Terms of Service, Privacy Policy & Community Guidelines

1. Eligibility; Accounts; Identity

• Minimum age: Users must be at least 13 years of age. Where local law requires parental consent for minors between 13–16, we will require verifiable consent prior to providing account services.
• Account security: You are responsible for maintaining the confidentiality of your account credentials. Notify Civitas immediately of suspected account compromise.
• Identity verification: Civitas reserves the right to require identity or age verification where necessary to fulfill legal obligations or to protect the integrity of the platform.

2. Services; Modifications; Availability

• The Site provides an online simulated government environment, public records, document repositories, and community features.
• We may add, remove, or modify features and may temporarily suspend access for maintenance, security, or legal reasons. Where feasible we will provide advance notice of material disruptions.
• Services are provided on an “as available” basis and Civitas expressly disclaims all warranties to the maximum extent permitted by law.

3. Acceptable Use; Prohibitions

• Do not attempt unauthorized access to systems, reverse engineer APIs, or interfere with Site operations.
• Harassment, hate speech, doxxing, threats, non-consensual sharing of private information, and other conduct that materially harms members or the community are prohibited.
• Uploading malware, running automated scripts to abuse functionality, or infringing intellectual property are prohibited and will subject your account to discipline.

4. User Content; Licenses; Takedown

• You retain any copyright in content you create. By submitting content to Civitas you grant us a worldwide, non-exclusive, royalty-free license to host, reproduce, publish, and adapt the content solely for the purpose of operating and promoting the Civitas community.
• Civitas may remove, redact, or restrict access to content that violates these Terms or applicable law, and reserves the right to comply with valid takedown requests and court orders.

5. Third-Party Services

• The Site integrates with Discord and other third-party services. Use of those services is subject to the third parties' terms and privacy rules.
• We use vetted processors for hosting, storage, and analytics under written data-processing agreements that limit sub-processor access.

6. Suspension; Termination; Sanctions

• Civitas may suspend or terminate accounts for policy violations, security reasons, or legal requirements. Where practicable, suspensions will be preceded by notice and an opportunity to appeal.
• Certain provisions (intellectual property, disclaimers, indemnities) survive termination.

7. Disclaimers; Limitation of Liability

• The Site is an entertainment and educational simulation. Simulated decisions have no legal effect outside the platform.
• To the maximum extent permitted by law, Civitas and its officers, employees, and contractors are not liable for indirect, incidental, or consequential damages. Where local law prohibits such exclusions, liability will be limited to the minimum permitted.

8. Governing Law; Venue

• These Terms are governed by the laws of the United States and the State of Washington, without regard to conflict of laws. Parties submit to the non-exclusive jurisdiction of the courts in Washington State.
• Where mandatory consumer protection rules apply, those rules will govern.

9. Changes to Terms

• We may amend these Terms as required by changes in our operations or law. Material changes will be communicated via the Site and Discord; continued use after notice constitutes acceptance.

1. Bot Permissions & Least Privilege

• The Bot requires only the minimal permissions necessary for configured features.
• Server administrators are responsible for granting appropriate permissions and ensuring the Bot operates under least-privilege principles.

2. Automated Actions; Auditability

• The Bot may automatically assign/revoke roles, post system announcements, and execute simulation commands in response to authorized actions.
• All automated actions are recorded in tamper-evident audit logs to support review and incident response.

3. Data Processed by the Bot

• The Bot processes Discord identifiers, role metadata, and limited message metadata required to operate features.
• Sensitive content is handled only as necessary for moderation and is subject to the Privacy Policy and access controls described below.

4. Availability; Support

• We strive to maintain high availability but cannot guarantee uninterrupted operation due to third-party rate limits and maintenance.
• Support is provided via the Civitas Discord guild and designated contact channels.

5. Termination; Guild Removal

• Guild administrators may remove the Bot at any time. Civitas may disable Bot access to guilds that materially breach these terms.
• Audit logs associated with prior usage may be retained as described in the Privacy Policy.

1. Principles & Protections

• Data minimization: We collect only the personal data strictly necessary to operate the service.
• Purpose limitation: Data is used only for explicit operational, security, or legal purposes.
• Storage limitation & retention: Retention periods are limited and documented below; data is deleted or anonymized as soon as lawful purposes expire.
• Access controls & separation of duties: Staff and administrators are granted only the minimum access necessary to perform duties; high-sensitivity data is restricted and logged.
• Encryption: Personal data is encrypted in transit and at rest. Cryptographic key management is restricted to authorized personnel with multi-factor authentication.
• Processor oversight: All subprocessors operate under written agreements that limit scope and require appropriate safeguards.

2. Data We Collect

• Account data: Discord-linked identifiers, display names, email (if provided), roles, avatar image metadata.
• Simulation activity: Bills, filings, edits, and contribution metadata necessary to operate the public archives and audit trails.
• Interaction metadata: Command usage (command name, timestamp, requesting account ID), channel IDs, and role assignments necessary to replicate simulation state.
• Operational logs: Server logs, error diagnostics, and analytics data used to secure and improve the platform.
• Support communications: Messages submitted through Discord, forms, or email for support and investigations.

