authentication, external-login security, antiforgery protection, authorization, abuse prevention, and session management.

Optional analytics through PostHog EU are disabled unless you allow them through Privacy Preferences, or unless the deployment is configured in a strictly anonymous, consent-exempt mode described in the Cookie Notice.

PostHog EU analytics may help us understand aggregate and account-level product usage, diagnose reliability issues, and improve the service. Session recording is disabled. Analytics events are retained for up to 3 months.

Authenticated analytics may use an internal account subject ID and verification-status property only after analytics is accepted. We do not use PostHog for advertising, retargeting, sale or sharing of personal data, or cross-site behavioral advertising.

We may collect operational logs, metrics, and traces, such as request metadata, error data, security events, IP address, device/browser information, and timestamps, where needed to operate, secure, debug, and improve the service.

3.8 Support, reports, and communications

If you contact us by email, Discord, Discord tickets, Tickets Bot, or another support channel, we may process your message, contact details, account identifiers, and information needed to investigate and respond.

4. Sources of personal data

We collect personal data from:

  • you, when you create an account, change settings, verify RSI, authorize applications, submit community/application/branding data, or contact us;
  • external sign-in providers such as Discord, Google, Twitch, or Citizen iD federation;
  • RSI/Spectrum and related Star Citizen public profile or organization sources;
  • Discord APIs, bots, guilds, and linked-role integrations;
  • third-party OAuth client applications and community administrators when they configure services that interact with Citizen iD;
  • automatic collection from your browser, device, network requests, cookies, telemetry, logs, and analytics tools.

If GDPR, UK GDPR, or similar law applies, we rely on the following legal bases:

Purpose Examples Legal basis
Provide the service Account creation, sign-in, sessions, profile settings, OAuth/OIDC authorization, data export Contract
RSI verification Confirm control of an RSI account, grant verified status, refresh public RSI profile/org data Contract; legitimate interests in service integrity; consent where we ask for a specific optional sync or disclosure
OAuth/OIDC disclosures Share selected claims with applications you authorize Consent for scoped disclosure; contract where needed to deliver the requested integration
Discord integrations Linked roles, role sync, nickname sync, bot support Contract; legitimate interests; consent for optional Discord linking/scopes
Community and developer tools Manage communities, applications, roles, scopes, branding, and staff access Contract; legitimate interests
Security and abuse prevention Prevent impersonation, duplicate RSI bypass, ban evasion, account compromise, fraud, spam, security incidents, API abuse Legitimate interests; legal obligation where applicable
Analytics and reliability Product analytics, reliability monitoring, debugging, service improvement Consent for optional analytics; legitimate interests only for strictly anonymous, consent-exempt analytics and operations where applicable
Support and legal requests Respond to user requests, privacy requests, content reports, security reports, or legal notices Contract; legitimate interests; legal obligation
Compliance and dispute handling Maintain necessary records, respond to authorities, enforce terms, defend claims Legal obligation; legitimate interests

You may withdraw consent where processing is based on consent. Withdrawal does not affect processing already completed before withdrawal, and it may not affect processing that continues under another legal basis.

6. Sharing and recipients

We may disclose personal data to the following categories of recipients:

  • OAuth/OIDC applications you authorize. These applications may receive scoped claims after you approve authorization. They are generally independent services/controllers unless a separate written agreement says otherwise.
  • Discord and participating Discord servers. Discord data may be used for login, linked roles, role sync, nickname sync, bot features, and support. Discord server owners and moderators are responsible for their own server rules and use of data they receive.
  • RSI/Roberts Space Industries/Spectrum and related public Star Citizen sources. We query or retrieve public profile and organization data for game-account ownership checks and sync.
  • Authentication providers. Discord, Google, Twitch, Citizen iD federation, or other configured providers process data when you use them to sign in.
  • Analytics and reliability providers. PostHog EU may be used for optional analytics and reliability after analytics is accepted, or in a strictly anonymous, consent-exempt mode described in the Cookie Notice. Logs, metrics, and traces are operated within the EU.
  • Hosting and infrastructure providers. Core production infrastructure, database, backups, Redis/cache, logs, and metrics are operated in the EU. Cloudflare is used as CDN/network infrastructure.
  • Support tools. We may use Discord and Tickets Bot to receive and respond to support, content, copyright, moderation, security, or privacy requests.
  • Security and secrets providers. 1Password is used for secrets management. GitHub/GHCR and self-hosted EU deployment infrastructure are used for code, CI/CD, deployment, and container distribution. Production personal data is not intended to be stored in CI/CD logs.
  • Frontend asset providers. Google Fonts and jsDelivr may receive browser request metadata if those assets are loaded externally rather than self-hosted.
  • Authorities or legal recipients. We may disclose data where required by law, court order, lawful authority request, or to protect rights, safety, security, and service integrity.

