Privacy Policy

Last Updated: December 27, 2025 
Effective Date: January 2, 2026 
Policy Identifier: DBUSWORLD-PRIVACY-2026-001

1. Introduction and Data Controller

DBus World is a web-based companion platform for Euro Truck Simulator 2 players. We're an independent project with no official connection to SCS Software or Euro Truck Simulator 2. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Our Commitment: We're committed to protecting your privacy and being transparent about how we handle your data. We collect only what's necessary to provide and improve the service, and we take your data rights seriously.

Data Controller: 
DBus World 
Operated by: Ing. Naděžda Sergejevna Papko 
Business ID (IČO): 21138940 
Registered in: Czech Republic 
Contact email: [email protected]

DBus World operates under Czech trade law. Full registration details are available in the public Czech trade register.

2. What Data We Collect

We collect different types of data to provide and improve DBus World. Here's what we collect and why:

2.1 Account Information

When you create an account, we collect:

  • Steam ID and Steam username (from your Steam account)
  • Email address
  • Display name (your chosen username for DBus World)
  • Country of residence
  • Account creation date
  • Password (stored encrypted - we never see your actual password)
  • Any additional profile information you choose to provide

Why we need this: This data is necessary to create and maintain your account. Without it, we can't provide the service (GDPR Article 6(1)(b) - Contractual Necessity).

Your Control: You can update your email address, display name, and password anytime in your account settings.

2.2 Gameplay Data

Our game client automatically collects gameplay data when you're online, including:

  • ETS2 route information (jobs completed, destinations, distances)
  • Delivery statistics (completion times, cargo types, earnings, ratings)
  • Virtual company data (companies you own or join, your positions and roles)
  • Game progress (level, achievements, distance, experience points)
  • Online/offline status and session times
  • Vehicle information and fleet data
  • Performance metrics (fuel consumption, damage records, etc.)

Why we need this: This data powers the core features of DBus World - tracking your progress, managing virtual companies, and displaying leaderboards. Processing is based on contractual necessity and our legitimate interests in providing these features.

Your Privacy: We don't share your individual gameplay data with other users unless you choose to make it public (like joining leaderboards or virtual companies).

Important: The game client only sends data when you're connected to the internet. Offline gameplay data expires after 24 hours if not synced (as stated in our Game Rules).

2.3 Technical Data

We collect technical information to keep the service running smoothly and securely:

  • Login times, session data, and authentication logs
  • IP addresses and general location (country/region level)
  • Browser type, version, and language settings
  • Device information (operating system, device type, screen resolution)
  • How you use the platform (features accessed, pages viewed, time spent)
  • Your preferences and settings
  • Error logs and crash reports
  • Performance metrics

Why we need this: This helps us improve the service, fix bugs, prevent fraud, and keep your account secure. Processing is based on our legitimate interests (GDPR Article 6(1)(f)).

We Don't Track Everything: We're not interested in monitoring your every move. We collect technical data to understand how the platform performs and where we can improve it, not to build detailed profiles of individual users.

2.4 Content You Create

When you post content on DBus World, we store:

  • Virtual company profiles and descriptions
  • Forum posts, comments, and discussions
  • Messages between users
  • Uploaded images (logos, screenshots, profile pictures)
  • Reviews, ratings, and feedback
  • Event participation and responses
  • Any other content you create on the platform

Ownership: You own your content. By posting it, you give us permission to display it, store it, and use it to run the service. We can remove content that violates our rules.

2.5 Support Communications

When you contact us for help, we keep:

  • Support ticket conversations
  • Email correspondence
  • Discord messages on our official server
  • Bug reports and screenshots you send
  • Feedback and suggestions

Why we need this: So we can help you effectively and improve the service based on your feedback.

3. How We Use Your Data

We use your data for these purposes:

Running the Service:

  • Authenticating your account and verifying Steam ownership
  • Tracking your gameplay and statistics
  • Managing virtual companies and leaderboards
  • Syncing your online and offline data
  • Enabling community features
  • Processing deliveries and calculating earnings

Communicating With You:

  • Sending essential notifications (password resets, security alerts)
  • Announcing service updates and new features
  • Notifying you about policy changes
  • Sending maintenance alerts
  • Responding to your support requests

We'll never send you marketing emails without your explicit permission.

