Legal & Guidelines

Terms of Service Privacy Policy Evidence Guidelines

Terms of Service

Last Updated: 21 August 2025

1. Acceptance of Terms

By accessing or using the GmodProtect website, API, or any associated services (collectively, the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to all of these Terms, do not use the Service.

2. Description of Service

GmodProtect provides a community-driven, evidence-based database of individuals who have committed serious violations within the Garry's Mod community. This Service is provided free of charge to help server owners ("Partners") protect their communities.

3. User Obligations, Conduct, and Accountability

As a user, and particularly one submitting reports ("Reporter") or a server owner ("Partner"), you agree to the following:

  • Conduct and Submissions:
    • All evidence submitted must be accurate, unaltered, and provide full context. Manipulating evidence is strictly forbidden.
    • You will not submit fabricated, misleading, or malicious reports with the intent to harm another user.
    • You are responsible for the legality and authenticity of the data you provide.
    • You will not attempt to disrupt the Service, including but not limited to denial-of-service attacks, exploiting vulnerabilities, or social engineering.
  • Reporter and Partner Accountability:
    • False Reports: Submitting verifiably false or malicious reports is a serious violation. We reserve the right to publicly document the submission of false evidence and ban the Reporter and their associated communities from using the Service.
    • Partner Responsibility: Partners with a demonstrated pattern of submitting low-quality or inaccurate reports may face graduated penalties, including temporary or permanent suspension of their API access.
  • Appeals Process:
    • Individuals listed in the database have the right to appeal the decision through the official channels listed on our Contact page.
    • The appeal must include a clear explanation and any counter-evidence.
    • Appeals are reviewed by senior moderators who were not involved in the original decision to ensure impartiality.

4. Intellectual Property

The GmodProtect name, logos, and all content on the website are the exclusive property of the GmodProtect project. Data within the public database is provided for community safety and may be used by Partners via our API under these Terms. You may not scrape, resell, or redistribute our data without our express written permission.

5. Disclaimers and Limitation of Liability

The Service is provided on an "as is" and "as available" basis. While we strive for the highest possible accuracy through a rigorous, human-led review process, we cannot guarantee that the database is free of errors. GmodProtect, its volunteers, and its leadership are not liable for any actions taken by server owners or any damages resulting from the use of information from our Service.

6. Termination

We may terminate or suspend your access to the Service at any time, without prior notice or liability, for any reason, including a breach of these Terms.

7. Governing Law

These Terms shall be governed by the laws of Poland, without regard to its conflict of law provisions. Any legal disputes will be resolved in the appropriate courts of Poland.

Privacy Policy

Last Updated: 21 August 2025

1. Introduction

Welcome to GmodProtect ("we," "us," or "our"). We are committed to protecting the privacy and security of our users' data. This Privacy Policy explains how we collect, use, process, and disclose your information across the GmodProtect website, API, and associated services (collectively, the "Service"). Our mission is to enhance the safety of online gaming communities, and we believe that transparency about our data practices is fundamental to that mission.

2. Data Controller

GmodProtect is the data controller responsible for your information under this Privacy Policy. For any questions or concerns, you can reach us via the channels listed on our Contact page.

3. Information We Collect

We collect information to provide and improve our Service. The type of information depends on your interaction with us.

3.1. Information You Provide to Us

  • Report Submissions: When a user submits a report, we collect all provided information, which includes:
    • The SteamID64 of the alleged offender.
    • Evidence, which may contain personal data such as in-game chat logs, screenshots of user-generated content, video recordings, and usernames.
  • Partner Onboarding: When a server owner applies for partnership, we collect their contact information and SteamID64 to manage their access and communicate with them.
  • Appeals and Communication: When you contact us for support, to file an appeal, or for any other inquiry, we collect your name, contact information, SteamID64, and the contents of your messages.

3.2. Information We Collect Automatically

  • Log Data and Device Information: We automatically collect log data when you use the Service, such as your IP address, browser type, operating system, and pages visited. This is used for security, analytics, and service stability.
  • Cookies: We use essential cookies to manage user sessions and preferences (like language choice). We do not use cookies for targeted advertising.