7. Cookies and analytics

See the Cookie Notice for the detailed cookie and similar-technology inventory.

In summary:

  • necessary cookies and similar technologies are used for authentication, external-login security, antiforgery protection, authorization, and session management;
  • external OAuth correlation cookies are temporary and are used to protect sign-in flows;
  • most application security/session cookies are retained for up to 14 days unless cleared earlier;
  • optional PostHog EU analytics are disabled unless you allow them through Privacy Preferences, or unless the deployment is configured in a strictly anonymous, consent-exempt mode described in the Cookie Notice;
  • Session recording is disabled;
  • analytics events are retained for up to 3 months;
  • analytics are used for product analytics and reliability, not advertising, retargeting, sale or sharing of personal data, or cross-site behavioral advertising;
  • Citizen iD does not currently sell personal data or share personal data for cross-context behavioral advertising.

8. Retention

We retain personal data only as long as needed for the service, security, abuse prevention, legal compliance, dispute handling, and the purposes described in this Policy.

Data category Retention approach
Active account, profile, provider-link, community, developer, and OAuth authorization data Retained while the account, community, application, authorization, or integration is active, and for a limited period afterward where needed for security, abuse prevention, dispute handling, or legal reasons.
RSI verification records Retained after verification and, where necessary, after account closure to prevent duplicate verification, abuse, ban evasion, impersonation, or trust-system bypass.
OAuth access and ID tokens Up to 4 hours.
OAuth refresh tokens Up to 14 days.
External OAuth correlation cookies Approximately 5 minutes.
Application security/session cookies Up to 14 days unless cleared or expired earlier.
Discord credentials and tokens Retained while Discord is linked and removed or refreshed when invalid, unauthorized, expired, or no longer needed.
Analytics events Analytics events are retained for up to 3 months.
Logs, traces, and metrics Retained for operational, debugging, security, and abuse-prevention needs, normally no longer than necessary unless an incident, investigation, or legal need requires longer retention.
Support, content, copyright, security, and privacy request records Retained as needed to handle the request, keep an audit trail, prevent abuse, and defend or establish legal rights.
Backups Stored in the EU and overwritten or deleted according to operational backup schedules. Deletion from active systems may not immediately remove data from backups, but backup data is not restored except for security, continuity, or disaster-recovery reasons.

9. Account closure and deletion

Self-service account deletion is not currently available. To request account closure, anonymization, deletion, or privacy assistance, contact hi@citizenid.space from a verified account-linked provider/identifier or provide enough information for us to verify your request.

When an account is closed, the account is disabled and anonymized where reasonably possible. Some data may remain where necessary, including:

  • RSI account verification records, if verification was performed, to prevent duplicate verification, abuse, ban evasion, impersonation, or trust-system bypass;
  • security, abuse, ban, moderation, support, legal, and audit records;
  • data that must be retained to comply with law or defend legal claims;
  • data in backups until overwritten under backup schedules;
  • community, application, branding, staff, OAuth authorization, or integration records that are retained by the relevant community/application unless deleted beforehand or unless a valid deletion request requires removal.

Public profile pages become unavailable after account closure. External applications, Discord servers, and communities that previously received data may continue to hold that data under their own policies; contact them directly for requests about data they control.

RSI verification unlinking is not self-service because it is used for trust, anti-abuse, and ban-evasion controls. You may request review at hi@citizenid.space.

10. Hosting and international transfers

Citizen iD’s core production infrastructure, database, backups, Redis/cache, logs, metrics, optional PostHog analytics, and self-hosted deployment infrastructure are intended to operate in the European Union.

Some third-party services may process data through their own infrastructure when you use them or when they are necessary for the feature, including Discord, Google, Twitch, RSI/Spectrum, Cloudflare, GitHub/GHCR, 1Password, Google Fonts, jsDelivr, Discord support tools, and OAuth/OIDC applications you authorize. Those third parties may process data in accordance with their own terms, policies, infrastructure, and transfer mechanisms.

Where we initiate a restricted international transfer subject to GDPR, UK GDPR, or similar law, we rely on an appropriate transfer mechanism such as adequacy, Standard Contractual Clauses, the UK Addendum/IDTA, Data Privacy Framework participation where valid and applicable, provider data-processing terms, or another lawful mechanism.