3. IP Addresses & Pseudonymization — Staff Access Restrictions

Civitas treats IP addresses and raw geolocation as highly sensitive. We implement the following safeguards:

• Pseudonymization: IP addresses collected for security and anti-abuse purposes are pseudonymized (e.g., hashed with a per-deployment salt) and stored separately from user account records.
• Restricted access: Routine staff and community administrators do not have access to raw IP address data. Access to de-pseudonymize or view raw IPs is strictly limited to the Data Protection Officer (DPO) and the appointed security team, and only for the purpose of security investigations or in response to a valid legal process.
• Legal requests: Raw IP/address or geolocation data will only be disclosed to law enforcement or third parties when compelled by a valid court order, search warrant, or comparable legal process. Every such disclosure requires written authorization from the DPO, verification of legitimacy, and an entry in an access audit log.
• Audit trail: All accesses to sensitive identifiers are logged in tamper-evident logs and are subject to periodic review.

4. How We Use Personal Data

• Authenticate users and synchronize permissions between the Site and Discord.
• Operate the simulation and publish public archives, while preserving contributor attribution where appropriate.
• Perform safety monitoring, abuse detection, and incident response proportional to risk.
• Improve service performance, reliability, and usability through aggregated analytics.
• Comply with legal obligations (e.g., responding to lawful requests from authorities).

5. Legal Bases for Processing

• Contractual necessity: To provide the services you have requested (account management, simulation features).
• Legitimate interests: To protect platform security, prevent fraud, and ensure community safety, balanced against individual rights.
• Consent: Where required (e.g., optional marketing contacts, special beta features), processing is based on explicit consent which may be withdrawn.
• Legal obligation: Where processing is required to comply with law or enforceable legal orders.

6. Sharing & Disclosure

• Processors: We share data only with subprocessors who act on our documented instructions and under contractual safeguards (e.g., hosting, storage, monitoring).
• Discord: Certain identifiers must be shared with Discord to enable role sync and command execution; such transfers remain subject to Discord’s privacy policies.
• Moderators: Authorized moderators may access limited account metadata necessary for community moderation; they do not have access to pseudonymized raw IPs or other sensitive backend identifiers.
• Legal process: We will disclose data in response to lawful process, consistent with local law and the safeguards described above.
• Aggregated anonymized data: We may publish statistics that do not identify individuals.

7. International Transfers

Civitas infrastructure is primarily hosted in the United States. When transferring personal data from the EEA, UK, or Switzerland we rely on SCCs (Standard Contractual Clauses) or equivalent lawful transfer mechanisms and implement appropriate technical and organizational safeguards.

8. Retention

• Account data: Retained while the account is active and for up to 12 months after prolonged inactivity, except where longer retention is required by law.
• Simulation records: Core public records (e.g., legislation, opinions) may be retained indefinitely as part of the historical archive; subject to lawful removal requests and redaction where privacy rights apply.
• Bot command logs and diagnostics: Retained for up to 12 months, except when retained longer for active security investigations or legal obligations.
• Support communications: Retained for up to 12 months after resolution.

9. Security Measures

• Encryption in transit (TLS) and at rest for stored personal data.
• Role-based access control, MFA for administrative access, and least-privilege principles.
• Regular security reviews, vulnerability assessments, and third-party audits where appropriate.
• A documented incident response plan; affected individuals will be notified in line with applicable law.

10. Data Subject Rights

Where applicable you may exercise the following rights subject to verification and applicable exceptions:

• Access and obtain a copy of personal data we hold about you.
• Rectification of inaccurate or incomplete personal data.
• Deletion (right to be forgotten) where legal grounds permit.
• Restriction or objection to processing, including profiling based on legitimate interests.
• Data portability in a structured, commonly used, machine-readable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your supervisory authority (EEA / UK residents).

Requests should be made via the contact details below. We may require reasonable proof of identity to protect privacy and security.

11. Automated Decision-Making

Civitas does not carry out solely automated decision-making that produces legal or similarly significant effects. Automated recommendations (e.g., role suggestions, scoring) are reviewed by humans and may be appealed through the support process.

12. Contact; Data Protection Officer

The Civitas Simulation Council is the data controller. For privacy inquiries or to exercise your rights, contact our Data Protection Officer at contact@liltark.com. We aim to respond to verified requests promptly and within statutory timelines.

13. Changes to this Privacy Policy

We will update this policy to reflect operational or legal changes. Material changes will be communicated in-platform and via Discord. Continued use indicates acceptance of the updated policy.

1. Core Principles

• Respect: Treat other participants with courtesy. Attack ideas, not people.
• Safety: Do not share or solicit personal data of others (doxxing), threats, or violent content.
• Good faith: Participate in the shared simulation honestly and without deliberate disruption.

2. Prohibited Content

• Hate speech, harassment, or sustained targeted abuse towards individuals or groups.
• Non-consensual exposure of personal data (doxxing), private messages, or other material meant to remain private.
• Illegal content, sexual exploitation of minors, or material that would require immediate escalation to law enforcement.
• Repeated and deliberate attempts to evade prior sanctions (ban evasion).

3. Moderation, Sanctions & Appeals

• Civitas maintains an authorized moderation team that enforces these Guidelines. Enforcement actions include warnings, temporary restrictions, role limitations, content removal, and account suspension or termination.
• All moderation actions will be accompanied by an explanation of the reason and, where appropriate, instructions for remediation.
• Appeals: Users may appeal enforcement decisions using the support process. Appeals are reviewed by a separate reviewer where feasible to ensure impartiality.

4. Reporting

• Report rule violations to authorized Civitas moderators or via the designated support channels.
• All reports will be handled confidentially to the extent practicable and investigated promptly.

5. Safety Escalation

Content indicating imminent physical harm, child sexual exploitation, or other serious criminal conduct will be escalated to law enforcement as required by law. Civitas reserves the right to preserve and disclose necessary records under lawful process.