4. How We Use Your Information

The information we collect is used for the following specific purposes:

  • To Operate the Service: To verify, process, and display case files in our public database.
  • To Ensure Security: To monitor for and prevent malicious activity, abuse, and fraudulent reports.
  • To Provide API Access: To allow partnered servers to programmatically access our database to protect their communities.
  • To Comply with Legal Obligations: To respond to lawful requests from public authorities and to comply with mandatory reporting obligations, particularly concerning Child Sexual Abuse Material (CSAM).
  • To Improve the Service: To analyze usage patterns and improve the user experience.

5. Legal Basis for Processing (EEA, UK, and Switzerland)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, our processing of personal data is based on Legitimate Interests (Article 6(1)(f) GDPR).

  • Our Legitimate Interest: We have a legitimate interest in protecting online communities, and particularly minors, from demonstrable harm caused by individuals engaging in serious violations such as cheating, severe harassment, and child endangerment. This constitutes a public safety interest.
  • Necessity: The processing is necessary for achieving this interest. A centralized, evidence-based database is the only effective means to share this critical safety information across the fragmented landscape of game servers.
  • Balancing Test: We have carefully balanced our legitimate interests against the interests and fundamental rights of the data subjects. We conclude that our interests are not overridden for the following reasons:

1. The data processed (e.g., SteamID, in-game behavior) is related to actions taken in a public or semi-public online environment.

2. Processing is strictly limited to cases of serious, evidence-backed violations.

3. A rigorous human review process is in place to prevent false positives and ensure accuracy.

4. An appeals process exists to provide a path for correction and recourse.

5. The impact on the individual is proportionate to the harm they have caused to the community.

6. Data Sharing and Disclosure

  • Public Database: The core of our Service is a public database. An approved case file, which includes the offender's SteamID64 and the supporting evidence, is publicly accessible.
  • Partnered Servers: Partnered servers access this public data via our API.
  • Legal and Law Enforcement: We will disclose information to law enforcement or in response to a valid legal process if we are required to do so. We have a zero-tolerance policy for CSAM and will report such content to the appropriate national reporting authority (e.g., the National Center for Missing & Exploited Children (NCMEC) in the U.S., Dyżurnet.pl in Poland).
  • Service Providers: We may use third-party companies for hosting and infrastructure. These providers are bound by strict data processing agreements.

7. Your Data Protection Rights

You have rights concerning your personal data, which may vary based on your location.

7.1. For Residents of the EEA, UK, and Switzerland (GDPR)

You have the following rights:

  • The right to access: You can request copies of your personal data.
  • The right to rectification: You can request that we correct any information you believe is inaccurate.
  • The right to erasure: You can request that we erase your personal data, subject to our assessment of overriding legitimate interests.
  • The right to object to processing: You have the right to object to our processing of your personal data based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms.
  • The right to restrict processing: You can request that we restrict the processing of your data under certain conditions.

To exercise these rights, please use the official channels on our Contact page.

7.2. For Residents of California (CCPA/CPRA)

  • Right to Know, Access, and Delete.
  • Right to Correct: You may request that we correct inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. If that changes, we will provide a "Do Not Sell or Share" mechanism and honor opt-out preference signals where required.

7.3. For Residents of Canada (PIPEDA)

We adhere to PIPEDA’s principles. You may request access and correction, and lodge a complaint with the Office of the Privacy Commissioner of Canada.

8. Data Security and Retention

We implement robust technical and administrative security measures to protect your data.

8.1. Retention Schedule

  • Public case files: Retained as long as necessary to protect communities. Reviewed at least every 24 months. If a case is overturned or becomes no longer necessary, we will archive/anonymize evidence or remove direct identifiers.
  • Appeals and support communications: Retained for 24 months after the matter is closed.
  • Web access logs (security): Retained for up to 90 days unless needed for an investigation.
  • API access logs: Retained for up to 180 days for abuse monitoring and diagnostics.
  • Partner records (contact, keys): Retained for the duration of the partnership plus 12 months.
  • Backups: Subject to rolling backup cycles (typically 30 days).

