GDPR-oriented data handling
Neek ID's current data retention and handling are designed to be compatible with the General Data Protection Regulation (GDPR): personal data is limited to account, security, linked-integration, and API-access purposes; optional integration data is controlled through fine-grained settings; and account or integration data can be removed through the controls described below.
Users may request access, correction, deletion, restriction, portability, or objection where these rights apply under the GDPR.
Data we store
Neek ID stores the information needed to create and protect your identity account: username, profile name, email address, password hash when you use email/password sign-in, language, timezone, avatar choices, two-factor authentication state, active sessions, personal access tokens, and security-relevant account activity.
When you sign in or link an external integration, we store the provider name, provider user ID, encrypted access tokens, encrypted refresh tokens when provided, token expiry time, linked avatar metadata, and the time the account was linked.
Neek ID is hosted in Germany. The current server location is Falkenstein, Germany, at Hetzner.
Linked integrations
Linked integrations are used for sign-in and, where enabled, to display or synchronize account details inside Neek ID. Each provider link can be removed from the linked accounts settings page.
| Integration | Current stored data | Optional data through Fine-Grained Settings |
|---|---|---|
| Steam | Steam ID, encrypted token values, cached avatar, and synced profile data when enabled. | Online status, real name, profile URL, account creation date, avatar sync, Steam level and badges, currently playing, game server, recent games, owned games, achievements, primary clan/group, country/region, and friends list can be enabled or disabled independently. |
| Discord | Discord user ID, encrypted token values, email when Discord provides it, and synced avatar, nickname, or name when enabled. | Avatar, nickname, and name sync can be enabled or disabled independently. |
| Twitch | Twitch user ID, encrypted token values, email when Twitch provides it, and synced nickname, name, or avatar when enabled. | Twitch ID, nickname, name, email, and avatar sync can be enabled or disabled independently. |
Retention
Active account data is retained while your account exists and while the data is needed to provide sign-in, security, account settings, linked integrations, or API access.
Security audit log entries are retained for up to 90 days by the scheduled audit pruning task. Unverified accounts older than 14 days are eligible for scheduled pruning, which also removes their related sessions, OAuth records, device codes, and password reset tokens.
OAuth access tokens expire according to the configured token lifetime. Refresh tokens, personal access tokens, and linked-provider tokens remain stored until they expire, are revoked, the link is removed, or the account is removed.
Unlinking integrations
Unlinking an integration removes that linked account record and deletes the cached linked avatar for that provider. Provider-specific synced data that depends on the linked account, such as Steam profile, game, friend, badge, and achievement records, is removed with that linked account.
If your current Neek ID avatar uses the unlinked provider avatar, your account is switched back to your local avatar where available.
Account deletion
Deleting your account revokes active OAuth tokens, removes active sessions, logs you out, and soft-deletes the account record. A soft-deleted account is no longer usable for sign-in.
If you want linked-provider tokens and cached integration data removed immediately, unlink those integrations before deleting the account. Automatic hard deletion is currently implemented for unverified accounts older than 14 days.
Your controls
You can update your email, username, password, language, timezone, avatar source, active sessions, personal access tokens, two-factor authentication, and linked accounts from the settings area. Linked-provider preferences are available on each integration settings page when that provider supports fine-grained sync settings.
Use of Neek ID is also governed by the Terms of Service.