Improving the Service:

  • Understanding how people use DBus World
  • Identifying and fixing bugs
  • Developing new features based on feedback
  • Optimizing performance and speed
  • Testing new features

Security and Safety:

  • Detecting and preventing cheating
  • Identifying rule violations
  • Preventing unauthorized access and fraud
  • Monitoring for suspicious activity or bots
  • Enforcing bans and preventing ban evasion
  • Protecting the platform from attacks
  • Complying with legal requirements

Analytics:

  • Understanding usage patterns
  • Measuring feature popularity
  • Conducting research for improvements

4. Who We Share Your Data With

We don't sell your data to anyone. Here's who we do share with and why:

Our Philosophy: We only work with service providers we trust and who are legally required to protect your data. Every third party we use has signed data protection agreements that restrict how they can use your information.

4.1 Service Providers (Data Processors)

We use trusted companies to help run DBus World. They can only use your data to provide services to us, not for their own purposes. Here are the main ones:

Infrastructure & Hosting:

  • DigitalOcean - Hosts our servers and databases (EU data centers)
  • Cloudflare - Delivers content faster and protects against attacks
  • Cloudflare Turnstile - Bot protection (privacy-focused, no cookies)

Communications:

  • Mailgun - Sends transactional emails (password resets, notifications)

Authentication & Community:

  • Steam - Required for account login and ETS2 verification (accesses: Steam ID, username, avatar, game ownership)
  • Discord - Optional for community roles (accesses: Discord ID, username, avatar, server roles if you link it)
  • Patreon - Optional for supporter benefits (accesses: pledge status and tier if you link it)

Content:

  • YouTube - Embedded videos may collect data when you play them (controlled by YouTube/Google)

All service providers are GDPR-compliant with appropriate data protection agreements in place.

4.2 Public Information

Some information is public by design:

  • Display names and public profile information
  • Virtual company names and your positions in them
  • Leaderboard rankings and statistics
  • Public forum posts and comments
  • Achievements and milestones

For Community Transparency: We may publicly display ban status, restrictions, or violation history on user profiles. This helps maintain platform integrity and protects the community (based on our legitimate interests under GDPR Article 6(1)(f)).

Why This Matters: This transparency helps honest players know who they're interacting with and maintains trust in our leaderboards and community. We believe the community has a right to know when someone has been banned for cheating or harassment.

4.3 Legal Requirements

We may share data when required by law:

  • Court orders or legal processes
  • Regulatory investigations
  • To enforce our Terms of Service
  • To investigate fraud or violations
  • To protect our rights or others' safety
  • To prevent illegal activity

4.4 Business Transfers

If DBus World is acquired or merged, your data may transfer to the new owner. We'll notify you if this happens and any changes to how your data is handled.

4.5 Aggregated & Anonymous Data

We may share statistics that can't identify you (like "80% of users prefer night deliveries"). This isn't personal data under GDPR.

4.6 International Transfers

If we transfer data outside the EU, we use approved safeguards like Standard Contractual Clauses to protect your data.

5. How Long We Keep Your Data

We only keep data as long as necessary:

Active Accounts: We keep your data while your account is active to provide the service.

Inactive Accounts: If you don't log in for 24 months, we may delete your account. We'll email you 30 days before deletion to give you a chance to reactivate.

Deleted Accounts: When you delete your account (or we delete it due to inactivity), we remove your personal data within 30 days.

Security Archive (Important): Even after deletion, we keep certain identifiers in a secure, isolated archive for 2 years to prevent ban evasion and fraud:

  • Steam ID
  • Discord ID (if linked)
  • Email address (hashed)
  • IP address history (hashed)
  • Ban reason and date

Why We Do This: Without this security measure, banned users could simply delete their account, wait 30 days, and return to continue cheating or harassing others. This archive protects honest players and maintains platform integrity. The data is hashed (encrypted in a one-way format), isolated from our main databases, and accessible only to senior security personnel.

This retention is based on our legitimate interests in platform security (GDPR Article 6(1)(f)). If you believe our legitimate interest doesn't override your privacy rights in your specific case, you can object by contacting [email protected], and we'll review your situation individually.

Backups: Data in backup systems is kept for 30-90 days for disaster recovery, then automatically deleted.

Legal Requirements: Some data must be kept longer by law (like financial records for tax purposes, typically 7-10 years in Czech Republic).

Support Communications: Support tickets and correspondence may be kept for quality assurance and dispute resolution.

Anonymous Statistics: After deletion, we may keep aggregated statistics that can't identify you indefinitely.