You may request a review of retention for your data via our Contact page. We will minimize and anonymize where feasible.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

10. International Data Transfers

We may store and process data in the EEA and in other countries. Where we transfer personal data from the EEA/UK/Switzerland to a country without an adequacy decision:

  • We rely on EU Standard Contractual Clauses (SCCs) and, where applicable, the UK IDTA/UK Addendum.
  • We conduct transfer risk assessments and apply supplementary measures (e.g., encryption in transit and at rest).

11. Jurisdiction-Specific Information

  • United Kingdom: Your rights mirror GDPR. Where the Service is likely to be accessed by children, we endeavor to align with the Age-Appropriate Design Code.
  • Switzerland (FADP): We use terms consistent with FADP. You may contact the FDPIC or your cantonal authority.
  • Brazil (LGPD): You have rights to access, correction, deletion, portability, anonymization/blocking, and to review automated decisions. We do not use automated decision-making for public case determinations; all cases are human-reviewed.
  • Colorado/Virginia/Connecticut/Utah (U.S. State Laws): Subject to applicability thresholds, you may have rights to access, delete, correct, and opt out of targeted advertising or profiling. Contact us to exercise these rights.
  • Other Regions (APPI, PIPA, PDPA, Australia Privacy Act/APPs, NZ Privacy Act 2020, DPDP Act 2023, PIPL, KVKK, LFPDPPP): We will honor region-specific rights to the extent required by law. Contact us for requests.

12. Children’s Data and Safety

We do not direct the Service to children, but we may process information about minors when necessary to document and address violations. We do not use such information for marketing or profiling. We maintain a zero-tolerance policy for CSAM and will report to appropriate national reporting authorities (e.g., NCMEC in the U.S., Dyżurnet.pl in Poland).

13. Contact and Supervisory Authorities

Contact: contact@gmodprotect.org.

EEA/UK/CH residents may also lodge a complaint with their local data protection authority. In Poland, you may contact the President of the Personal Data Protection Office (UODO).

Evidence Guidelines

Last Updated: 21 August 2025

1. Evidence Philosophy

GmodProtect’s integrity relies entirely on the quality of evidence we verify. Our goal is not to punish, but to accurately document severe violations to protect communities. Evidence must be clear, unambiguous, and presented with full context. It should prove beyond reasonable doubt that the accused committed the violation.

2. General Requirements

  • Unaltered Media: All screenshots and videos must be original and unaltered. Cropping is allowed only if it does not remove essential context. Do not draw, blur (except to protect unrelated third parties), or otherwise edit media.
  • Full Context: A single out-of-context screenshot is rarely sufficient. Evidence should include surrounding chat logs, timestamps, and server information to present the full picture.
  • Clear Identification: Evidence must clearly and unambiguously identify the offender’s SteamID or in-game identity. For screenshots, this usually means including the `status` console output.

3. Evidence by Violation Type

Cheating / Exploiting:

  • Required: High-quality video evidence is almost always mandatory.
  • The footage must clearly show the username and the malicious activity (e.g., aimbot, speedhack, prop abuse).
  • Spectator or third-person views are strongly preferred.
  • Include the `status` console output at the time of the offense to link in-game name to SteamID.

Severe Harassment (Doxxing, Threats):

  • Required: Uncropped screenshots of the full chat log.
  • Screenshots must clearly show the username and the offending messages.
  • Multiple screenshots may be necessary to show the entire conversation and context. Do not submit a single offending line in isolation.

Pedophilia / CSAM / Minor Endangerment:

  • Required: Uncropped, unaltered screenshots or video of the incident.
  • CRITICAL: This is the most serious category. Evidence must be absolutely unambiguous.
  • Due to sensitivity, our team will treat these cases with the highest priority and confidentiality. We have a legal duty to report CSAM to appropriate authorities.

4. Unacceptable Evidence

Submissions will be immediately rejected if they include:

  • Hearsay or “word against word” without direct evidence.
  • Screenshots or videos that are heavily compressed, blurred, or otherwise unreadable.
  • Evidence from private Steam chats (we only act on violations that occurred on a GMod server).
  • Logs or screenshots that are clearly edited or falsified.

By submitting a report, you confirm that, to the best of your knowledge, the evidence you provide is accurate and true.