11. Your privacy rights

Depending on where you live and which law applies, you may have rights to:

  • access personal data;
  • receive a copy of personal data in a portable format;
  • correct inaccurate data;
  • delete data;
  • restrict processing;
  • object to processing based on legitimate interests or direct marketing;
  • withdraw consent;
  • complain to a supervisory authority;
  • request human review of certain automated or moderation-related decisions where applicable.

Citizen iD provides an in-product export as a ZIP file containing machine-readable JSON. Custom export formats are not supported.

Some data can be corrected in account settings, including username, display name, and discovery settings. OAuth app authorizations can be revoked in-product. Other requests should be sent to hi@citizenid.space.

We verify privacy requests using a verified account-linked provider/identifier or other information sufficient to confirm that the request is legitimate. We normally respond within one month for GDPR/UK GDPR requests and within 45 days for California-style requests where those laws apply, unless a lawful extension applies.

Deletion, objection, or restriction requests may be limited where retention or processing is necessary for security, abuse prevention, legal claims, legal obligations, backup integrity, RSI anti-abuse retention, or operation of a service you requested.

12. California and U.S. state privacy notice

Citizen iD is currently operated as an informal project, is not for-profit, does not do business in California in the sense of the CCPA/CPRA thresholds, and does not meet the stated revenue, data-volume, or sale/share thresholds for CCPA/CPRA coverage.

Even so, this section gives a California-style summary:

  • Categories collected: identifiers, account data, internet or electronic network activity, profile settings, RSI public profile data, Discord data, OAuth authorization data, community/developer data, support data, and security/operations data.
  • Sources: you, linked providers, RSI/Spectrum public sources, Discord, authorized applications, community administrators, and automatic technical collection.
  • Purposes: account operation, verification, OAuth/OIDC authorization, Discord integrations, community/developer tools, security, support, analytics, reliability, legal compliance, and abuse prevention.
  • Sale/share: Citizen iD does not sell personal data and does not share personal data for cross-context behavioral advertising.
  • Sensitive personal information: Citizen iD does not intentionally collect CCPA/CPRA sensitive personal information such as government ID numbers, precise geolocation, biometric templates, health data, or payment-card data. RSI profile fields may contain user-entered public text; do not place sensitive information there.
  • Targeted advertising: Citizen iD does not use targeted advertising, retargeting, or advertising pixels.
  • Rights: if a state privacy law applies, you may request access, correction, deletion, portability, and non-discrimination, and you may use an authorized agent where legally required after appropriate verification.

13. Minors

Citizen iD is not directed to children. You must be at least 16 years old to use Citizen iD. Users under 18 must have permission from a parent or legal guardian.

Users under 13 are not allowed to use Citizen iD. Citizen iD does not intentionally collect date of birth, does not perform age verification, and does not knowingly collect personal data from children under 13. If we learn that an underage account was created, we may restrict, disable, delete, or anonymize the account as legally required while retaining limited records needed for security, abuse prevention, and legal compliance.

14. Automated checks

Citizen iD uses deterministic automated checks for RSI verification, scheduled RSI unverification, Discord role sync, Discord nickname sync, and banned-account access controls.

These checks may affect whether you receive verified status, whether a connected Discord server updates your roles or nickname, or whether you can access parts of Citizen iD. They are not AI systems, do not make legal identity decisions, and are not intended to make legally significant decisions about you.

You may request limited operator review of RSI verification, scheduled unverification, banned-account status, branding moderation, or similar service-integrity decisions by contacting hi@citizenid.space or using the official Discord support channel.

15. Security

We use technical and organizational measures intended to protect personal data, including external authentication, authorization controls, role-based access, token lifetimes, rate limits, security cookies, antiforgery protection, encrypted transport, secrets management, and operational monitoring.

No online service can guarantee perfect security. Report suspected vulnerabilities or account-security issues to admin@citizenid.space.

16. Complaints

Contact us first at hi@citizenid.space so we can try to resolve your concern.

If GDPR applies, you may also complain to a supervisory authority. Because Citizen iD’s main establishment is the Czech Republic, the relevant Czech supervisory authority is:

Úřad pro ochranu osobních údajů,
Pplk. Sochora 27,
170 00 Praha 7,
Czech Republic

You may also contact a supervisory authority in the EU/EEA country where you live, work, or believe a violation occurred.

17. Changes

We may update this Policy when the service, providers, law, or operating practices change. Material changes will be posted on the website and, where appropriate, communicated through the service or official support channels.