6. Your Rights Under GDPR

You have these rights regarding your data:

Access Your Data - Request a copy of all your personal data (we'll provide it in PDF, JSON, or CSV format within 30 days)

Correct Your Data - Fix any inaccurate information (you can update some info directly in account settings)

Delete Your Data - Request deletion of your account and data (we'll process this within 30 days, though some data may be kept in our security archive as explained above)

Restrict Processing - Ask us to limit how we use your data in certain situations

Data Portability - Get your data in a machine-readable format to transfer elsewhere

Object to Processing - Object to data processing based on legitimate interests (we'll stop unless we have compelling grounds to continue)

Withdraw Consent - If you gave consent for something, you can withdraw it anytime

Not Be Subject to Automated Decisions - We don't make automated decisions that significantly affect you

Complain to Authorities - If you think we violated your rights, contact your data protection authority (find yours at https://edpb.europa.eu/about-edpb/board/members_en)

How to Exercise Your Rights: Email [email protected] with your request. We may need to verify your identity first. We'll respond within 30 days (or 60 days for complex requests). The first request is free.

7. How We Protect Your Data

We take security seriously and implement multiple safeguards:

Technical Protection:

  • All data transmission uses TLS/HTTPS encryption
  • Sensitive data is encrypted in our databases
  • Passwords are hashed using industry-standard algorithms
  • Regular security monitoring and vulnerability testing
  • Firewall protection and DDoS mitigation
  • Regular software updates and security patches
  • Secure API authentication with rate limiting
  • Access logging and audit trails
  • Encrypted backups
  • Network segmentation for critical systems

Organizational Protection:

  • Access restricted to authorized personnel only (need-to-know basis)
  • Employee training on data protection and GDPR
  • Confidentiality agreements with all staff and contractors
  • Security incident response procedures
  • Regular security audits and compliance reviews
  • Secure data disposal procedures
  • Vendor security assessments

Your Responsibility:

  • Use a strong, unique password
  • Don't share your login credentials
  • Log out on shared devices
  • Enable two-factor authentication (if available)
  • Keep your email account secure
  • Report suspicious activity immediately
  • Keep your device and browser updated
  • Watch out for phishing attempts

Important: While we implement strong security, no system is 100% secure. Internet transmission and electronic storage always carry some risk. We do our best to protect your data, but we can't guarantee absolute security.

If Something Goes Wrong: If we discover a data breach that could harm you, we'll notify you and the authorities within 72 hours and explain what happened, what we're doing about it, and what you should do.

Data Breach Notification: If a breach occurs that poses risk to your rights, we'll notify you and the Czech data protection authority (ÚOOÚ) within 72 hours as required by GDPR Article 33.

8. Third-Party Account Security

This is important: You're responsible for securing your Steam, Discord, and Patreon accounts. We strongly recommend:

  • Using strong, unique passwords for each service
  • Enabling two-factor authentication
  • Not sharing your account credentials
  • Keeping recovery email addresses secure

Why This Matters: Since you log in through Steam and may link Discord/Patreon, the security of those accounts directly affects your DBus World account. If someone gains access to your Steam account, they can access your DBus World account too.

Our Limitations: We can't control or monitor the security of third-party platforms. If your Steam account is compromised and your DBus World progress is affected, we unfortunately can't be held responsible as this is outside our control. However, we're happy to help you secure your DBus World account once you've recovered your Steam account.

9. Cookies and Tracking

We use cookies and similar technologies to make the service work:

Essential Cookies - Required for login, security, and core functionality (can't be disabled without breaking the site)

Functional Cookies - Remember your preferences and settings (optional but improve your experience)

Analytics Cookies - Help us understand how people use the site to improve it (typically anonymized)

Third-Party Cookies - Services like Steam, YouTube, or Cloudflare may set their own cookies

Managing Cookies: You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using DBus World.

We may also use web beacons, local storage, or SDKs in our game client for similar purposes.

10. Children's Privacy

Age Requirement: You must be at least 13 years old to use DBus World. If you're under 18, you need parental permission.

No Data from Children Under 13: We don't knowingly collect data from children under 13. Our service isn't designed for children under 13.

If You're a Parent: If you discover your child under 13 created an account without permission, contact us immediately at [email protected]. We'll verify their age and delete the account promptly.

11. Changes to This Policy

We may update this Privacy Policy as we add features, improve the service, or comply with new regulations.

How We'll Notify You:

  • Update the "Last Updated" and "Effective Date" at the top
  • For significant changes, we'll notify you at least 30 days in advance through:
  • Prominent banner on our website
  • In-platform notifications (you'll see a notification when you log in)
  • Announcement on our official Discord server
  • Other appropriate channels as available

We'll make sure you can't miss important changes - our notifications will stay visible until you acknowledge them or the changes take effect.

Emergency Security Exception: If we need to make immediate changes to address active security threats, prevent fraud, or respond to urgent legal requirements, we may update the policy immediately without 30 days notice. We'll notify you as soon as possible after making emergency changes.

Why This Exception Exists: Sometimes waiting 30 days isn't an option. For example, if we discover a critical security vulnerability that's actively being exploited, we need to fix it immediately to protect you and other users. In these rare cases, protecting your data takes priority over the notice period.

Your Acceptance: Continuing to use DBus World after changes take effect means you accept the updated policy. If you don't agree, you can stop using the service before the changes take effect and request account deletion.

Your Responsibility: Check the "Last Updated" date periodically to stay informed. We'll maintain archives of previous versions if you request them.

12. Legal Basis for Processing

Here's a quick reference for the legal basis we use for different types of processing:

Contractual Necessity (Article 6(1)(b) GDPR):

  • Account creation and management
  • Gameplay tracking
  • Virtual company features
  • Core service functionality

Legitimate Interests (Article 6(1)(f) GDPR):

  • Security monitoring and fraud prevention
  • Platform analytics and improvement
  • Ban enforcement and prevention (including 2-year security archive)
  • Performance optimization

Consent (Article 6(1)(a) GDPR):

  • Marketing communications (if we ever add them)
  • Optional features requiring explicit permission

Legal Obligation (Article 6(1)(c) GDPR):

  • Responding to legal requests
  • Tax and accounting records

13. International Users

Primary Compliance: We follow GDPR standards for all users, regardless of location. Even if you're outside the EU, you benefit from the same privacy protections as EU residents.

Governing Law: This Privacy Policy is governed by Czech law. Legal disputes must be brought in Prague, Czech Republic courts. Your statutory GDPR rights remain unaffected by this.

International Transfers: If you're outside the EU, your data may be transferred to EU servers where we operate. We use appropriate safeguards (like Standard Contractual Clauses) for international transfers.

Additional Local Rights: If your jurisdiction provides extra data protection rights beyond GDPR, contact us and we'll work to accommodate them.

14. Contact Us

For Privacy Matters: 
Email: [email protected] 
Website: dbusworld.com

Available Contact Methods:

  • Email ([email protected])
  • Contact form on our website
  • Official Discord server
  • Other channels published on our website

Response Time: We aim to respond to privacy requests within 30 days (or 60 days for complex requests with advance notice).

Identity Verification: For security, we may need to verify your identity before responding to data requests. This protects you from someone else trying to access your data by pretending to be you.

We're Here to Help: If you have questions about this policy or how we handle your data, don't hesitate to reach out. We'd rather answer your questions now than have you worried about your privacy later.

Czech Supervisory Authority: 
Úřad pro ochranu osobních údajů (ÚOOÚ) 
Website: https://www.uoou.cz/ 
Email: [email protected] 
Address: Pplk. Sochora 27, 170 00 Prague 7, Czech Republic

15. Limitations and Disclaimers

What We Can't Control:

While we work hard to protect your data and provide a great service, there are some things outside our control:

Third-party platforms: We can't control Steam, Discord, Patreon, or other services you connect to DBus World. Their security and availability is up to them.

Internet security: Data traveling over the internet always has some risk, no matter how much we encrypt it.

Your device security: If your computer or phone is compromised by malware, we can't protect data on your end.

User actions: We can't prevent you from accidentally sharing your password or falling for phishing scams.

What This Means for You:

We'll do everything reasonably within our power to protect your data, but we can't guarantee absolute security or be held responsible for circumstances beyond our control. This isn't us trying to avoid responsibility - it's just being honest about the realities of internet services.

If You Have Concerns:

If something goes wrong that you think we could have prevented, please let us know. We take security seriously and want to hear about problems so we can fix them.

16. Your Agreement

By creating a DBus World account and using our service, you confirm that:

✓ You've read and understood this Privacy Policy 
✓ You understand what data we collect and why 
✓ You know your rights under GDPR and how to exercise them 
✓ You understand how we protect your data 
✓ You're aware of our data retention practices (including the 2-year security archive) 
✓ You consent to the processing described here where consent is the legal basis

Voluntary Use: Using DBus World is voluntary. If you don't agree with this policy, don't create an account or use the service.

Withdrawing Consent: You can withdraw consent anytime by:

  • Adjusting privacy settings in your account
  • Deactivating specific features
  • Deleting your account
  • Contacting us directly

Regulatory Compliance

This Privacy Policy complies with:

  • General Data Protection Regulation (EU) 2016/679 (GDPR)
  • ePrivacy Directive 2002/58/EC (as amended)
  • Other applicable EU and member state data protection laws

For questions, concerns, or to exercise your data protection rights, please contact [email protected]

© 2025 DBus World. All rights reserved.